Cybercriminals scanning for exposed AWS data buckets

By Dylan Bushell-Embling
Wednesday, 10 April, 2019

Cybercriminals are actively scanning the web for weak open AWS cloud data buckets and are ready to respond at a moment’s notice if a weakness is discovered, an experiment from network security company Sophos shows.

Sophos established a series of cloud ‘honeypots’ — designed to masquerade as legitimate poorly secured data buckets to serve as an enticing target for attackers — at 10 AWS data centres around the world, including in Sydney.

These cloud server honeypots were on average attacked within 40 minutes, with one of the honeypots being attacked within just 52 seconds of going live.

During the 30-day period the honeypots were in operation, the 10 servers attracted a combined 5 million attempted attacks.

As well as using a compromised AWS data bucket to exfiltrate data, cybercriminals also use breached cloud servers as entry points for attacks on other servers or networks.

“The aggressive speed and scale of attacks on the honeypots shows how relentlessly persistent cybercriminals are and indicates they are using botnets to target an organisation’s cloud platforms. In some instances, it may be a human attacker, but regardless, companies need a security strategy to protect what they are putting into the cloud,” Sophos Security Specialist Matthew Boddy said.

“The issue of visibility and security in cloud platforms is a big business challenge, and with increased migration to the cloud, we see this continuing.”

Image credit: ©stock.adobe.com/au/thodonal

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.

Information Technology Professionals Association (ITPA) is a not-for-profit organisation focused on continual professional development for its 18,700 members. To learn more about becoming an ITPA member, and the range of training opportunities, mentoring programs, events and online forums available, go to www.itpa.org.au.