Palo Alto Report Highlights Cloud Dangers

Hacker4

By: Mary Jander
May 25, 2021


It’s no secret that cloud networks are inherently more susceptible to cyber attacks than on-premises ones. And a recent report shows they may be even more vulnerable than once thought.

Cloud environments were found to be the source of 79% of the severest security problems in the “2021 Cortex Xpanse Attack Surface Threat Report,” which includes a survey of 50 global enterprises undertaken by Palo Alto Networks (PANW) between January and March 2021.

“[O]ur findings show that organizations experience nearly four times the total number of critical issues for cloud infrastructure than they do for on-premises environments,” the report states.

Related Articles


Cloud Tech Pro Q&A: Vinh Tran, RBC

Vinh Tran, Head of Cloud Engineering & Distinguished Engineer at the Royal Bank of Canada, talks in depth about his hybrid cloud experience

 Applying Platform Engineering Principles to Networking

How infrastructure platform engineering can facilitate and automate the delivery of network services for any application, on any platform

 What Does the Banking Crisis Mean for Cloud Tech?

The main driver of tech investment -- interest rates -- may now swing tech investment back into favor

Palo Alto says the results highlight the risks associated with cloud services that have been widely adopted to support remote work in the wake of the COVID-19 crisis.

Why Cloud Is Rife with Security Vulnerabilities

Cloud services are easier to deploy, and therefore harder for IT security experts to track, according to Palo Alto’s report. Developers tap public cloud services without necessarily having to report which services they’re using or what they're doing with them. In some cases, applications that shouldn't be exposed to the Internet are put online. Examples include Jenkins, Grafana, Tableau, and other tools commonly used by DevOps teams.

Palo Alto claims to have found that most organizations add over three new cloud services a day to their networks, whether IT knows it or not. And on average, at least two serious threats occur daily.

Remote Work Is the Chief Cloud Vulnerability

Chief among the issues facing cloud environments is the shift to remote work. The IP-compatible Remote Desktop Protocol (RDP) accounted for 32% of all security issues reported by the organizations surveyed. RDP is often to blame in ransomware attacks. Other protocols associated with remote access, such as Telnet and SNMP, are also vulnerable.

Remote access is related to other vulnerabilities in hybrid or multi-cloud environments. As users move to the “work from anywhere” model, they open the door to endpoint security failures. There also are many vulnerabilities related to the network edge (the realm of SASE): broken or weak building control systems (aka smart building systems), poorly guarded Internet of Things (IoT) devices, unencrypted file and data storage devices and applications, and vulnerable devices used to generate virtual private networks (VPNs). And of course, zero-day vulnerabilities, or unpatched application problems, are always open season for malware. The list below highlights the top Attack Surface Management (ASM) threats found in the survey:


Source: Palo Alto Networks, "2021 Cortex Xpanse Attack Surface Threat Report."

None of these issues is new, but all are exacerbated in the current environment, where remote access is rife and cloud environments proliferate. Also prevalent are problems associated with mergers and acquisitions, or with ecosystem partnerships, which present organizations with added assets and entire subnetworks that may easily fall outside the control of IT and the realm of existing security applications and safeguards.

The Bad Guys Are Getting Ahead

Perhaps the most alarming information in Palo Alto’s report is that hackers have an enormous head start when it comes to exploiting network weaknesses, in clouds and elsewhere. Improved Internet scanning software is enabling criminals to probe extensively and rapidly for weak points.

“While it used to take weeks or months to scan the global internet, it takes less than 45 minutes today to communicate with every public-facing IP address in IPv4 space (4.3 billion IPs) on one port-protocol pair,” the report states.

This means that hackers are typically far ahead of organizations in finding the weak spots in any network. Enterprises relying on quarterly penetration reviews and reaction-oriented approaches to zero-day vulnerabilities won’t keep up with hackers who scan the Internet every few minutes and quickly glom on to any patchable weaknesses that surface.

Bottom line? Palo Alto’s report is yet another reminder that the move to cloud is fraught with proliferating security leaks and pressure points, calling for products and services designed to address them — and upgraded vigilance to stay ahead of the curve.