Unsafe nail computing services can pose a great risk to organizations as they are regularly targeted by cybercriminals. Researchers have shown how vulnerable or misconfigured cloud services can be, after deploying hundreds of honeypots designed to look like insecure infrastructure. Some only held out for a few minutes before being compromised by hackers.
Cybersecurity researchers at Palo Alto Networks set up a honeypot consisting of 320 nodes spread across the world and comprised of several misconfigured instances of common cloud services, including a Remote Desktop Protocol (RDP), a secure shell (SSH ), a message server (SMB), and Postgres databases.
The honeypot also included accounts set up with weak or default passwords – exactly the kind of thing cybercriminals look for when they try to break into networks.
The most attacked application is SSH
Cybercriminals quickly discovered the honeypot and tried to exploit it: some sites were compromised within minutes, while 80% of the 320 honeypots were compromised within 24 hours. They were all engaged in less than a week.
The most attacked application was the secure shell SSH, which is a network communication protocol that allows two machines to communicate. Each SSH honeypot has been compromised 26 times a day on average. The most heavily attacked honeypot was compromised a total of 169 times in a single day.
At the same time, an attacker compromised 96% of the 80 Postgres honeypots in 90 seconds.
The door opens to ransomware …
“The speed of vulnerability management is typically measured in days or months. The fact that attackers can find and compromise our honeypots in minutes is shocking. This research demonstrates the risk of unsafe exposed services,” said Jay Chen, Senior Cloud Security Researcher at Palo Alto Networks.
Exposed or misconfigured cloud services, such as those deployed in the honeypot, are tempting targets for cybercriminals of all stripes.
Several notorious ransomware have been known to exploit exposed cloud services to gain initial access to the victim’s network and ultimately encrypt as much as possible and demand a multi-million dollar ransom in exchange for the decryption key. .
… but also to espionage activities
At the same time, hacker groups with highly sophisticated practices have also been known to target vulnerabilities in cloud services as a stealthy way to enter networks to carry out spying activities, steal data, or implement malware without being detected.
And, as research shows, it doesn’t take long for cybercriminals to find systems exposed to the Internet.
“When a vulnerable service is exposed to the Internet, opportunistic attackers can find it and attack it in a matter of minutes. Since most of these Internet-facing services are connected to other workloads in the cloud, any compromised service can potentially put in Danger the entire cloud environment. ”Chen said.
Default passwords and multi-factor authentication
When it comes to protecting accounts used to access cloud services, organizations should avoid using default passwords and users should have multi-factor authentication to create an additional barrier to prevent loss.
It is also critical that organizations apply security patches as soon as they are available to prevent cybercriminals from exploiting known vulnerabilities, a policy that also applies to cloud-native applications.
“The result [de la recherche] reaffirms the importance of quickly mitigating and correcting security problems. When a vulnerable or improperly configured service is exposed to the Internet, it only takes a few minutes for attackers to discover it and put it at risk. There is no room for error when it comes to the timing of security fixes, ”Chen said.
Woodmart Theme Nulled, WP Reset Pro, Newspaper 11.2, Newspaper – News & WooCommerce WordPress Theme, Premium Addons for Elementor, Rank Math Seo Pro Weadown, WeaPlay, WordPress Theme, Plugins, PHP Script, Jannah Nulled, Elementor Pro Weadown, Woocommerce Custom Product Ad, Business Consulting Nulled, Jnews 8.1.0 Nulled, Avada 7.4 Nulled, Nulledfire, Dokan Pro Nulled, Yoast Nulled, Flatsome Nulled, PW WooCommerce Gift Cards Pro Nulled, Astra Pro Nulled, Woodmart Theme Nulled, Slider Revolution Nulled, Wordfence Premium Nulled, Elementor Pro Weadown, Wpml Nulled, Consulting 6.1.4 Nulled, Fs Poster Plugin Nulled