Honeypots Reveal How Hackers Might Attack Your Business’s Cloud-Based Systems

Frustrated businessman over demands of technology

When cloud services first entered the business scene, they were met with trepidation. One of the biggest concerns was security. Many business leaders believed that cloud-based solutions were not as secure their on-premises counterparts.

Nowadays, businesses have fully embraced the cloud. A 2018 report indicated that 96% of companies use at least one cloud service. Unfortunately, it is not uncommon for companies to set up cloud-based systems with little or no thought about security. This mindset could get companies into trouble, as cybercriminals are increasingly attacking cloud-based systems.

To learn more about the frequency and nature of these cyber attacks, security researchers at Armor conducted an experiment using honeypots. Honeypots are decoy computer systems designed to deceive and engage hackers. When operated in a research setting, honeypots are used to monitor hackers’ behaviours and learn their tactics.

The Experiment

The researchers set up three honeypots in a real public cloud. The first honeypot, decoy server A, did not have any security protections enabled and was included to establish a baseline for the attacks. The second honeypot, decoy server B, was protected using the firewall offered by the cloud service provider. This basic setup is common among small and midsized businesses, according to the researchers. The last honeypot, decoy server C, was protected with advanced security tools, such as intrusion detection and vulnerability scanning systems.

On the front end, the researchers built a website and patient portal for a fictitious small doctor’s office. The site and portal were fully operational. Even links to Facebook, Twitter, and LinkedIn accounts were added to make the site seem real.

The Results

The cyberattacks started just minutes after the honeypots were activated, according to the researchers. Initially, there was a steady stream of attacks, but later the number of attacks skyrocketed after a hacker posted a note about the “new target” on Pastebin, a site where hackers often share information about their exploits. Overall, decoy server A was attacked around 2,500 times per week. Decoy servers B and C became hacker targets an average of 563 and 509 times per week, respectively.

The hackers typically tried to access the decoy servers through SSH ports (usually port 22, which is the default SSH listening port) using brute-force authentication attacks. In this type of attack, cybercriminals typically use password-cracking tools to ascertain login credentials. These automated tools systematically try every possible character combination as a password.

The Takeaway

Cloud service providers institute many security measures to protect their customers’ server instances and the apps and data on them. However, as the results of the honeypot experiment illustrate, it is a good idea for businesses to take additional measures, such as:

  • Set up a firewall
  • Use public-key authentication rather than password-based authentication for SSH ports since hackers commonly use brute-force authentication attacks to try to crack SSH passwords
  • Keep all operating system software and applications running on your service instances up to date so that known security vulnerabilities are patched
  • Use strong, unique passwords for all apps and systems that use password-based authentication
  • Encrypt the data in case hackers infiltrate the server instances on which it is stored.

The specific measures that your business should take will depend on several factors, such as the types of apps and data you have in the cloud. We can walk you through your options and help you implement the measures that make the most sense for your company.

Get the most from your IT

As service providers to more than 300 companies, the dedicated professionals at MicroAge are second to none when it comes to managed services. By improving efficiency, cutting costs and reducing downtime, we can help you achieve your business goals!

Most commented posts

10 Keyboard Shortcuts That Work in Chrome, Edge, and Firefox Browsers

You can use many of the same keyboard shortcuts when working in Google Chrome, Microsoft Edge, and Mozilla Firefox web browsers. Here are 10 keyboard shortcuts that are handy as well as easy to remember.

Read More

Disinfect Your Devices

How to disinfect your devices and maintain a healthy work environment. MicroAge is dedicated to providing our clients with market-leading business solutions that help them…

Read More

Rethinking Your IT With A Decentralized Workforce – Chapter 1 : Security

With an increasingly remote or hybrid workforce, we must rethink the way you look at your IT. Let’s first examine network security and how to…

Read More
8 actions to avoid ransomware

8 Actions Your Business Can Take Now to Avoid Paying a Ransom Later

The number of ransomware attacks have exploded in 2021. The month of July started out with a big bang when cybercriminals encrypted the data in…

Read More

Azure Virtual Desktop vs Windows 365: What is the Difference?

As we mentioned in a previous blog Desktop as a Service (DaaS) is a cloud-based offering where the backend is hosted by a third party….

Read More