"Hackers Can Weaponize Exposed Cloud Secrets in Just 2 Minutes"

"Secrets" are considered sensitive pieces of information that grant access to a cloud environment. Orca Security's research reveals that attackers typically identify misconfigured and vulnerable assets within two minutes and immediately begin exploiting them. Orca Security conducted six months of research by setting up honeypots in nine different cloud environments. The purpose of these honeypots is to attract attackers by simulating misconfigured resources. Every honeypot contained a secret AWS key. Researchers monitored the honeypots to determine if and when an attacker would bite. The goal was to gain insight into the most frequently targeted cloud services, the time it takes for attackers to access public or readily accessible resources, and the time it takes for them to discover and use leaked secrets. Orca's report indicates that exposed secrets on GitHub, HTTP, and SSH were all detected in less than five minutes. AWS S3 Buckets were discovered in under an hour. This article continues to discuss findings from the analysis of cloud-focused cybercrime tactics. 

Cybernews reports "Hackers Can Weaponize Exposed Cloud Secrets in Just 2 Minutes"