Cargando…

A Comparative Analysis of Honeypots on Different Cloud Platforms

In 2019, the majority of companies used at least one cloud computing service and it is expected that by the end of 2021, cloud data centres will process 94% of workloads. The financial and operational advantages of moving IT infrastructure to specialised cloud providers are clearly compelling. Howev...

Descripción completa

Detalles Bibliográficos
Autores principales: Kelly, Christopher, Pitropakis, Nikolaos, Mylonas, Alexios, McKeown, Sean, Buchanan, William J.
Formato: Online Artículo Texto
Lenguaje:English
Publicado: MDPI 2021
Materias:
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8036602/
https://www.ncbi.nlm.nih.gov/pubmed/33916120
http://dx.doi.org/10.3390/s21072433
_version_ 1783676948734541824
author Kelly, Christopher
Pitropakis, Nikolaos
Mylonas, Alexios
McKeown, Sean
Buchanan, William J.
author_facet Kelly, Christopher
Pitropakis, Nikolaos
Mylonas, Alexios
McKeown, Sean
Buchanan, William J.
author_sort Kelly, Christopher
collection PubMed
description In 2019, the majority of companies used at least one cloud computing service and it is expected that by the end of 2021, cloud data centres will process 94% of workloads. The financial and operational advantages of moving IT infrastructure to specialised cloud providers are clearly compelling. However, with such volumes of private and personal data being stored in cloud computing infrastructures, security concerns have risen. Motivated to monitor and analyze adversarial activities, we deploy multiple honeypots on the popular cloud providers, namely Amazon Web Services (AWS), Google Cloud Platform (GCP) and Microsoft Azure, and operate them in multiple regions. Logs were collected over a period of three weeks in May 2020 and then comparatively analysed, evaluated and visualised. Our work revealed heterogeneous attackers’ activity on each cloud provider, both when one considers the volume and origin of attacks, as well as the targeted services and vulnerabilities. Our results highlight the attempt of threat actors to abuse popular services, which were widely used during the COVID-19 pandemic for remote working, such as remote desktop sharing. Furthermore, the attacks seem to exit not only from countries that are commonly found to be the source of attacks, such as China, Russia and the United States, but also from uncommon ones such as Vietnam, India and Venezuela. Our results provide insights on the adversarial activity during our experiments, which can be used to inform the Situational Awareness operations of an organisation.
format Online
Article
Text
id pubmed-8036602
institution National Center for Biotechnology Information
language English
publishDate 2021
publisher MDPI
record_format MEDLINE/PubMed
spelling pubmed-80366022021-04-12 A Comparative Analysis of Honeypots on Different Cloud Platforms Kelly, Christopher Pitropakis, Nikolaos Mylonas, Alexios McKeown, Sean Buchanan, William J. Sensors (Basel) Article In 2019, the majority of companies used at least one cloud computing service and it is expected that by the end of 2021, cloud data centres will process 94% of workloads. The financial and operational advantages of moving IT infrastructure to specialised cloud providers are clearly compelling. However, with such volumes of private and personal data being stored in cloud computing infrastructures, security concerns have risen. Motivated to monitor and analyze adversarial activities, we deploy multiple honeypots on the popular cloud providers, namely Amazon Web Services (AWS), Google Cloud Platform (GCP) and Microsoft Azure, and operate them in multiple regions. Logs were collected over a period of three weeks in May 2020 and then comparatively analysed, evaluated and visualised. Our work revealed heterogeneous attackers’ activity on each cloud provider, both when one considers the volume and origin of attacks, as well as the targeted services and vulnerabilities. Our results highlight the attempt of threat actors to abuse popular services, which were widely used during the COVID-19 pandemic for remote working, such as remote desktop sharing. Furthermore, the attacks seem to exit not only from countries that are commonly found to be the source of attacks, such as China, Russia and the United States, but also from uncommon ones such as Vietnam, India and Venezuela. Our results provide insights on the adversarial activity during our experiments, which can be used to inform the Situational Awareness operations of an organisation. MDPI 2021-04-01 /pmc/articles/PMC8036602/ /pubmed/33916120 http://dx.doi.org/10.3390/s21072433 Text en © 2021 by the authors. https://creativecommons.org/licenses/by/4.0/Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
spellingShingle Article
Kelly, Christopher
Pitropakis, Nikolaos
Mylonas, Alexios
McKeown, Sean
Buchanan, William J.
A Comparative Analysis of Honeypots on Different Cloud Platforms
title A Comparative Analysis of Honeypots on Different Cloud Platforms
title_full A Comparative Analysis of Honeypots on Different Cloud Platforms
title_fullStr A Comparative Analysis of Honeypots on Different Cloud Platforms
title_full_unstemmed A Comparative Analysis of Honeypots on Different Cloud Platforms
title_short A Comparative Analysis of Honeypots on Different Cloud Platforms
title_sort comparative analysis of honeypots on different cloud platforms
topic Article
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8036602/
https://www.ncbi.nlm.nih.gov/pubmed/33916120
http://dx.doi.org/10.3390/s21072433
work_keys_str_mv AT kellychristopher acomparativeanalysisofhoneypotsondifferentcloudplatforms
AT pitropakisnikolaos acomparativeanalysisofhoneypotsondifferentcloudplatforms
AT mylonasalexios acomparativeanalysisofhoneypotsondifferentcloudplatforms
AT mckeownsean acomparativeanalysisofhoneypotsondifferentcloudplatforms
AT buchananwilliamj acomparativeanalysisofhoneypotsondifferentcloudplatforms
AT kellychristopher comparativeanalysisofhoneypotsondifferentcloudplatforms
AT pitropakisnikolaos comparativeanalysisofhoneypotsondifferentcloudplatforms
AT mylonasalexios comparativeanalysisofhoneypotsondifferentcloudplatforms
AT mckeownsean comparativeanalysisofhoneypotsondifferentcloudplatforms
AT buchananwilliamj comparativeanalysisofhoneypotsondifferentcloudplatforms