sb-au logo
Story image

Vulnerabilities in cloud containers soar, report finds

Vulnerabilities in cloud containers are on the rise, according to a new report from Skybox Security. 

The 2019 Vulnerability and Threat Trends Report analyses what’s shaping the threat landscape, and this year it has found vulnerabilities in cloud containers have increased by 46% compared to the same period in 2018, and by 240% compared to 2017.

The report, compiled by the team of security analysts at the Skybox' Research Lab, aims to help organisations align their security strategy with the reality of the current threat landscape.

Less than 1% of newly published vulnerabilities were exploited in the wild, with 9% having any functioning exploit developed at all. According to the report, 2019 has added to the trend of broad-reaching vulnerabilities that impact multiple products sharing the same code, with 40 vulnerabilities affecting three or more vendors each.

Use of malicious cryptominers, cybercriminals' overwhelming tool of choice in 2018, has declined to just 15% of malware attacks, with ransomware, botnets and backdoors rising to fill the void.

“Cloud technology and adoption has obviously skyrocketed, so it’s no surprise that vulnerabilities within cloud technology will increase,” says Skybox director of threat intelligence Marina Kidron. 

“What is concerning, though, is that as these are published, the race is on for attackers to develop an exploit because launching a successful attack on a container could have much broader consequences,” she explains. 

According to Amrit Williams, vice president of products, compared to other technology, containers can be more numerous and quickly replicated. 

“The attack footprint could expand rapidly, and number of victims may be extremely high,” he says.

“Container vendors put a great deal of attention to securing their products in the first place.n\But that also means reporting vulnerabilities when discovered,” Williams says. 

“It''s critical that customers have a way to spot those vulnerabilities even as their environment may be changing frequently. They also need to assess those vulnerabilities'' exploitability and exposure within the hybrid network and prioritise them alongside vulnerabilities from the rest of the environment - on prem, virtual networks and other clouds,” he explains.

Also notable in the report is a decline in the total number of vulnerabilities published, says Ron Davidson, Skybox CTO and VP of R&D.

“Over the last two years, the total number of new vulnerabilities has outstretched any other previous year. However, the number of vulnerability reports in 2019 H1 declined by 13% when compared to the same period last year,” he says. 

“Still the current figures are historically high, and it seems annual totals around 15,000 new CVEs will be the new norm,” says Davidson.

“More than 7,000 new vulnerabilities were discovered in the first half of 2019 - that''s still significantly more than figures we’d see for an entire year pre-2017,” he continues. 

“So organisations are likely still going to be drowning in the vulnerability flood for some time.”

Davidson, says roughly a tenth of these have an exploit available and just 1% are exploited in the wild. 

“That’s why it’s so critical to weave in threat intelligence into prioritisation methods, and of course consider which vulnerable assets are exposed and unprotected by security controls,” he says.

Story image
CrowdStrike recognised as leading endpoint security vendor on global scale
IDC's report shows that CrowdStrike demonstrated a 2018-2019 growth rate of 99% and close to doubled its market share, while the market shares of the top three vendors in the corporate endpoint segment declined.More
Story image
Interview: Checkmarx on the state of software security in Asia Pacific
"While the benefits of software are obvious, this proliferation also creates a massive and ever-evolving attack surface,” says Checkmarx A/NZ country manager Raygan Flores.More
Story image
Device authentication services to reach $8.4 billion by 2026 in response to IoT cybersecurity
"There are several key technologies revolving around authentication security that currently transform the IoT device value chain."More
Story image
Kiwis and Aussies among most concerned globally about data privacy
New research from Genesys finds the two neighbours value their data privacy more than other regions - but, as always, there are key differences of opinions too.More
Download image
Workforce demographics and culture is changing. Management must too
The way we work is changing, and so is the make-up of the workforce. To get the best results, businesses need to take on dynamic workforce management.More
Story image
Why DX is not complete without a transformed security architecture
Secure Access Services Edge (SASE) is the process by which core WAN edge capabilities like SD-WAN, routing, and WAN optimisation at branch locations are integrated with cloud-based security services like secure web gateways, firewall-as-a-service, cloud access security brokers, and more.More