Insecure cloud computing services can be a huge risk for organizations because they are a regular target of cybercriminals.Researchers have demonstrated how Cloud services that are vulnerable or misconfigured After deploying hundreds of honeypots that looked like insecure infrastructure, some of them were hacked after only a few minutes.
Cyber Security Researcher at Palo Alto Networks Establish a honeypot consisting of 320 nodes worldwide, consisting of multiple misconfigured instances of common cloud services, including Remote Desktop Protocol (RDP), Secure Shell Protocol (SSH), Server Message Block (SMB), and Postgres database.
Honeypot also includes Configured as an account with a default or weak password ——It is exactly what cybercriminals are looking for when they try to disrupt the Internet.
Look: Cloud Security in 2021: A Business Guide to Essential Tools and Best Practices
Soon after, cybercriminals discovered the honeypot and tried to use it-some sites were compromised within a few minutes, and 80% of the 320 honeypots were compromised within 24 hours. All of these were destroyed within a week.
The most attacked application is the secure shell, which is a network communication protocol that allows two machines to communicate. Each SSH honeypot is hacked an average of 26 times per day. The most attacked honeypot was hacked a total of 169 times in one day.
At the same time, an attacker destroyed 96% of 80 Postgres honeypots in 90 seconds.
Jay Chen, chief cloud security researcher at Palo, said: “The speed of vulnerability management is usually in days or months. The fact that attackers can find and destroy our honeypots within minutes is shocking. This research proves that the service is not available. The risk of safety exposure.” Alto Networks.
Exposed or improperly configured cloud services (such as cloud services deployed in honeypots) have become attractive targets for various cybercriminals.
A few notorious Ransomware Operation is known Leverage exposed cloud services Gain initial access to the victim’s network in order to eventually encrypt as much as possible, and demand a ransom of millions of dollars in exchange for a decryption key.
at the same time, As we all know, state-backed hacker groups also target vulnerabilities in cloud services As a secret means to enter the network to conduct espionage, steal data or deploy malicious software without being discovered.
Look: A winning strategy for cybersecurity (Special report by ZDNet)
As research has shown, cybercriminals will soon be able to find exposed Internet-facing systems.
“When a vulnerable service is exposed on the Internet, opportunistic attackers can find and attack it within minutes. Since most of these Internet-facing services are connected to some other cloud workload, any Disrupted services can lead to the entire cloud environment,” Chen said.
When protecting accounts used to access cloud services, organizations should avoid using default passwords and provide users with Multi-factor authentication Create additional barriers to prevent leaked credentials from being exploited.
It is also important for organizations to apply security patches when they are available to prevent cybercriminals from exploiting known vulnerabilities- This is also a strategy for cloud applications.
“result [of the research] Reiterate the importance of quickly mitigating and repairing security issues. When a misconfigured or vulnerable service is exposed on the Internet, an attacker can discover and destroy the service in just a few minutes. As far as the schedule of security repairs is concerned, there is no error,” Chen said.
