Opportunistic attackers instantly exploited insecurely exposed services deployed in honeypots by Unit 42 researchers, demonstrating the immediate danger of these typical mistakes.
Poorly configured cloud services can be exploit by threat actors in minutes and sometimes in under 30 seconds. Attacks include network intrusion, data theft and ransomware infections, researchers have found.
Researchers at Palo Alto Networks’ Unit 42 used a honeypot infrastructure of 320 nodes deployed globally in which they misconfigured key services within a cloud–including remote desktop protocol (RDP), secure shell protocol (SSH), server message block (Samba) and Postgres database.
What they found was that attackers jumped at the opportunity to exploit the misconfigurations, with 80 percent of the 320 honeypots compromised within 24 hours and all compromised within a week, researchers disclosed in a report posted Monday.
Moreover, some attacks occurred within minutes, with one particularly speedy threat actor compromising 96 percent of the 80 honeypots globally within 30 seconds, researchers found.
Given that the speed with which organizations typically manage vulnerabilities is typically measured in days or months, “that fact that attackers could find and compromise our honeypots in minutes was shocking,” Unit 42 principal cloud security researcher Jay Chen wrote in the