More Businesses Accidentally Exposing Cloud ServicesMore Businesses Accidentally Exposing Cloud Services
53% of businesses using cloud storage services unintentionally expose them to the public.
October 9, 2017
More than half of organizations using cloud services like Amazon Simple Storage Service (S3) have inadvertently exposed at least one of these services to the public, up from 40% earlier this year.
The data comes from cloud security firm RedLock, which has released its latest "Cloud Security Trends" report examining major threats and vulnerabilities in the public cloud from June through September 2017. Their findings indicate more businesses are exposing data, neglecting vulnerabilities in the cloud, and not paying attention to how compromised users are putting them at risk.
Researchers determined 38% of organizations have experienced the potential compromise of an administrative user account in their public cloud computing environment. More than 80% of businesses are not managing host vulnerabilities in the cloud, and 37% of databases accept inbound connection requests from the Internet. Seven percent of those receive requests from suspicious IP addresses, a sign they have been compromised.
They also discovered cybercriminals are using the computing power of British insurance company Aviva to mine bitcoin. They did this by taking over the organization's Kubernetes administration consoles, which lacked password protection, in the public cloud.
Read more details here.
Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023