Cybercriminals attacked a Mumbai cloud server honeypot with more than 678,000 attempts over a 30-day period, second to a US-based honeypot at Ohio that recorded more than 950,000 login attempts during the same period.
A honeypot is a system designed to mimic likely targets of cyberattackers, so that security researchers can monitor cybercriminal behaviour. The first login attempt on the Mumbai honeypot was made within 55 minutes and 11 seconds of going live.
According to a Sophos report titled 'Exposed: Cyberattacks on Cloud Honeypots', more than five million attacks were attempted on the global network of honeypots within a 30-day period, demonstrating how cybercriminals are automatically scanning for weak open cloud buckets. Sophos is a global leader in network and endpoint security.
The cloud servers were subjected to 13 attempted attacks per minute per honeypot on average. The most used password by cybercriminals for login attempts globally was 123456.
With businesses across the globe increasingly adopting cloud technology, the report revealed the extent to which enterprises migrating to hybrid and all-cloud platforms are at risk.
“The aggressive speed and scale of attacks on devices demonstrates the use of botnets to target an organisation’s cloud platform. In some instances, it may be a human attacker. However, regardless of this, companies need to set a security strategy to protect what they are putting into the cloud,” said Sunil Sharma, managing director, sales at Sophos (India & SAARC).
Continuous visibility of public cloud infrastructure is vital for businesses to ensure compliance and to know what to protect. However, multiple development teams within an organisation and an ever-changing, auto-scaling environment make this difficult for IT security.
“Instead of inundating security teams with a massive number of undifferentiated alerts, Sophos Cloud Optix significantly minimises alert fatigue by identifying what is truly meaningful and actionable,” said Ross McKerchar, chief information security officer (CISO) of Sophos.