Poorly configured cloud services can be exploit by threat actors in minutes and sometimes in under 30 seconds. Attacks include network intrusion, data theft and ransomware infections, researchers have found. Researchers at Palo Alto Networks’ Unit 42 used a honeypot infrastructure of 320 nodes deployed globally in which they misconfigured key services within a cloud–including remote desktop protocol (RDP), secure shell protocol (SSH), server message block (Samba) and Postgres database. What they found was that attackers jumped at the opportunity to exploit the misconfigurations, with 80 percent of the 320 honeypots compromised within 24 hours and all compromised within a week, researchers disclosed in a report posted Monday. Moreover, some attacks occurred within minutes, with one particularly speedy threat actor compromising 96 percent of the 80 honeypots globally within 30 seconds, researchers found. Given that the speed with which organizations typically manage vulnerabilities is typically measured in days or months, “that fact that attackers could find and compromise our honeypots in minutes was shocking,” Unit 42 principal cloud security researcher Jay Chen wrote in the post. Common Cloud Mistakes The study clearly shows how quickly these common misconfigurations can lead to data breaches or attackers’ taking down an entire network—given that “most of these internet-facing services are connected to some other cloud workloads,” Chen wrote. This reinforces the importance…
https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png 0 0 govanguard https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2021-11-23 07:59:002021-11-23 07:59:00Common Cloud Misconfigurations Exploited in Minutes, Report
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email email@example.com