Cybercriminals relentlessly look for weak devices to break into cloud servers, a study by endpoint security leader Sophos has found.
One of the ‘cloud server honeypots’ the company had set up as part of the study in the Brazilian city of Sao Paulo was attacked within 52 seconds of it going live.
Honeypot is a cybersecurity term, meaning an open and vulnerable device deliberately set up by security agents for luring cybercriminals to attack. As the attack gets underway, security agents try to identify the attackers’ intention as well as their IP address.
As part of the study Sophos had set up honeypots in 10 popular data centres of Amazon Web Services (AWS) around the globe, including in the United States and Europe.
Around 95.4% of the traffic it tracked appeared to originate in China. However, the researchers say “it doesn’t necessarily mean that the attackers conducting these brute-force attempts are also located in China, because attacks may be routed through other machines under the attackers’ control”.
In a period of one month, more than 5 million attacks were attempted, Sophos stated in its report. In other words, each honeypot suffered 13 attacks per minute.
Sophos has suggested to enterprises that they introduce key-based authentication in addition to unique, complex passwords, saying that attackers were aiming to unearth passwords.
“Most of the login attempts preyed on default usernames and/or passwords. Changing these is a critical initial step to improving the security profile of a business, and it must be applied rigorously to all new devices,” the report added.