At least 678,013 login attempts were made on Mumbai cloud server honeypot making it the second biggest attack spread over a month, after Ohio, US, honeypot that recorded more than 950,000 login attempts during the same time period, among a total of 10 honeypots placed globally, global cyber security major Sophos said on Wednesday. This demonstrates how cybercriminals are automatically scanning for weak open cloud buckets.
A honeypot is a system intended to mimic likely targets of cyberattackers for security researchers to monitor cybercriminal behaviour. The first login attempt on the Mumbai honeypot was made within 55 minutes and 11 seconds of going live.
On average, the cloud servers were hit by 13 attempted attacks per minute, per honeypot. The honeypots were set-up in 10 of the most popular Amazon Web Services (AWS) data centres in the world, including California, Frankfurt, Ireland, London, Mumbai, Ohio, Paris, Sao Paulo, Singapore, and Sydney over a 30-day period.
Sophos announced the findings of its report, Exposed: Cyberattacks on Cloud Honeypots.
With businesses across the globe increasingly adopting Cloud technology, the report revealed the extent to which businesses migrating to hybrid and all-Cloud platforms are at risk. It has thus become vital for businesses to ensure compliance and to know what to protect.
“The aggressive speed and scale of attacks on devices demonstrates the use of botnets to target an organisation’s cloud platform. In some instances, it may be a human attacker. However, regardless of this, companies need to set a security strategy to protect what they are putting into the cloud,” said Sunil Sharma, managing director, sales at Sophos (India & SAARC).
However, multiple development teams within an organization and an ever-changing, auto-scaling environment make this difficult for IT security.
Key features in Sophos Cloud Optix include:
Smart Visibility – Automatic discovery of organization’s assets across AWS, Microsoft Azure and Google Cloud Platform (GCP) environments, via a single console, allowing security teams complete visibility into everything they have in the cloud and to respond and remediate security risks in minutes.
Continuous Cloud Compliance – Keeps up with continually changing compliance regulations and best practices policies by automatically detecting changes to cloud environments in near-time.
AI-Based Monitoring and Analytics – Shrinks incident response and resolution times from days or weeks to just minutes. The powerful artificial intelligence detects risky resource configurations and suspicious network behaviour with smart alerts and optional automatic risk remediation