• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • COVID-19 Update
  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Resources
  • Podcasts
  • Subscribe
  • Project of the Week
  • About Us
    SEARCH
IT Infrastructure, Network Security, News

Threat Actors Find Honeypot of Insecurely Exposed Services Within 24 Hours

Threat actors find 80% of misconfigured and exposed services in public cloud within 24hrs as part of Unit 42's global honeypot.

November 30, 2021 Alyssa Borelli Leave a Comment

honeypot unit 42 insecurely exposed services in public cloud
Brad Pict.stock.adobe.com

Security researchers from Unit 42, the research arm of cybersecurity firm Palo Alto Networks, set out a honeypot infrastructure of 320 nodes globally to better understand the attacks against exposed services in public clouds, and  80% of the 320 honeypots were compromised within the first 24.

According to the company’s report, all honeypots were compromised within the week.

The results may be alarming, but given the increase in ransomware activity taking place within public clouds lately, the report may come as no surprise. What’s most impressive is the time it took the threat actors to compromise most of the honeypot. Ransomware gangs such as REvil are known to exploit exposed services to gain access to victims’ environments.

Unit 42 researchers deployed remote desktop protocol (RDP), secure shell protocol (SSH), server message block (SMB) and Postgres database in the honeypot infrastructure. They reported the following findings:

  • SSH was the most attacked application. The number of attackers and compromising events was much higher than for the other three applications.
  • The most attacked SSH honeypot was compromised 169 times in a single day.
  • On average, each SSH honeypot was compromised 26 times daily.
  • One threat actor compromised 96% of the 80 Postgres honeypots globally within 30 seconds.
  • 85% of the attacker IPs were observed only on a single day. This number indicates that Layer 3 IP-based firewalls are ineffective as attackers rarely reuse the same IPs to launch attacks. A list of malicious IPs created today will likely become outdated tomorrow.

The outcome reiterates the importance of mitigating and patching security issues quickly. When a misconfigured or vulnerable service is exposed to the internet, it takes attackers just a few minutes to discover and compromise the service. There is no margin of error when it comes to the timing of security fixes, according to Unit 42.

Here are some strategies IT administrators can take:

  • Create a guardrail to prevent privileged ports from being open. For example, use AWS Service Control Policies or Azure Firewall Management.
  • Create audit rules to monitor all the open ports and exposed services. For example, use AWS Config, Checkov, or Cloud Security Posture Management tools
  • Create automated response and remediation rules to fix misconfigurations automatically. For example, consider AWS Security Hub or Prisma Cloud Automated Remediation.
  • Deploy next-generation firewalls in front of the applications, such as VM-Series or WAF to block malicious traffic.

Tagged With: Cloud Security, firewalls, ransomware, remote desktop protocol, secure shell protocol, server message block, SSH honeypot

Related Content:

  • GoTo Connect, GoTo Resolve GoTo Brings IT Helpdesk Support to GoTo Connect
  • Zoom macOS Update Zoom on macOS Devices Now
  • DDoS, NETSCOUT Arbor Insight NETSCOUT Launches Arbor Insight for Enhanced DDoS Prevention
  • AWS Private 5G Amazon Launches AWS Private 5G For Connected Environments

Free downloadable guide you may like:

  • Shadow ITBlueprint Series: How to Reduce Shadow IT

    The distributed work model gives employees the flexibility they demand, but it can lead to shadow IT and introduce unnecessary security risk. Research finds that this distributed work environment is leading to IT management blind spots and shadow IT.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Shadow IT
Blueprint Series: How to Reduce Shadow IT

The distributed work model gives employees the flexibility they demand, but it can lead to shadow IT and introduce unnecessary security risk. Resea...

Hybrid Work webinar
Featured Webcast: Collaboration 2.0 — Where Are We Now?

In this webinar, subject matter experts discuss the transformation of the workplace, the rise of hybrid workers, the importance of open connectivit...

guide to end user training cover
Pro Tips for Conducting End User Training

Effective trainings are the glue that can make the difference following a new technology implementation that your team has spent so much time, effo...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Subscribe to the Newsletter
  • Contact Us
  • Media Solutions & Advertising
  • Comment Guidelines
  • RSS Feeds
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!
Emerald Logo
ABOUTCAREERSAUTHORIZED SERVICE PROVIDERSTERMS OF USEPRIVACY POLICY

© 2022 Emerald X, LLC. All rights reserved.