A new study from Unit 42 has made alarming findings regarding insecurely exposed services in public clouds.
The Unit 42 researchers used a honeypot infrastructure of 320 nodes deployed globally, deploying multiple instances of remote desktop protocol (RDP), secure shell protocol (SSH), server message block (SMB), and Postgres database in the honeypot infrastructure. The findings showed that 80% of the 320 honeypots were compromised within 24 hours, while all honeypots were compromised within a week.
SSH was the most attacked application, with much higher figures for both attackers and compromising events, according to the research. The most attacked honeypot was compromised 169 times in a single day. This did not mean others were not susceptible; one threat actor compromised 96% of the researchers’ 80 Postgres honeypots globally within 30 seconds.
As many internet-facing services are connected to other cloud workloads, the researchers warn any breach of service can potentially lead to the compromise of the entire cloud environment.