How Long Did It Take Hackers to Find Exposed Secrets – As Little as 2 Minutes
We hear stories about the time it takes to weaponize security patches. This test, by Orca Security, tested a different problem.
They wanted to know how long it takes hackers to discover secrets that you leave exposed in your cloud environment.
They tested a variety of resources from Github to AWS.
The good news is that, for this test, Amazon’s Elastic Block Storage and DockerHub were not compromised. IN THIS TEST!
For other services, including Amazon’s S3, the hackers discovered the secrets in less than an hour, sometimes in only a few minutes.
I don’t think you should consider these answers the ultimate test, but it does point out that hackers are scanning continuously and, for the most part, if you leave secrets exposed, they will be discovered VERY quickly.
On top of that, the time to use was also short – in many cases from minutes to hours.
Here is what these researchers found.
The reason for this is that the cloud is easy to attack from anywhere and while hackers would have to figure out how to hack the server sitting in your office, they are already trying to hack cloud services like Amazon 525,600 minutes a year (that would be 24x7x365).
Need help? When was the last time you ran a penetration test or even asset discovery on your resources? Contact us for help.
Credit: Cybernews