{"id":3859,"date":"2021-11-24T20:11:36","date_gmt":"2021-11-24T14:41:36","guid":{"rendered":"https:\/\/xiarch.com\/blog\/?p=3859"},"modified":"2021-11-24T20:11:43","modified_gmt":"2021-11-24T14:41:43","slug":"attackers-find-and-negotiate-the-exposed-services-in-a-day","status":"publish","type":"post","link":"https:\/\/xiarch.com\/blog\/attackers-find-and-negotiate-the-exposed-services-in-a-day\/","title":{"rendered":"Attackers find and negotiate the Exposed Services in a Day"},"content":{"rendered":"\n
Researchers set up 320 honeypots to see how quickly threat actors would target exposed cloud services and report that 80% of them were compromised in less than 24 hours. Malicious actors are constantly scanning the Internet for exposed services that could be exploited to access internal networks or perform other malicious activity.<\/p><\/p>\n\n\n\n
To track what software and services are targeted by threat actors, researchers create publicly accessible honeypots. Honeypots are servers configured to appear as if they are running various software as lures to monitor threat actors’ tactics.<\/p><\/p>\n\n\n\n
What is the tempting lure?<\/strong><\/h2>\n\n\n\n
In a new study conducted by Palo Altos Networks’ Unit 42, researchers set up 320 honeypots and found that 80% of the honeypots were compromised within the first 24 hours. The deployed honeypots included ones with the remote desktop protocol (RDP), secure shell protocol (SSH), server message block (SMB), and Postgres database services and were kept alive from July to August 2021.<\/p><\/p>\n\n\n\n
These honeypots were deployed worldwide, with instances in North America, Asian Pacific, and Europe.<\/p><\/p>\n\n\n\n
<\/figure><\/div>\n\n\n\n
How Attackers Migrate?<\/strong><\/h3>\n\n\n\n
The first time negotiating is analogous to how much the service type is targeted. For SSH honeypots which were the most targeted, the meantime for the first compromise was three hours, and the mean time between two consecutive attacks was about 2 hours.<\/p><\/p>\n\n\n\n
<\/figure><\/div>\n\n\n\n
Unit 42 also observed a notable case of a threat actor compromising 96% of the experiment’s 80 Postgres honeypots in just 30 seconds. this finding is very concerning as it could take days, if not longer, to deploy new security updates as they are released, while threat actors just need hours to exploit exposed services.<\/p><\/p>\n\n\n\n
Finally, regarding whether the location makes any difference, the APAC region received the most attention from threat actors. <\/p><\/p>\n\n\n\n
Does Firewall Works?<\/strong><\/h2>\n\n\n\n
The vast majority (85%) of attacker IPs were observed on a single day, which means that actors rarely (15%) reuse the same IP on subsequent attacks. This constant IP change makes \u2018layer 3\u2019 firewall rules ineffective against the majority of threat actors.<\/p><\/p>\n\n\n\n
What could have better chances of mitigating the attacks is to block IPs by drawing data from network scanning projects which identify hundreds of thousands of malicious IPs daily.<\/p><\/p>\n\n\n\n
However, Unit 42 tested this hypothesis on a sub-group of 48 honeypots and found that blocking over 700,000 IPs had no significant difference in the number of attacks between the sub-group and the control group.<\/p><\/p>\n\n\n\n
To protect cloud services effectively, Unit 42 recommends that admins do the following:<\/strong><\/p><\/p>\n\n\n\n
Create a guardrail to prevent privileged ports from being open.<\/li>
Create audit rules to monitor all the open ports and exposed services.<\/li>
Create automated response and remediation rules to fix misconfigurations automatically.<\/li>
Deploy next-generation firewalls (WFA or VM-Series) in front of the applications.<\/li><\/ul>\n","protected":false},"excerpt":{"rendered":"
Researchers set up 320 honeypots to see how quickly threat actors would target exposed cloud services and report that 80% of them were compromised in less than 24 hours. Malicious actors are constantly scanning the Internet for exposed services that could be exploited to access internal networks or perform other malicious activity. To track what […]<\/p>\n","protected":false},"author":2,"featured_media":3863,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[6],"tags":[],"yoast_head":"\n
