Threat actors have been quickly exploiting misconfigured cloud services, compromising 80% of honeypots deployed across North America, Europe, and the Asia-Pacific within a day and all honeypots within seven days, Threatpost reported citing a study by Palo Alto Networks' Unit 42 team.
The report also showed some improperly configured services have been exploited within minutes while one threat actor was found to compromise 96% of 80 honeypots within 30 seconds. Researchers also found that Samba honeypots were most quickly attacked but most attackers have targeted SSH honeypots. Moreover, North America had the highest number of RDP and Samba app attacks, while the Asia-Pacific had the highest prevalence of SSH and Postgres attacks.
The findings should prompt increased urgency in protecting cloud infrastructure, according to Unit 42 Principal Cloud Security Researcher Jay Chen.
"When a misconfigured or vulnerable service is exposed to the internet, it takes attackers just a few minutes to discover and compromise the service. There is no margin of error when it comes to the timing of security fixes," wrote Chen.
Google Cloud recently introduced Community Security Analytics (CSA), a set of open-sourced queries and rules for self-service security analytics geared toward helping security teams detect common cloud-based threats.