2023 QUALYS TOTALCLOUD SECURITY INSIGHTS

Cloud misconfigurations are the most critical issues related to securing cloud environments. Misconfigurations amplify risks for data breaches. The research findings indicate that, on average, 50 percent of CIS Benchmarks are failing across the three major providers.

Approximately 4 percent of cloud assets within more than 50 million scanned are external-facing, which means they have public IP addresses and are visible to attackers. This risk is equivalent to knowing that petty thieves are prowling your neighborhood and seeking open car doors and unlocked windows — any of which can lead to damage if not addressed. 

Weaponized vulnerabilities allow attackers to enter and move within your cloud. For example, Log4Shell is a major external-facing vulnerability. The report indicates that Log4Shell is still woefully under remediated with 68.44 percent of detections being unpatched on external-facing cloud assets. 

Exploitation is when adversaries begin their attacks. The data show that the two greatest threats to cloud assets are cryptomining and malware; both are designed to provide a foothold into your environment or facilitate lateral movement. 

For example: Denonia malware is the first strain to specifically target AWS Lambda. Looking at controls outside of CIS benchmarks, seven of the controls fail more than 50 percent of the time.

Stealthy malware often hides in Linux containers and can evade detection for months. Legacy signature-based techniques cannot create and deploy signatures fast enough to help. A new approach uses deep learning AI technology for sub-second discovery of advanced malware in containers and complex network traffic flows.

Our data analysis highlights the significant value of using automated patch management. Automation accelerates the remediation process and reduces the number of unresolved vulnerabilities. Key findings for remediation include: