These researchers wanted to test cloud security. They were shocked by what they found

Insecure cloud computing services can pose a huge risk to organizations as they are a regular target for cyber criminals. Researchers have demonstrated just how vulnerable or misconfigured cloud services can be after deploying hundreds of honeypots designed to look like insecure infrastructure, some of which only lasted minutes before being compromised by hackers.

Cybersecurity researchers at Palo Alto Networks have set up a compromised honeypot of 320 nodes around the world, consisting of multiple misconfigured instances of common cloud services, including remote desktop protocol (RDP), secure shell protocol (SSH), server message block (SMB) ) and Postgres databases.

The honeypot also contained accounts configured to have default or weak passwords — exactly the kind of things cybercriminals look for when trying to breach networks.

SEE: Cloud Security in 2021: A Business Guide to Essential Tools and Best Practices

And it wasn’t long before cybercriminals discovered the honeypot and tried to exploit it – some sites were hacked within minutes, while 80% of the 320 honeypots were hacked within 24 hours. They were all compromised within a week.

The most attacked application was the secure shell, a network communication protocol that allows two machines to communicate. Each SSH honey pot was compromised an average of 26 times per day. The most attacked honeypot was compromised a total of 169 times in just one day.

Meanwhile, one attacker compromised 96% of 80 Postgres honeypots within a single 90-second period.

“The speed of vulnerability management is usually measured in days or months. The fact that attackers were able to find and compromise our honeypots in minutes was shocking. This study demonstrates the risk of insecurely exposed services,” said Jay Chen, lead researcher in cloud security at Palo Alt Networks.

Exposed or poorly configured cloud services like those deployed in the honeypot are tempting targets for cybercriminals of all kinds.

Several notorious ransomware operations are known to abuse exposed cloud services to gain initial access to the victim’s network and end up encrypting as much as possible and demanding a multi-million dollar ransom in exchange for the decryption key.

Meanwhile, state-backed hacking groups are also known to target vulnerabilities in cloud services as a stealthy way to enter networks to perform spying, steal data, or deploy malware without detection.

SEE: A winning cybersecurity strategy (ZDNet special report)

And as the research shows, it won’t be long before cybercriminals find exposed Internet-facing systems.

“When a vulnerable service is exposed to the Internet, opportunistic attackers can find and attack it in just a few minutes. Since most of these Internet-facing services are connected to other cloud workloads, any compromised service could potentially compromise the entire cloud environment” , says Chen.

When it comes to securing accounts used to access cloud services, organizations should avoid using default passwords and users should be given multi-factor authentication to create an additional barrier to prevent leaked credentials from being misused.

It’s also vital for organizations to apply security patches when they become available to prevent cybercriminals from exploiting known exploits — and it’s a strategy that applies to cloud applications as well.

“The outcome [of the research] reiterates the importance of quickly mitigating and patching security vulnerabilities. When a misconfigured or vulnerable service is exposed to the Internet, attackers only need minutes to discover and compromise the service. There’s no margin for error when it comes to timing security fixes,” Chen said.


Leave a Comment