Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cloud
    • Cloud
    • Cybersecurity

    Cloud-Native Applications at Risk From Zero Touch Attacks

    By
    SEAN MICHAEL KERNER
    -
    September 13, 2018
    Share
    Facebook
    Twitter
    Linkedin
      Twistlock Cloud Native security report

      Organizations of all sizes are increasingly choosing to deploy and consume cloud-native applications, though not all deployments are secure. Container security firm Twistlock released a study on Sept. 13, reporting that 60 percent of cloud-native applications have not been patched to the latest version.

      The 15-page Cloud Native Security report, titled Watching the Honeypots, benefits from two different approaches to identifying risks. Twistlock scanned publicly accessible servers on the internet and also hosted its own honeypot to see what would happen.

      “Mostly these were standard images from common registries like Docker Hub,” Ariel Zelivansky, a security researcher at Twistlock, told eWEEK. “In some cases, we wanted to test specific, atypical configurations, but even then the apps were common off-the-shelf apps in common use across many organizations.”

      Twistlock has a vested interested in cloud-native security, seeing as the company’s technology is all about providing security to container and cloud-native environments. Twistlock released its first container security platform in November 2015, providing runtime security for container application deployments, and has steadily updated its platform in the years since. In a video interview with eWEEK in July, Twistlock CTO John Morellos said the attacks seen against containers in general are largely the same as those seen against virtual machines and physical servers.

      Among the high-level findings on the scanning side of the report is that 80 percent of the MySQL database instances that Twistlock scanned on the public internet were out-of-date, being one or more versions behind the most recently released version. Aside from MySQL, other deployed applications that Twistlock found not the most recent versions include ElasticSearch, Redis, CouchDB and Tomcat. 

      While it is often considered to be a best practice to run the most updated version of an application, in some cases, security patches are backported to older versions of software. Twistlock reported that across the cloud-native applications it scanned, 25 percent were deployed and running with a vulnerability that has a known exploit.

      Automated ‘Zero Touch‘ Attacks

      Twistlock deployed a honeypot—a purposely deployed vulnerable server to attract hackers—to better understand the state of cloud-native security, according to Zelivansky. Twistlock’s honeypot did in fact attract hackers, with 90 percent of the attacks being automatically executed. The company refers to the automated attacks as being “zero touch” as they don’t involve much, if any, human interaction.

      “By attacks, we are referring specifically to an exploitation or breach attempt, such as brute-forcing the login, trying commands that might work with bad settings or otherwise running real exploits known or not,” he said.

      A brute force attack is one in which an attacker repeatedly tries different usernames and passwords in an attempt to gain access. Zelivansky added that Twistlock also looked at parameters such as timing between commands and request, typos, user-agents and other components to detect if an attack was manual or automated.

      “We encountered different attacks with different levels of sophistication, from trying to use default passwords to sending packed and obfuscated commands that exploit a known vulnerability,” he said.

      One of the surprising things that happened to the Twistlock honeypot, according to Zelivansky, was the discovery of a large-scale automated attack coming from China. The Chinese operation targeted multiple applications, including Twistlock’s MySQL and Elasticsearch honeypots. 

      “They tried exploiting different CVEs with the same malware binaries as a payload, with binaries both for Linux and Windows that were unrecognized in Virustotal at the time we caught them,” he said. “We started investigating and found tens of compromised HFS servers hosting their malware binaries.”

      Best Practices

      There are multiple things that organizations can and should do to improve the security of cloud-native application deployments.

      “From a security perspective, patching and sealing all known security issues is clearly the first concern,” Zelivansky said.

      He noted, however, that even if scanning tools show that a deployment is up to date, there are still countless unpublished zero-day vulnerabilities that attackers can use against an organization.

      “Having some security monitoring tool to detect attacks as they happen can save you a headache. Of course, something that can effectively prevent such attacks is even better,” he said.

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×