Breaking News

The report shows that more Canadian firms are exposed to RDP than other countries



According to Palo Alto Networks' report of a new cloud threat this week, Canadian organizations lag behind when it comes to protecting one of the biggest weaknesses in IT security.

Among Canadian organizations detected on the Internet, 70 percent left Windows's Remote Desktop Protocol (port 3389) vulnerable, the highest among the 10 countries surveyed.

In comparison, 38 percent of known organizations in Japan left the RDP open, U.K. 50 percent and 51 percent in the United States. The average for the group was 51 percent.

"This is important because it [RDP] is one of the most popular threats to attackers," said Matt Chiodi, CSO, Palo Alto's public cloud solution.

He said, exploitation of RDP is a primary way in which ransomware is deployed.

The reason for this and other configuration mistakes is the lack of security automation, he said. "Any time you have a big jump in cloud workload without automation. This will almost always lead to a dramatic increase in security incidents."

Chyodi did not reveal how many Canadian firms were traced. Only if the number is not statistically valid it will not be included in the report.

Leaving the RDP open and making other mistakes is one reason that "astounding" 188 percent report increased cloud security incidents in the second quarter of 2020.

The Cloud Threat H1 2021 Report *, from the company's Unit 42 threat intelligence division, is intended to show how the cloud is affected by the COVID-19 epidemic. [*registration required]

This year, between October 2019 and February, hundreds of cloud accounts around the world were noticed and there was a huge increase in the number of security risks such as unencrypted data and unsecured port configurations compared to previous months.

Findings include:

There is a 212 percent increase in the number of SQL databases with encryption disabled.
The number of unencrypted database snapshots has increased by 149 percent.
The number of firewall rules increased by 122 percent, which allowed all traffic to Kubernetes groups.
There has been a 68 percent increase in the number of people exposed to the Internet.
There is a 62 percent increase in the number of network security groups that allow all traffic on Microsoft SMB (TCP port 445).
This and other developments "underscore the failure of most organizations to scale cloud governance and security automation at the same rate," the report said. “Many of these misconceptions can be addressed through the use of infrastructure in the form of a Code (IaC) template. As we have noted in previous reports, IaC templates, when scanned continuously for common security vulnerabilities, help secure cloud infrastructure for production. "

For example, the report argues that failing to encrypt SQL and relational databases is a mistake that is easily identifiable and can be corrected by automatically auditing cloud environments for indications of incorrect environments .

The report states that research from Unit 42 suggests that after the outbreak of the epidemic, teams were either not using the IAC or had failed to scan the template for general security vulnerabilities.

"Otherwise, they are not making mistakes such as failing to encrypt potentially sensitive data or enabling logging, which is an important feature for security monitoring and auditing in cloud environments," it read.

Among the report's recommendations, companies working in the cloud should:

Increase visibility of how developers and business teams are using the cloud;
Set safety railing (which should not be allowed). Then use the IaC template as an additional way to implement those rules;
Adopt and enforce standards, such as benchmarks set by the Internet Security Center;
Train and appoint security engineers, as they know how to leverage APIs;
Embed security in DevOps

No comments