{"id":142728,"date":"2021-09-28T03:00:27","date_gmt":"2021-09-28T10:00:27","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=142728"},"modified":"2021-09-28T08:50:02","modified_gmt":"2021-09-28T15:50:02","slug":"cloud-supply-chain-attacks","status":"publish","type":"post","link":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/2021\/09\/cloud-supply-chain-attacks\/","title":{"rendered":"New Cloud Threat Research on Software Supply Chain Attacks"},"content":{"rendered":"

With the growing threat of supply chain attacks, as evidenced by recent high-profile breaches like SolarWinds<\/a> and Kaseya VSA<\/a>, Palo Alto Networks Unit 42 cloud threat researchers sought to understand these types of attacks in order to help organizations protect against them.<\/p>\n

 <\/p>\n

<\/a>Unit 42 Cloud Threat Report, 2H 2021 Available Now<\/h2>\n

For their latest Cloud Threat Report<\/a>, the Unit 42 team analyzed data from a variety of public data sources and also executed a red team exercise on the software development environment of a large SaaS provider (a customer of Palo Alto Networks) at their request. Their findings indicate that many organizations may have a false sense of security regarding their cloud infrastructure and protection procedures. In reality, many organizations are vastly unprepared for the threats they face.<\/p>\n

Here, we\u2019ll detail the report\u2019s biggest takeaways and offer resources to help your organization stay ahead of supply chain security threats in the cloud.<\/p>\n

 <\/p>\n

<\/a>Red Team Exercise Signals Supply Chain Vulnerability<\/h2>\n

The large SaaS provider tested in the red team exercise has what many would consider a mature cloud security posture. However, during the exercise, Unit 42 researchers were able to leverage misconfigurations<\/a> in the organization\u2019s software development environment, such as the presence of hardcoded identity and access management (IAM) key pairs, that would have allowed them to control all development processes and thus conduct a successful supply chain attack.<\/p>\n

Further, Unit 42 researchers found that 21% of the security scans they ran against the customer\u2019s development environment resulted in misconfigurations or vulnerabilities, highlighting how process gaps and critical security flaws leave an organization exposed and susceptible to a business-halting attack.<\/p>\n

 <\/p>\n

<\/a>Third-Party Code Is Rarely Trustworthy<\/h2>\n

In their research, Unit 42 researchers discovered that 63% of third-party code templates used in building cloud infrastructure contained insecure configurations, and 96% of third-party container applications deployed in cloud infrastructure contain known vulnerabilities. With this level of risk, if an organization uses third-party code without vetting and verifying it, chances are high that it could contain vulnerabilities and insecure configurations that could allow an attacker to easily gain access to sensitive data in the cloud and even take control of the organization\u2019s software development environment.<\/p>\n

Based on the Unit 42 team\u2019s findings, it\u2019s evident that unvetted code can quickly snowball into a security breach, especially as infrastructure flaws can directly impact thousands of cloud workloads. For that reason, it is critical that organizations understand where their code is coming from since third-party code can come from anyone \u2013 even an Advanced Persistent Threat (APT)<\/a>.<\/p>\n

 <\/p>\n

<\/a>How to Protect Your Organization From Software Supply Chain Insecurity<\/h2>\n

Here, we outlined the biggest takeaways from the latest Cloud Threat Report, but there is still a lot left to unpack. While the report goes into granular detail about software supply chain attacks and how they occur, Unit 42 cloud threat researchers aim to help teams understand these attacks in order to help them stay protected.<\/p>\n

\"Without<\/span><\/div>
Figure 1. The diagram shows how the software development process can look without built-in security, which often results in uneasy conversations between security and development teams when vulnerabilities are found.<\/figcaption><\/figure>\n
\"Another<\/span><\/div>
Figure 2. Development changes when security is integrated according to best practices, as shown in the illustration.<\/figcaption><\/figure>\n

In the report, you\u2019ll find step-by-step recommendations that you can begin implementing for your organization immediately, as well as gain valuable insight into how this growing threat continues to evolve. Download your free copy of the Unit 42 Cloud Threat Report, 2H 2021<\/a>, today!<\/p>\n","protected":false},"excerpt":{"rendered":"

Software supply chain attacks and insecure third-party code are two of the risks identified in the Unit 42 Cloud Threat Report, 2H 2021.<\/p>\n","protected":false},"author":711,"featured_media":142729,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[308,6724],"tags":[7311,6504,6890,1794],"coauthors":[7514],"class_list":["post-142728","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-announcement","category-points-of-view","tag-cloud-threat-report","tag-container-security","tag-prisma-cloud","tag-supply-chain","cloud_sec_category-devsecops"],"jetpack_featured_media_url":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-content\/uploads\/2021\/09\/Serious-Man-2.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/142728","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/users\/711"}],"replies":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/comments?post=142728"}],"version-history":[{"count":3,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/142728\/revisions"}],"predecessor-version":[{"id":142906,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/142728\/revisions\/142906"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media\/142729"}],"wp:attachment":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media?parent=142728"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/categories?post=142728"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/tags?post=142728"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/coauthors?post=142728"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}