Six Month Study of Cloud-Focused Cybercrime Shows Tactics and Measures Attackers Use to Discover and Exploit AWS Keys on Exposed S3 Buckets, GitHub, DockerHub and More
PORTLAND, Ore., June 20, 2023 – Orca Security, the pioneer of agentless cloud security, today released the results of the 2023 Honeypotting in the Cloud Report, detailing what attackers look for when scanning cloud environments and how efficient and effective they are in identifying and exploiting exposed cloud assets. The results of more than six months of research, The 2023 Honeypotting in the Cloud Report reveals that attackers typically find exposed “secrets” – pieces of sensitive information that allow access to an enterprise cloud environment — in as little as two minutes and, in many cases, begin exploiting them almost instantly, highlighting the urgent need for comprehensive cloud security.
Orca’s research was conducted between January and May 2023, beginning with the creation of “honeypots” on nine different cloud environments that simulated misconfigured resources in the cloud to entice attackers. Each contained a secret AWS key. Next, Orca monitored each honeypot to see if and when attackers would take the bait in order to learn what cloud services are targeted most frequently, how long it takes for attackers to access public or easily accessible resources, and how long it takes for attackers to find and use leaked secrets. The research was conducted by the Orca Research Pod, a group of expert cloud security researchers that discovers and analyzes cloud risks and vulnerabilities to strengthen the Orca platform and promote cloud security best practices.
“While tactics vary per resource, our research makes one thing clear – if a secret is exposed it will be exploited,” said Bar Kaduri, Cloud Threat Research Team Lead at Orca Security. “Our research shows that attackers find exposed secrets incredibly quickly and it doesn’t take them long to weaponize them. In this environment, defenders must ensure that their assets are not publicly accessible unless absolutely necessary, and that secrets are properly managed. ”
While Orca expected attackers to find the honeypots quickly, the research team was still surprised just how quickly some were found and exploited. Key findings of the report include;
“The differences in attacker tactics depending on resource illustrates the need for defenders to employ tailored defenses for each instance,” said Tohar Braun, Research Technical Lead at Orca Security “The 2023 Honeypotting in the Cloud report breaks down attack techniques and includes recommended best practices for mitigating the risk of exposed secrets.”
The full report is available for download here and the accompanying blog post is available on the Orca Research Pod blog. To provide further background on the research results and what this means for defenders, Bar Kaduri and Tohar Braun will be presenting their findings in an Orca Security webinar on July 12, ‘Exposing Attacker Tactics Using Cloud Honeypots’.
About Orca Security
Orca Security is the pioneer of agentless cloud security that is trusted by hundreds of enterprises globally. Orca makes cloud security possible for enterprises moving to and scaling in the cloud with its patented SideScanning™ technology and Unified Data Model. The Orca Cloud Security Platform delivers the world’s most comprehensive coverage and visibility of all risks across the cloud. With continuous first-to-market innovations and expertise, the Orca Platform ensures security teams quickly identify and remediate risks to keep their businesses secure. Connect your first account in minutes: https://orca.security or take the free cloud risk assessment.
fama PR for Orca Security