Cloud Security Analysis Reveals Prevalence of Web Application Attacks
Results from a study by security firm Alert Logic, prepared after an 18-month analysis of 3,800 customers and 147 petabytes of data, reveal that web application attacks account for the majority of cloud security incidents, CSO reports. Web application attacks made up 75 percent of the 2.2 million security incidents identified during the study. Other common attacks included brute force, which accounted for 16 percent of incidents, as well as recon at 5 percent and server-side ransomware at 2.2 percent.
The most common vectors through which attackers attempted to exploit web applications included SQL, Joomla, Apache Struts and Magento. SQL exploits accounted for almost half of web application attacks.
At 41 percent, WordPress attacks were the most common brute-force attacks, followed by MS SQL at 19 percent, CSO reports.
Vulnerable Platforms Increase Attack Surface
Misha Govshteyn, co-founder and chief strategy officer at Alert Logic, says the LAMP stack — which includes Linux, Apache, MySQL and PHP — has proven to be a more vulnerable platform than stacks from other companies. Govshteyn also notes that PHP-based applications are being targeted by attackers. These include content management systems such as WordPress, Joomla and Django, which form the basis for more applications than most people realize.
“It’s possible to keep these systems secure, but only if you understand what web frameworks and platforms your development teams tend to use,” Govshteyn told CSO. “Most security people barely pay attention to these details and make decisions based on bad assumptions.”
Alert Logic recommends taking a role-based approach to cloud security, even if it requires ongoing maintenance of admin privileges for applications and operating systems. The company also recommends whitelisting authorized applications and blocking access to those that are either unknown or known to present risk. Before deploying or allowing access to any application, organizations should evaluate the security risk against the potential business benefit. They should also make patching a priority so they can quickly address known web application vulnerabilities.
Securing Hybrid Cloud Environments
Alert Logic also found that hybrid cloud environments have the highest number of cloud security incidents per customer. Public cloud had fewer than half the number of incidents documented in hybrid cloud environments, with hosted private clouds and on-premises data centers falling in between hybrid and public cloud.
Govshteyn recommends identifying and prioritizing interconnection points between cloud deployments and on-premises data centers when executing security strategy. Within cloud environments, he suggests going so far as to secure individual applications and microservices within their own private clouds. He says this strategy reduces the impact of individual web application incidents.
“Major breaches such as Yahoo began with trivial web applications as the initial entry vector,” Govshteyn told CSO, “so the least important applications often become your biggest problem.”
Finally, Govshteyn recommends avoiding the patching process entirely in cloud environments. Instead, enterprises should decommission old infrastructure and deploy new resources running the latest application code. Automated deployments can provide essential time-savers, and in Govshteyn’s opinion, the effort is worth it.
“You will gain [a] level of control over your infrastructure you could never achieve in traditional data centers,” he told the news source.