Many times, with the connection of new cloud devices and services, hackers "take up work." This means that in a few seconds from the moment the connection is made, attempts are made to scratch.
Sophos has created honeypots in ten of the most popular AWS data centers around the world (California, Ohio, Sao Paolo, Ireland, London, Paris, Frankfurt, Bombay, Singapore and Sydney). Then, connect them to the Internet using preset credentials or unsafe passwords.
Honeypot sites simulate one service Secure Shell Remote Access (SSH). With this service, users can connect remotely to the device and access files. If SSH is bypassed, then others will be able to gain access.
Since it appeared in less than a minute since honeypots were connected, hackers began to find them and use brute-force attacks to connect to the devices.
52 seconds attacked website of Sao Paulo.
According to a Sophos security specialist, this proves that there is an increased risk, regardless of the region.
At 5 minutes after the connection, the honeypot in Ohio was targeted, and within 20 minutes, attacks were made in California, Paris and Sydney.
London honeypot was discovered by hackers after 1 hour and a quarter, while Ireland after 1 time and 45 minutes.
However, since they were discovered, many attempts were made to connect - about 757 / hour.
Within a month 953.736 attempts to connect to the honeypot in Ohio (most of all areas) and 312.928 in Singapore (the fewest of all areas).
Default credentials (especially hardware-related usernames) are easy to discover by hackers.
Therefore, it is necessary to change the default username and password and choose something that does not "break" easily.
Also, experts recommend using one password manager. This will help manage the different access codes on different devices. Finally, it is necessary to have malware scanning programs.