Cloud Watching: Understanding Attacks Against Cloud-Hosted Services

Izhikevich, Liz and Tran, Manda and Kallitsis, Michalis and Fass, Aurore and Durumeric, Zakir
(2023) Cloud Watching: Understanding Attacks Against Cloud-Hosted Services.
In: IMC (ACM Internet Measurement Conference).
Conference: IMC Internet Measurement Conference

[img] Text
izhikevich2023cloudwatching.pdf
Download (749kB)

Abstract

Cloud computing has dramatically changed service deployment patterns. In this work, we analyze how attackers identify and target cloud services in contrast to traditional enterprise networks and network telescopes. Using a diverse set of cloud honeypots in 5 providers and 23 countries as well as 2 educational networks and 1 network telescope, we analyze how IP address assignment, geography, network, and service-port selection, influence what services are targeted in the cloud. We find that scanners that target cloud compute are selective: they avoid scanning networks without legitimate services and they discriminate between geographic regions. Further, attackers mine Internet-service search engines to find exploitable services and, in some cases, they avoid targeting IANA-assigned protocols, causing researchers to misclassify at least 15% of traffic on select ports. Based on our results, we derive recommendations for researchers and operators.

Item Type: Conference or Workshop Item (A Paper) (Paper)
Conference: IMC Internet Measurement Conference
Depositing User: Aurore Fass
Date Deposited: 02 Oct 2023 14:10
Last Modified: 02 Oct 2023 14:10
Primary Research Area: NRA5: Empirical & Behavioral Security
URI: https://publications.cispa.saarland/id/eprint/4040

Actions

Actions (login required)

View Item View Item
CISPA is powered by EPrints 3 which is developed by the School of Electronics and Computer Science at the University of Southampton. More information and software credits.