Common Cloud Misconfigurations Exploited in Minutes, Report

2021-11-23 12:59

Given that the speed with which organizations typically manage vulnerabilities is typically measured in days or months, "That fact that attackers could find and compromise our honeypots in minutes was shocking," Unit 42 principal cloud security researcher Jay Chen wrote in the post.

The study clearly shows how quickly these common misconfigurations can lead to data breaches or attackers' taking down an entire network-given that "Most of these internet-facing services are connected to some other cloud workloads," Chen wrote.

The team analyzed attacks according to a variety of attack patterns, including: the time attackers took to discover and compromise a new service; the average time between two consecutive compromising events of a targeted application; the number of attacker IPs observed on a honeypot; and the number of days an attacker IP was observed.

Results of the study showed that the Samba honeypots were the ones attacked most quickly, as well as the ones with attackers that compromised the services most consecutively with the most speed.

Overall, 85 percent of the attacks on the honeypots were observed on a single day, which indicated to researchers that blocking known scanner IPs is ineffective in mitigating attacks, as attackers rarely reuse the same IPs to launch attacks, Chen wrote.

To safeguard services from being pummeled by attacker IPs, cloud administrators can implement a guardrail to prevent privileged ports from being open, as well as create audit rules to monitor all the open ports and exposed services.

News URL

https://threatpost.com/cloud-misconfigurations-exploited-in-minutes/176539/

#cloud #report