It takes only as little as 52 seconds after going live for a cloud server honeypot to be hit by cyberattacks. This is according to a report by Sophos (LSE: SOPH), a global leader in network and endpoint security.
The report titled, Exposed: Cyberattacks on Cloud Honeypots, reveals that cybercriminals attacked one of the 10 cloud server honeypots under study within 52 seconds of the honeypot going live in Sao Paulo, Brazil.
“The honeypots were set up in 10 of the most popular Amazon Web Services (AWS) data centers in the world, including California, Frankfurt, Ireland, London, Mumbai, Ohio, Paris, Sao Paulo, Singapore, and Sydney over a 30-day period. A honeypot is a system intended to mimic likely targets of cyberattackers, so that security researchers can monitor cybercriminal behaviours.”
The report also reveals that each cloud server honeypot was hit by an average of 13 attempted attacks per minute and more than 5 million attacks were attempted on the global network of honeypots in the 30-day period of the study. These attacks demonstrate how cybercriminals are automatically scanning for weak open cloud buckets.
“The Sophos report, Exposed: Cyberattacks on Cloud Honeypots, identifies the threats organizations migrating to hybrid and all-cloud platforms face. The aggressive speed and scale of attacks on the honeypots shows how relentlessly persistent cybercriminals are and indicates they are using botnets to target an organization’s cloud platforms.”Matthew Boddy, security specialist, Sophos
“In some instances, it may be a human attacker, but regardless, companies need a security strategy to protect what they are putting into the cloud. The issue of visibility and security in cloud platforms is a big business challenge, and with increased migration to the cloud, we see this continuing,” Matthew Boddy says.
If attackers are successful at gaining entry, organizations could be vulnerable to data breaches. Cybercriminals also use breached cloud servers as pivot points to gain access onto other servers or networks.
Sophos Launches Sophos Cloud Optix
There is therefore the need for businesses to ensure continuous visibility of public cloud infrastructure to ensure compliance and to know what to protect. However, multiple development teams within an organization and an ever-changing, auto-scaling environment make this difficult for IT security.
Sophos is addressing security weaknesses in public clouds with the launch of Sophos Cloud Optix, which leverages artificial intelligence (AI) to highlight and mitigate threat exposure in cloud infrastructures.
Sophos Cloud Optix is an agentless solution that provides intelligent cloud visibility, automatic compliance regulation detection and threat response across multiple cloud environments.
“Instead of inundating security teams with a massive number of undifferentiated alerts, Sophos Cloud Optix significantly minimizes alert fatigue by identifying what is truly meaningful and actionable.”
Ross McKerchar, CISO, Sophos.
“In addition, with visibility into cloud assets and workloads, IT security can have a far more accurate picture of their security posture that allows them to prioritize and proactively remediate the issues flagged in Sophos Cloud Optix,” Ross McKerchar says.
Key features in Sophos Cloud Optix include:
· Smart Visibility – Provides automatic discovery of an organization’s assets across AWS, Microsoft Azure and Google Cloud Platform (GCP) environments, via a single console, allowing security teams complete visibility into everything they have in the cloud and to respond and remediate security risks in minutes
· Continuous Cloud Compliance – Keeps up with continually changing compliance regulations and best practices policies by automatically detecting changes to cloud environments in near-time
· AI-Based Monitoring and Analytics – Shrinks incident response and resolution times from days or weeks to just minutes. The powerful artificial intelligence detects risky resource configurations and suspicious network behavior with smart alerts and optional automatic risk remediation
“The partnership with Sophos and the ability to offer Sophos Cloud Optix is important to us because it allows us to provide continuous compliance coupled with intelligent cloud visibility and immediate threat response. With Cloud Optix, our growing customer-base will have the opportunity to solve the toughest challenges in cloud security.”
Rajeev Khanolkar, president and CEO, SecurView Inc., a Sophos partner based in Edison, New Jersey.
Sophos Cloud Optix leverages AI-powered technology from Avid Secure, which Sophos acquired in January 2019. Pricing and availability details are available from Sophos partners worldwide.
Get the best of Africa’s daily tech to your inbox – first thing every morning.
Join the community now!