Honeypots Reveal How Hackers Might Attack Your Business’s Cloud-Based Systems

Frustrated businessman over demands of technology

When cloud services first entered the business scene, they were met with trepidation. One of the biggest concerns was security. Many business leaders believed that cloud-based solutions were not as secure their on-premises counterparts.

Nowadays, businesses have fully embraced the cloud. A 2018 report indicated that 96% of companies use at least one cloud service. Unfortunately, it is not uncommon for companies to set up cloud-based systems with little or no thought about security. This mindset could get companies into trouble, as cybercriminals are increasingly attacking cloud-based systems.

To learn more about the frequency and nature of these cyber attacks, security researchers at Armor conducted an experiment using honeypots. Honeypots are decoy computer systems designed to deceive and engage hackers. When operated in a research setting, honeypots are used to monitor hackers’ behaviours and learn their tactics.

The Experiment

The researchers set up three honeypots in a real public cloud. The first honeypot, decoy server A, did not have any security protections enabled and was included to establish a baseline for the attacks. The second honeypot, decoy server B, was protected using the firewall offered by the cloud service provider. This basic setup is common among small and midsized businesses, according to the researchers. The last honeypot, decoy server C, was protected with advanced security tools, such as intrusion detection and vulnerability scanning systems.

On the front end, the researchers built a website and patient portal for a fictitious small doctor’s office. The site and portal were fully operational. Even links to Facebook, Twitter, and LinkedIn accounts were added to make the site seem real.

The Results

The cyberattacks started just minutes after the honeypots were activated, according to the researchers. Initially, there was a steady stream of attacks, but later the number of attacks skyrocketed after a hacker posted a note about the “new target” on Pastebin, a site where hackers often share information about their exploits. Overall, decoy server A was attacked around 2,500 times per week. Decoy servers B and C became hacker targets an average of 563 and 509 times per week, respectively.

The hackers typically tried to access the decoy servers through SSH ports (usually port 22, which is the default SSH listening port) using brute-force authentication attacks. In this type of attack, cybercriminals typically use password-cracking tools to ascertain login credentials. These automated tools systematically try every possible character combination as a password.

The Takeaway

Cloud service providers institute many security measures to protect their customers’ server instances and the apps and data on them. However, as the results of the honeypot experiment illustrate, it is a good idea for businesses to take additional measures, such as:

  • Set up a firewall
  • Use public-key authentication rather than password-based authentication for SSH ports since hackers commonly use brute-force authentication attacks to try to crack SSH passwords
  • Keep all operating system software and applications running on your service instances up to date so that known security vulnerabilities are patched
  • Use strong, unique passwords for all apps and systems that use password-based authentication
  • Encrypt the data in case hackers infiltrate the server instances on which it is stored.

The specific measures that your business should take will depend on several factors, such as the types of apps and data you have in the cloud. We can walk you through your options and help you implement the measures that make the most sense for your company.

Get the most from your IT

As service providers to more than 300 companies, the dedicated professionals at MicroAge are second to none when it comes to managed services. By improving efficiency, cutting costs and reducing downtime, we can help you achieve your business goals!

Most commented posts

3 Ways to Never Worry About Software Failure or Document Loss Again

As we move further and further into the 21st century, businesses are slowly making the transition from physical to digital documentation. This can have many…

Read More

Don’t do THIS on your work laptop or PC

We know how easy it is to create bad habits but, don't get too comfortable working from home. The only thing your employees should be using their work laptop for is work.

Read More

How Do I Know I Need Managed IT Services?

Many businesses today are challenged by the sheer volume of expanded technology requirements. Are you having trouble deciding whether or not your business is ready for Managed IT Services? Here is a list of signs that you need to hire a Managed Services Provider today.

Read More

31 Tips to Keep Your People and Your Business Cybersafe

Whether you engage with an IT service provider like MicroAge or you have an internal IT team, there are some basic security practices that should be…

Read More
Cyber attacks

Cyber attacks have evolved – Are you prepared for 2023?

Cybersecurity continues to be a top concern for organizations. A recent study of close to 2900 IT decision makers of organizations with 10 to 300…

Read More