Researchers set up 320 honeypots to see how quickly threat actors would target open cloud services, and found that 80% of them were hacked in less than 24 hours.
Harmful actors are continually scouring the Internet for vulnerable services that can be used to gain access to internal networks or carry out other malicious acts.
Researchers develop publicly available honeypots to track what software and services are targeted by threat actors. Honeypots are servers that are set up to look like they’re running different software in order to monitor threat actors’ methods.
Researchers from Palo Alto Networks’ Unit 42 set up 320 honeypots in a new study and discovered that 80 percent of them were hacked within the first 24 hours.
From July to August 2021, honeypots with remote desktop protocol (RDP), secure shell protocol (SSH), server message block (SMB), and Postgres database services were deployed and kept alive.
Honeypots were placed all over the world, with examples in North America, Asia, and Europe.
The length of time it takes to reach a first compromise is proportional to how specific the service type is.
The average time for the first compromise on SSH honeypots, which were the most targeted, was three hours, and the average time between two successive attacks was roughly two hours.
The average time between two attacks
A prominent incidence of a threat actor compromising 96 percent of the experiment’s 80 Postgres honeypots in approximately 30 seconds was also detected .
This is alarming because it could take days, if not longer, to deploy new security patches as they become available, whereas threat actors only require a few hours to exploit unprotected services.
Finally, when it comes to whether or not location matters, threat actors paid the most attention to the APAC area.