Attackers find and negotiate the Exposed Services in a Day - Xiarch Solutions Private Limited<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/xiarch.com\/blog\/attackers-find-and-negotiate-the-exposed-services-in-a-day\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Attackers find and negotiate the Exposed Services in a Day - Xiarch Solutions Private Limited\" \/>\n<meta property=\"og:description\" content=\"Researchers set up 320 honeypots to see how quickly threat actors would target exposed cloud services and report that 80% of them were compromised in less than 24 hours. Malicious actors are constantly scanning the Internet for exposed services that could be exploited to access internal networks or perform other malicious activity. To track what […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/xiarch.com\/blog\/attackers-find-and-negotiate-the-exposed-services-in-a-day\/\" \/>\n<meta property=\"og:site_name\" content=\"Xiarch Solutions Private Limited\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/xiarch\/\" \/>\n<meta property=\"article:published_time\" content=\"2021-11-24T14:41:36+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-11-24T14:41:43+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/11\/Attackers-find-and-negotiate-the-Exposed-Services-in-a-Day-featured-image.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Xiarch Security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@xiarch\" \/>\n<meta name=\"twitter:site\" content=\"@xiarch\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Xiarch Security\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/xiarch.com\/blog\/attackers-find-and-negotiate-the-exposed-services-in-a-day\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/attackers-find-and-negotiate-the-exposed-services-in-a-day\/\"},\"author\":{\"name\":\"Xiarch Security\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\"},\"headline\":\"Attackers find and negotiate the Exposed Services in a Day\",\"datePublished\":\"2021-11-24T14:41:36+00:00\",\"dateModified\":\"2021-11-24T14:41:43+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/xiarch.com\/blog\/attackers-find-and-negotiate-the-exposed-services-in-a-day\/\"},\"wordCount\":445,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"articleSection\":[\"Vulnerabilities\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/xiarch.com\/blog\/attackers-find-and-negotiate-the-exposed-services-in-a-day\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/xiarch.com\/blog\/attackers-find-and-negotiate-the-exposed-services-in-a-day\/\",\"url\":\"https:\/\/xiarch.com\/blog\/attackers-find-and-negotiate-the-exposed-services-in-a-day\/\",\"name\":\"Attackers find and negotiate the Exposed Services in a Day - Xiarch Solutions Private Limited\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#website\"},\"datePublished\":\"2021-11-24T14:41:36+00:00\",\"dateModified\":\"2021-11-24T14:41:43+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/xiarch.com\/blog\/attackers-find-and-negotiate-the-exposed-services-in-a-day\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/xiarch.com\/blog\/attackers-find-and-negotiate-the-exposed-services-in-a-day\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/xiarch.com\/blog\/attackers-find-and-negotiate-the-exposed-services-in-a-day\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/xiarch.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Attackers find and negotiate the Exposed Services in a Day\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/xiarch.com\/blog\/#website\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"name\":\"Xiarch Solutions Private Limited\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/xiarch.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\",\"name\":\"Xiarch\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"contentUrl\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"width\":300,\"height\":300,\"caption\":\"Xiarch\"},\"image\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/xiarch\/\",\"https:\/\/twitter.com\/xiarch\",\"https:\/\/www.linkedin.com\/company\/xiarch\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\",\"name\":\"Xiarch Security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"caption\":\"Xiarch Security\"},\"sameAs\":[\"https:\/\/xiarch.com\/blog\/\"],\"url\":\"https:\/\/xiarch.com\/blog\/author\/vector\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Attackers find and negotiate the Exposed Services in a Day - Xiarch Solutions Private Limited","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/xiarch.com\/blog\/attackers-find-and-negotiate-the-exposed-services-in-a-day\/","og_locale":"en_US","og_type":"article","og_title":"Attackers find and negotiate the Exposed Services in a Day - Xiarch Solutions Private Limited","og_description":"Researchers set up 320 honeypots to see how quickly threat actors would target exposed cloud services and report that 80% of them were compromised in less than 24 hours. Malicious actors are constantly scanning the Internet for exposed services that could be exploited to access internal networks or perform other malicious activity. To track what […]","og_url":"https:\/\/xiarch.com\/blog\/attackers-find-and-negotiate-the-exposed-services-in-a-day\/","og_site_name":"Xiarch Solutions Private Limited","article_publisher":"https:\/\/www.facebook.com\/xiarch\/","article_published_time":"2021-11-24T14:41:36+00:00","article_modified_time":"2021-11-24T14:41:43+00:00","og_image":[{"width":1000,"height":525,"url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/11\/Attackers-find-and-negotiate-the-Exposed-Services-in-a-Day-featured-image.jpg","type":"image\/jpeg"}],"author":"Xiarch Security","twitter_card":"summary_large_image","twitter_creator":"@xiarch","twitter_site":"@xiarch","twitter_misc":{"Written by":"Xiarch Security","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/xiarch.com\/blog\/attackers-find-and-negotiate-the-exposed-services-in-a-day\/#article","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/attackers-find-and-negotiate-the-exposed-services-in-a-day\/"},"author":{"name":"Xiarch Security","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c"},"headline":"Attackers find and negotiate the Exposed Services in a Day","datePublished":"2021-11-24T14:41:36+00:00","dateModified":"2021-11-24T14:41:43+00:00","mainEntityOfPage":{"@id":"https:\/\/xiarch.com\/blog\/attackers-find-and-negotiate-the-exposed-services-in-a-day\/"},"wordCount":445,"commentCount":0,"publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"articleSection":["Vulnerabilities"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/xiarch.com\/blog\/attackers-find-and-negotiate-the-exposed-services-in-a-day\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/xiarch.com\/blog\/attackers-find-and-negotiate-the-exposed-services-in-a-day\/","url":"https:\/\/xiarch.com\/blog\/attackers-find-and-negotiate-the-exposed-services-in-a-day\/","name":"Attackers find and negotiate the Exposed Services in a Day - Xiarch Solutions Private Limited","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/#website"},"datePublished":"2021-11-24T14:41:36+00:00","dateModified":"2021-11-24T14:41:43+00:00","breadcrumb":{"@id":"https:\/\/xiarch.com\/blog\/attackers-find-and-negotiate-the-exposed-services-in-a-day\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/xiarch.com\/blog\/attackers-find-and-negotiate-the-exposed-services-in-a-day\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/xiarch.com\/blog\/attackers-find-and-negotiate-the-exposed-services-in-a-day\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/xiarch.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Attackers find and negotiate the Exposed Services in a Day"}]},{"@type":"WebSite","@id":"https:\/\/xiarch.com\/blog\/#website","url":"https:\/\/xiarch.com\/blog\/","name":"Xiarch Solutions Private Limited","description":"","publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/xiarch.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/xiarch.com\/blog\/#organization","name":"Xiarch","url":"https:\/\/xiarch.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","contentUrl":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","width":300,"height":300,"caption":"Xiarch"},"image":{"@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/xiarch\/","https:\/\/twitter.com\/xiarch","https:\/\/www.linkedin.com\/company\/xiarch"]},{"@type":"Person","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c","name":"Xiarch Security","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","caption":"Xiarch Security"},"sameAs":["https:\/\/xiarch.com\/blog\/"],"url":"https:\/\/xiarch.com\/blog\/author\/vector\/"}]}},"_links":{"self":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/3859"}],"collection":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/comments?post=3859"}],"version-history":[{"count":1,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/3859\/revisions"}],"predecessor-version":[{"id":3864,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/3859\/revisions\/3864"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media\/3863"}],"wp:attachment":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media?parent=3859"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/categories?post=3859"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/tags?post=3859"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"Attackers-find-and-negotiate-the-Exposed-Services-in-a-Day-image1\"](\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/11\/Attackers-find-and-negotiate-the-Exposed-Services-in-a-Day-image1.jpg\")
<\/figure><\/div>\n\n\n\n![\"Attackers-find-and-negotiate-the-Exposed-Services-in-a-Day-image2\"](\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/11\/Attackers-find-and-negotiate-the-Exposed-Services-in-a-Day-image2.jpg\")
<\/figure><\/div>\n\n\n\n