Cloud News Now | December 2024

Welcome to the December edition of Cloud News Now! ??

This month, we’re recapping cloud security predictions for 2025 from Aqua's CISO, critical vulnerabilities impacting Prometheus servers, and a widespread DDoS campaign affecting millions of devices uncovered by Aqua Nautilus.

Cloud Security Trends: Predictions & Strategies for Resilience

In 2025, cloud native security is set to undergo transformative progress. Aqua CISO Moshe Weis shares his insights on the trends that will define the coming year, including:

• From Prioritization to Remediation: Faster vulnerability resolution integrated directly into CI/CD workflows.
• Code-to-Cloud Security: Blurring the lines between AppSec and cloud security with unified platforms.
• Runtime Security Matures: Real-time blocking becomes the norm for proactive threat mitigation.
• Adaptive Security Strategies: Smarter workload placement and data-centric security approaches.
• GenAI’s Role in Security: Balancing AI-driven threats with AI-powered defenses.

Explore the full breakdown of these trends and strategies here.

Did you catch Aqua Nautilus' latest research?

300,000+ Prometheus Servers and Exporters Exposed to DoS Attacks

Aqua Nautilus uncovered vulnerabilities in over 336,000 exposed Prometheus servers and exporters. These misconfigurations pose significant risks, including:

• Information Disclosure: Sensitive data, credentials, and API keys exposed.
• Denial of Service (DoS): Exploitation of /debug/pprof endpoints can overwhelm servers and cause crashes.
• Code Execution via RepoJacking: Vulnerabilities in abandoned GitHub repositories allow attackers to inject malicious code.

Organizations must prioritize proper authentication, limit public exposure, and monitor debugging endpoints to mitigate these risks.

Dive into the full analysis here.

Matrix Unleashes A New Widespread DDoS Campaign

Aqua Nautilus researchers uncovered a widespread DDoS campaign orchestrated by a threat actor known as Matrix, affecting 35 million devices worldwide. Key findings include:

• Initial Access Vectors: Exploitation of vulnerabilities in routers, IoT devices, and enterprise servers.
• Brute-Force Attacks: Use of weak and default credentials like admin:admin.
• Hybrid Threat Model: Combining IoT vulnerabilities with server misconfigurations.

This attack highlights how even low-skill threat actors can leverage publicly available tools to orchestrate large-scale cyber campaigns.

Read the Forbes breakdown of this research here.

Thanks for reading!

As we close out 2024, Aqua remains committed to helping organizations build resilience, stay ahead of threats, and secure every cloud native application everywhere.

Wishing you a safe and secure holiday season!