Sophos, a global leader in network and endpoint security announced its cyberattacks reports on Cloud Honeypots early Wednesday, April 10, 2019
The findings revealed that cybercriminals attacked one of the cloud server honeypots in the study within 52 seconds of the honeypot going live in Sao Paulo, Brazil.
A honeypot is a system intended to mimic likely targets of cyberattackers so that security researchers can monitor cybercriminal behaviors.
On average, the cloud servers got hit by 13 attempted attacks per minute, per honeypot.
The honeypots were established in 10 of the most popular Amazon Web Services (AWS) data centers in the world, including California, Frankfurt, Ireland, London, Mumbai, Ohio, Paris, Sao Paulo, Singapore, and Sydney over a 30-day period.
Matthew Boddy, security specialist, Sophos remarked “In some instances, it may be a human attacker, but regardless, companies need a security strategy to protect what they are putting into the cloud. The issue of visibility and security in cloud platforms is a big business challenge, and with increased migration to the cloud, we see this continuing.”
The Sophos report, identifies the threats organizations migrating to hybrid and all-cloud platforms face.
The aggressive speed and scale of attacks on the honeypots show how relentlessly persistent cybercriminals are and indicate they are using botnets to target an organization’s cloud platforms.
In the study, more than 5 million attacks were attempted on the global network of honeypots in the 30-day period, demonstrating how cybercriminals are automatically scanning for weak open cloud buckets.
If attackers are successful at gaining entry, organizations could be vulnerable to data breaches. Cybercriminals also use breached cloud servers as pivot points to gain access to other servers or networks.
Continuous visibility of public cloud infrastructure is vital for businesses to ensure compliance and to know what to protect.
However, multiple development teams within an organization and an ever-changing, auto-scaling environment make this difficult for IT security.
Sophos is addressing security weaknesses in public clouds with the launch of Sophos Cloud Optix. which leverages artificial intelligence (AI) to highlight and mitigate threat exposure in cloud infrastructures.
Sophos Cloud Optix is an agentless solution that provides intelligent cloud visibility, automatic compliance regulation detection and threat response across multiple cloud environments.
Ross McKerchar, CISO, Sophos stressed, “Instead of inundating security teams with a massive number of undifferentiated alerts, Sophos Cloud Optix significantly minimizes alert fatigue by identifying what is truly meaningful and actionable. In addition, with visibility into cloud assets and workloads, IT security can have a far more accurate picture of their security posture that allows them to prioritize and proactively remediate the issues flagged in Sophos Cloud Optix.”
Key features in Sophos Cloud Optix include: Smart visibility, continuous cloud alliance and, AI-based monitoring and analytics
Sophos Cloud Optix leverages AI-powered technology from Avid Secure, which Sophos acquired in January 2019.
Founded in 2017 by a team of highly distinguished leaders in IT security, Avid Secure revolutionized the security of public cloud environments by providing effective end-to-end protection in cloud services, such as AWS, Azure, and Google.