Despite Publicity, Database Misconfigurations Grow Voluminous

Amidst a rash of database misconfiguration incidents, a report from the RedLock Cloud Security Intelligence (CSI) team has found that 53% of organizations using cloud storage services such as Amazon Simple Storage Service (Amazon S3) have inadvertently exposed one or more such service to the public as of September.

That’s up from 40% in the group’s May Cloud Infrastructure Security Trends report, and comes after high-profile events like the Verizon snafu and Amazon publishing a warning on this subject to all of its customers.

The RedLock CSI team also discovered 37% of databases are accepting inbound connection requests from the internet, and 7% of those are receiving requests from suspicious IP addresses, indicating they’ve been compromised.

Moreover, the research also revealed that 48% of PCI checks fail in public cloud computing environments.

Vulnerabilities are being neglected in the cloud due to the fact that organizations are unable to leverage their existing vulnerability management investments that lack context on constantly changing cloud resources, the report noted. The RedLock CSI researchers found that 81% of organizations are not managing host vulnerabilities in the cloud, opening up the organization to potential attacks or breaches.

At the same time, risky users are flying under the radar. The research team determined that administrative user accounts for public cloud computing environments have potentially been compromised at 38% of organizations. Malicious actors could use these compromised accounts to infiltrate the cloud environments and cause tremendous damage to business operations.

The findings also included a number of Kubernetes administrative consoles that were not password protected, creating a window of opportunity for hackers. Researchers even found that many of these environments were leaking access credentials for various cloud environments. To make matters worse, some of these environments had already been compromised to mine Bitcoins, which organizations were completely unaware of.

“In our second Cloud Security Trends report, the RedLock CSI team found that organizations are still falling behind in effectively protecting their public cloud computing environments,” said Gaurav Kumar, CTO of RedLock and head of the CSI team. “As we’ve witnessed by recent incidents at organizations such as Viacom, OneLogin, Deep Root Analytics and Time Warner Cable, the threats are real and cyber-criminals are actively targeting information left unsecured in the public cloud. It’s imperative for every organization to develop an effective and holistic strategy now to protect their public cloud computing environment.”

What’s Hot on Infosecurity Magazine?