Report Reveals How Cybercriminals Attack Cloud Server


By Emma Okonji

Sophos, an operator in the network and endpoint security segment has released the findings of its recent research report, which reveals that cybercriminals attacked one of the cloud server honeypots in the study within 52 seconds of the honeypot going live in Sao Paulo, Brazil.

On average, the cloud servers were hit by 13 attempted attacks per minute, per honeypot.
The honeypots were set up in 10 of the most popular Amazon Web Services (AWS) data centres in the world, including California, Frankfurt, Ireland, London, Mumbai, Ohio, Paris, Sao Paulo, Singapore, and Sydney over a 30-day period.
A honeypot is a system intended to mimic likely targets of cyber attackers, so that security researchers can monitor cybercriminal behaviours.

In the study, more than five million attacks were attempted on the global network of honeypots in the 30-day period, demonstrating how cybercriminals are automatically scanning for weak open cloud buckets.
If attackers are successful at gaining entry, organisations could be vulnerable to data breaches. Cybercriminals also use breached cloud servers as pivot points to gain access onto other servers or networks.

Security specialist at Sophos, Matthew Boddy said: “The Sophos report, ‘Exposed: Cyberattacks on Cloud Honeypots,’ identifies the threats organisations migrating to hybrid and all-cloud platforms face. The aggressive speed and scale of attacks on the honeypots show how relentlessly persistent cybercriminals are and indicates they are using botnets to target an organisation’s cloud platforms. In some instances, it may be a human attacker, but regardless, companies need a security strategy to protect what they are putting into the cloud.”

According to him, continuous visibility of public cloud infrastructure, remained vital for businesses to ensure compliance and to know what to protect. However, multiple development teams within an organisation and an ever-changing, auto-scaling environment make this difficult for IT security.

Chief Information Security Officer at Sophos, Ross McKerchar, said: “Sophos is addressing security weaknesses in public clouds with the launch of Sophos Cloud Optix, which leverages artificial intelligence (AI) to highlight and mitigate threat exposure in cloud infrastructures. Sophos Cloud Optix is an agentless solution that provides intelligent cloud visibility, automatic compliance regulation detection and threat response across multiple cloud environments.

“Instead of inundating security teams with a massive number of undifferentiated alerts, Sophos Cloud Optix significantly minimizes alert fatigue by identifying what is truly meaningful and actionable.”
Key features in Sophos Cloud Optix include smart visibility, which provides automatic discovery of an organisation’s assets across AWS, Microsoft Azure and Google Cloud Platform (GCP) environments, via a single console, allowing security teams complete visibility into everything they have in the cloud and to respond and remediate security risks in minutes. Other features include continuous cloud compliance, which keeps up with continually changing compliance regulations and best practices policies by automatically detecting changes to cloud environments in near-time.