Palo Alto Networks cloud threat research into attacks on the software supply chain

Palo Alto Network’s in-house threat research team, Unit 42, analyzed data from a variety of public data sources around the world and concluded about the growing threats to corporate software supply chains on a daily basis. Their results suggest that many organizations may have a false sense of security in the cloud and in real life, and are largely unprepared for the threats they face.

Recent software supply chain attacks such as SolarWinds and Kaseya have shone bright light on the discrepancy between how companies want security in their cloud infrastructure and the reality of supply chain threats that can be catastrophic to business. In the latest edition of the Unit 42 Cloud Threat Report from Palo Alto Networks, 2H 2021, Unit 42 researchers delve deep into the full spectrum of supply chain attacks in the cloud and explain often misunderstood details about how they originated. They also provide actionable recommendations that any business can apply right away to begin protecting their software supply chains in the cloud.

In addition to analyzing the data, Unit 42 researchers were hired by a large SaaS provider (a Palo Alto Networks customer) to conduct a Red Team exercise against their software development environment. In just three (03) days, a single researcher from Unit 42 discovered critical flaws in software development that left the customer vulnerable to attacks similar to those of SolarWinds and Kaseya.

“The cloud is at the center of discussions among executives and technology leaders last October of Cybersecurity Month. Many of them said that as part of an overall business strategy, the cloud is a critical component of their digital transformation initiative or strategy. The cloud is going mainstream in the Philippines, ”said Oscar Visaya, Philippine Country Manager for Palo Alto Networks, during a virtual press conference this week.

Important research results

The large SaaS vendor described in the red team exercise has what many would consider a mature cloud security position. During the exercise, however, Unit 42 researchers were able to exploit misconfigurations in the organization’s software development environment, such as:

Unit 42 researchers also found that 21% of the security scans they performed on the customer’s development environment resulted in misconfigurations or security vulnerabilities.

The study also found that 63% of the third-party code templates used in building the cloud infrastructure contained insecure configurations, and 96% of the third-party container applications deployed in the cloud infrastructure had known vulnerabilities. At this level of risk, an attacker could easily access sensitive data in the cloud and even take control of a company’s software development environment.

Based on the findings of the Unit 42 team, it is evident that unchecked code can quickly become a security breach, especially since infrastructure failures can directly affect thousands of cloud workloads. Because of this, organizations need to understand where their code came from, as third-party code can come from anyone, including Advanced Persistent Threat (APT).

Teams continue to neglect DevOps security, in part because of neglecting supply chain threats. Cloud-native applications have a long chain of dependencies, and these links have their own relationships. DevOps and security teams need to see the bill of materials in every cloud workload in order to assess risk and set guard rails at every stage of the dependency chain.

Palo Alto Networks is the global cybersecurity leader, shaping the cloud-centric future with technologies that are transforming the way people and businesses work.



Source link
#Palo #Altos #Unit #Poor #hygiene #supply #chain #affects #cloud #infrastructure

Leave a Reply