It took less than a minute – just 52 seconds – after a cloud server honeypot went live for cybercriminals to attack it.
This is among the results from a new Sophos report, “Exposed: Cyberattacks on Cloud Honeypots”, which found that, on average, the cloud servers were hit by 13 attempted attacks per minute, per honeypot.
The honeypots were set up in 10 of the most popular Amazon Web Services (AWS) data centres in the world, including California, Frankfurt, Ireland, London, Mumbai, Ohio, Paris, Sao Paulo, Singapore, and Sydney over a 30-day period.
A honeypot is a system intended to mimic likely targets of cyberattackers, so that security researchers can monitor cybercriminal behaviours.
In the study, more than 5-million attacks were attempted on the global network of honeypots in the 30-day period, demonstrating how cybercriminals are automatically scanning for weak open cloud buckets. If attackers are successful at gaining entry, organisations could be vulnerable to data breaches. Cybercriminals also use breached cloud servers as pivot points to gain access onto other servers or networks.
“The Sophos report identifies the threats organizations migrating to hybrid and all-cloud platforms face,” says Matthew Boddy, security specialist at Sophos. “The aggressive speed and scale of attacks on the honeypots shows how relentlessly persistent cybercriminals are and indicates they are using botnets to target an organization’s cloud platforms. In some instances, it may be a human attacker, but regardless, companies need a security strategy to protect what they are putting into the cloud.
“The issue of visibility and security in cloud platforms is a big business challenge, and with increased migration to the cloud, we see this continuing.”
Continuous visibility of public cloud infrastructure is vital for businesses to ensure compliance and to know what to protect. However, multiple development teams within an organization and an ever-changing, auto-scaling environment make this difficult for IT security.
Sophos is addressing security weaknesses in public clouds with the launch of Sophos Cloud Optix, which leverages artificial intelligence (AI) to highlight and mitigate threat exposure in cloud infrastructures.