Twistlock Labs Uncovers Widespread Zero Touch Attacks Against Cloud Native Applications

Twistlock released its first biannual state of cloud-native security report, entitled Watching the Honeypots. Over 25 percent of Cloud Native Applications Vulnerable to Exploit; Over 90 percent of Attacks Automated.

In this report, Twistlock Labs researchers analyzed deployments of common cloud-native applications and ran honeypots to collect data on risk factors and attack patterns against cloud native services.

The report shows that while over 60 percent of cloud-native services are not kept up to date automatically, over 90 percent of attacks are automatically executed against outdated code and known CVEs.

“Adoption of cloud-native technologies gives organizations a chance to build and deploy software faster, and scale and manage deployments with ease. But this speed and agility is often coming at the expense of foundational security practices,” said Dima Stopel, Twistlock co-founder and VP Research & Development.

“Organizations need to build automatic enforcement of security into their application pipelines – both to prevent vulnerable code from reaching production, but also to quickly triage and patch new risks in production.”

Key findings include:

  • Surveying the top cloud-native applications, 25 percent were running with CVEs where a known exploit exists.
  • MySQL was the most likely to be out of date, with over 80 percent of deployments being at least one version behind. Overall, 60 percent of all cloud native apps are not patched to the latest version.
  • Over 90 percent of detected attacks were automatically executed zero touch hacking that focuses on brute force or known exploits.
  • China plays a significant role in the modern threat landscape with over 60 percent of detected attacks against cloud native applications originated from Chinese IP ranges.

Twistlock Labs, Twistlock’s Security Research Team, is constantly trying to get into the minds of attackers to better understand how they would attempt to gain access to or potentially compromise your containerized and cloud-native environments.

Twistlock is the most complete, automated and scalable container cybersecurity platform.