Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage News Aqua Security's Latest Report Highlights Increase in Cloud Attacks

Aqua Security's Latest Report Highlights Increase in Cloud Attacks

This item in japanese

Aqua Security, the creators of the Aqua Platform, published a report outlining their analysis of a year's worth of security remediation data. This report found that nearly no organization addressed all identified issues with enterprise organizations taking on average 88 days to resolve the issues they do address. Their analysis found a large increase in attacks against container-based and cloud-native infrastructure.

The report provided a number of recommendations to help reduce the threat exposure. They highlight the importance of a formal, standardized remediation process regardless of organization size. David Ellis, vice president at SecurityMetrics, defines six phases in a remediation process. These include: preparation, identification, containment, eradication, recovery, and retrospective.

Since externally exposed ports and APIs are more easily discovered, the report recommends treating those types of risks as critical issues. The authors also recommend "a layered approach with a variety of identity access management (IAM) controls, such as multi-factor authentication (MFA) and identity federation."

The report focused on cloud misconfigurations within their customer's environments. They note that "Verizon’s 2020 Data Breach Investigations Report showed that cloud misconfiguration errors had increased from 10% in 2017 to 40% in 2019." In addition, Aqua's security research team, Nautilus, reviewed over 16,000 attacks on cloud native infrastructure over a year and identified a large increase in attacks.

A comparison between the second half of 2019 and the first half of 2020 reveals that since the beginning of 2020 the volume of attacks has dramatically increased. Further analysis shows that this increase clearly indicates that there is an organized infrastructure and systematic targeting behind these attacks.

Increase in attack volume against cloud-native infrastructure from 2019 to 2020

Increase in attack volume against cloud-native infrastructure from 2019 to 2020 (credit: Aqua Security)


The main security gaps that were analyzed were storage bucket misconfigurations, IAM misconfigurations, data encryption issues, exploitable services behind open ports, and exploitation of container technology.

Within storage bucket misconfigurations, the most common issue was unnecessarily providing open access to the public. Over 80% of users analysed within the report had buckets that were exposed publicly. The other key issue they discovered was overly permissive storage policies. The pattern identified was applying a single policy across multiple instances. This approach does not properly enforce least privilege as users will not always need consistent permissions across disparate storage clusters.

The team discovered multiple issues with IAM misconfigurations, including an overuse of the root user. Their recommendations align with what Bernard Brode, cryptography consultant at Microscopic Machines, shared in an article for InfoQ. He recommends ensuring SSO is scaled across the organization, centralizing IAM management, leveraging multi-factor authentication (MFA), and investing in upskilling the organization's IAM skills.

The report was assembled by performing an in-depth analysis of Aqua user's usage data over a 12-month period. Users were grouped as either small and mid-sized business or enterprise based on the number resources within their account under scan. More details on the findings and methodology can be found within the report.

Rate this Article