Misconfiguration issues in the cloud have recently reached new heights as more and more data is exposed to the public. Attackers can and will take advantage of poorly configured cloud services. The most recent research from Palo Alto Network’s Unit 42 uncovers some alarming findings.
The researchers employed a 320-node honeypot architecture that was deployed globally. They misconfigured the cloud’s primary services, such as RDP, SSH, the Postgres database, and SMB.
The study was place between July and August and looked at the frequency, timing, and origins of the attacks.
The frequency, time, origins of the attacks was evaluated by the research that was conducted between July and August.
Around 80 percent of the honeypots were compromised in less than 24 hours, and the rest in less than a week.
SSH was the most often attacked application. In a single day, the most heavily targeted SSH honeypot was breached 169 times.
The fact that threat actors discovered and attacked the honeypots in a matter of minutes, is a shocking factor. This research clearly demonstrates the threats that insecure and unprotected cloud services represent. It simply takes a few minutes for attackers to identify and exploit a misconfigured database that has been left open to the internet.
To stay secure, security experts recommend to avoid the common cloud configuration mistakes. Put in place a guardrail to secure privileged ports from being opened for exploit. The researchers also recommend deploying state-of-the-art firewalls to block malicious traffic and developing automated response and remediation strategies to address misconfiguration concerns.