Cloud container vulnerabilities increase – report

in

BY Richard Summerfield

Adoption of cloud technology has increased considerably in recent years, however vulnerabilities in cloud containers have also increased, according to a new report from Skybox Security.

Skybox’s ‘2019 Vulnerability and Threat Trends Report: Mid-Year Update’ notes that vulnerabilities in cloud containers have increased by 46 percent compared to the same period in 2018, and by 240 percent compared to 2017,. However, less than 1 percent of newly published vulnerabilities were exploited in the wild, with 9 percent having any functioning exploit developed at all.

Over the last two years, the total number of new vulnerabilities has outpaced any other previous year. However, the number of vulnerability reports in the first half of 2019 declined by 13 percent compared to the same period last year. Still, the current figures are historically high, and it seems annual totals of around 15,000 new common vulnerabilities and exposures (CVEs) will be the new norm.

“More than 7000 new vulnerabilities were discovered in the first half of 2019 — that’s still significantly more than figures we’d see for an entire year pre-2017. So, organisations are likely still going to be drowning in the vulnerability flood for some time,” said Ron Davidson, chief technology officer and vice president of research and development at Skybox. “Roughly a tenth of these have an exploit available and just one percent are exploited in the wild. That’s why it’s so critical to weave in threat intelligence into prioritization methods, and of course consider which vulnerable assets are exposed and unprotected by security controls.”

To better protect themselves against attack, the report suggests that companies “assess occurrences against the latest threat intelligence, as well as the relationship of vulnerable assets to the security controls that could protect them. This way, action will be focused on the small subset of vulnerabilities posing a critical risk to your business.”

Organisations should ensure that they have reliable coverage to assess and prioritise vulnerabilities in public and private clouds and operational technology systems to truly understand the risks they face.

The report also noted that cryptocurrency ransomware, botnets, and backdoors appear to have substituted cryptocurrency mining malware as a tool of choice for cyber criminals. The use of these methods increased by 10 percent, 8 percent and 18 percent respectively.

Report: 2019 Vulnerability and Threat Trends Report: Mid-Year Update

©2001-2024 Financier Worldwide Ltd. All rights reserved. Any statements expressed on this website are understood to be general opinions and should not be relied upon as legal, financial or any other form of professional advice. Opinions expressed do not necessarily represent the views of the authors’ current or previous employers, or clients. The publisher, authors and authors' firms are not responsible for any loss third parties may suffer in connection with information or materials presented on this website, or use of any such information or materials by any third parties.