Common Cloud Misconfigurations Exploited in Minutes, Report
Researchers at Palo Alto Networks’ Unit 42 have reported that attackers are able to instantly exploit insecurely exposed services deployed in honeypots. The findings highlight the immediate danger of these types of mistakes, which are common. According to Palo Alto, poorly configured cloud services can be exploited by threat actors in just minutes and in as little time as 30 seconds. According to the report, common attack types include network intrusion, data theft, and ransomware infections.
Unit 42 used a honeypot infrastructure of 320 nodes deployed globally to conduct the research. They misconfigured key services within a cloud-including remote desktop protocol, secure shell protocol, server message block, and Postgres database. The group found that attackers were quick to exploit the misconfiguration. 80% of the 320 honeypots were compromised within 24 hours. All of them were eventually compromised within a week, according to the report. Some of the attacks occurred within minutes, Palo Alto found. The report was published on Monday and details the group’s findings.