By the time you spin up a cloud host, it takes on average less than 6 minutes for online adversaries to identify and target your hosted server. This is without even publishing the cloud host IP address. The question is who are these attackers and how are these attacks orchestrated?
To study these attacks, over the past year or so, we have deployed a number of custom made honeypots on major cloud platforms. Our honeypots are armed with undisclosed techniques to hide their existence and allow for in-depth analysis of attacker activities.
In this presentation, I will take you through some of the observations and findings including identification layers of actors behind trivial attacks and geographic dependent intrusions (geo-attacks). I will illustrate how applying Network Theory techniques discloses hidden relationships among adversaries behind these attacks. In addition, I will also include tips on hardening cloud-hosted servers especially if you are hosting on AWS, Google Cloud or Microsoft Azure.