Researchers have reported that a large amount of third-party code used in cloud infrastructure possess vulnerabilities as well as insecure configurations.
The security vendor’s Unit 42 Cloud Threat Report 2H 2021 used data from various public sources better to understand the threat from cloud software supply chains.
Data from various public sources were used by the security vendor’s Unit 42 Cloud Threat Report 2H 2021 to understand the threat from cloud software supply chains.
Third-Party codes not properly scrutinized are capable of introducing vulnerabilities and malware inserted on purpose by threat actors. Earlier month studies revealed a 630% spike in upstream supply chain attacks of this nature.
Unit 42 analyzed public Terraform modules wherein a discovery of over 2000 misconfigurations was made in areas such as encryption, logging, networking, backup and recovery, and identity and access management.
“Teams continue to neglect DevOps security, due in part to lack of attention to supply chain threats. Cloud-native applications have a long chain of dependencies, and those dependencies have dependences of their own,” the vendor explained.
“DevOps and security teams need to gain visibility into the bill of materials in every cloud workload in order to evaluate risk at every stage of the dependency chain and establish guardrails.”
Unit 42 was also recently commissioned by a SaaS customer of Palo Alto Networks to run a red team exercise on its environment. The exercise brought to light, critical flaws in its software development processes, exposing the firm to attacks similar to those on SolarWinds and Kaseya.
“The customer whose development environment was tested in the red team exercise has what most would consider a mature cloud security posture,” the vendor claimed. “However, their development environment contained several critical misconfigurations and vulnerabilities, enabling the Unit 42 team to take over the customer’s cloud infrastructure in a matter of days.”