The insecure cloud computing services can be a huge risk for companies because they are a regular goal for cyber criminals.
Researchers have demonstrated how vulnerable or poorly configured cloud services can be, after deploying hundreds of honeypots designed like an unsecured infrastructure, some of which seem compromised by hackers in only a few minutes.
How fast can you attract bees to honey?
Palo Alto Networks security researchers have set up a honeypot comprised of 320 nodes worldwide, including many misconfigured current cloud service cases, including remote desktop protocols (RDP), secure shell protocol (SSP), server messages block (SMB), and Postgres databases.
The honeypot also includes configured accounts with default or low security passwords, exactly the type of things the cyber criminals are looking for when are trying to breach the networks.
It wasn’t long before the cyber criminals discovered the honeypot and seek for ways to exploit it. While some of the sites were violated in just a few minutes, 80% of the 320 honeypots have been compromised within 24 hours. All of them were compromised in a week.
When security becomes a myth for cyber criminals
The most attacked application was a safe shell, which is a network communication protocol that allows two machines to communicate. Each SSH Honeypot was compromised an average of 26 times a day. The most attacked Honeypot has been compromised in a total of 169 times a day.
Meanwhile, an attacker infringed 96% of the 80 Postgres honeypots in a 90-second period.
Principal cloud security researcher at Palo Alto Networks, Jay Chen, said: “The speed of vulnerability management is usually measured in days or months. The fact that the attackers can find and compromise our honeypots in minutes was shocking. This research demonstrates the risk of insecurely exposed services.”
It was found that exposed or poorly configured cloud services like those deployed in the honeypots become an attractive target for all types of cyber criminals.
Some famous activities of Ransomware are known to exploit exposed cloud services to gain initial access to the victim’s network to finally encrypt as much as possible in order to require a multi million dollars ransom to proportionate the decoding key.
Meanwhile, the hacking groups are also known to target vulnerabilities in cloud services because of the possibility of stealth to enter networks to conduct espionage, steal data or deploy malware without detection.
A couple of minutes is enough time for cyber criminals to breach your company’s security
Just as the research shows it, it doesn’t take too long for cyber criminals to find exposed or weak security sites.
“When a vulnerable service is exposed to the Internet, opportunistic attackers can find and attack it in just a few minutes. A most of these internet facing services are connected to some other cloud workloads, any breached service can potentially lead to the compromise of the entire cloud environment,” said Chen.
When it comes to securing accounts used to access cloud services, companies should avoid using the default password and all users must be provided with multiple-factor authentication to create an additional barrier in order to prevent leaked login information being exploited.
It is also essential for companies to apply security fixes when they are available to prevent cyber criminals from attacking known exploits. This is a strategy that also applies to cloud applications.
“The outcome [of the research] reiterates the importance of mitigating and patching security issues quickly. When a misconfigured or vulnerable service is exposed to the internet, it takes attackers just a few minutes to discover and compromise the service. There is no margin when it comes to the timing of security fixes,” said Chen.