Cybercriminals attack cloud server honeypot in 52 seconds

Visibility and security needed to protect information in the cloud

Cybercriminals have attacked a cloud server honey pot within 52 seconds of it going live in Sao Paulo, Brazil, according to a Sophos report.

The enterprise security company placed cloud server honeypots, in 10 of the most popular Amazon Web Services (AWS) data centres in the world including California, Frankfurt, Ireland, London, Mumbai, Ohio, Paris, Sao Paulo, Singapore, and Sydney over 30 days. 

A honeypot is a system intended to mimic likely targets of cyberattackers, allowing security researchers to monitor cybercriminal behaviours.

According to Sophos, on average, the cloud servers were hit by 13 attempted attacks per minute, per honeypot, with about five million attacks attempted on the global network of honeypots during the 30 days.

During the trial, cybercriminals were automatically scanning for weak open cloud buckets. If attackers are successful at gaining entry, organisations could be vulnerable to data breaches. Cybercriminals also used breached cloud servers as pivot points to gain access onto other servers or networks.

Sophos security specialist, Matthew Boddy said the aggressive speed and scale of attacks on the honeypots shows how relentlessly persistent cybercriminals are and indicates they are using botnets to target an organisation’s cloud platforms.

“In some instances, it may be a human attacker, but regardless, companies need a security strategy to protect what they are putting into the cloud,” he said. “The issue of visibility and security in cloud platforms is a big business challenge, and with increased migration to the cloud, we see this continuing.”