Threat actors have been quickly exploiting misconfigured cloud services, compromising 80% of honeypots deployed across North America, Europe, and the Asia-Pacific within a day and all honeypots within seven days, Threatpost reported citing a study by Palo Alto Networks' Unit 42 team.
The report also showed some improperly configured services have been exploited within minutes while one threat actor was found to compromise 96% of 80 honeypots within 30 seconds. Researchers also found that Samba honeypots were most quickly attacked but most attackers have targeted SSH honeypots. Moreover, North America had the highest number of RDP and Samba app attacks, while the Asia-Pacific had the highest prevalence of SSH and Postgres attacks.
The findings should prompt increased urgency in protecting cloud infrastructure, according to Unit 42 Principal Cloud Security Researcher Jay Chen.
"When a misconfigured or vulnerable service is exposed to the internet, it takes attackers just a few minutes to discover and compromise the service. There is no margin of error when it comes to the timing of security fixes," wrote Chen.
SecurityWeek reports that threat actors could leverage critical vulnerabilities impacting open-source file-sharing software ownCloud to facilitate sensitive data exposure and authentication and validation compromise.
Cloud security: Fixing what broke during the “great migration”
Network security in 2024: What has changed in the era of cloud computing, and how to adapt
SaaS data backups: Automated resilience & recovery in the cloud
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news