It could take threat actors less than 30 seconds to exploit badly configured cloud services, say security researchers. Among the breaches are ransomware attacks, data theft, and access onto a network.

According to Palo Alto Network’s Unit 42 security research team created an exploit that involved using 320 nodes in a honeypot infrastructure that was released globally. It was able to misconfigure cloud services such as remote desktop protocol (RDP) server message block (Samba), and secure shell protocol (SSH).

With these misconfigurations in the wild, Unit 42 found cyber attackers were quick to start accessing the exploit. 80 percent of the honeypots were breached within 24 hours and all within a week. One threat actor worked especially fast and was able to compromise 96 percent of the global honeypots within 30 seconds. Others done it within minutes.


Unit 42 points out the results were eye-opening because most organizations would take weeks or months to resolve a threat, but attackers can exploit in minutes.

Swift Threat

“The fact that attackers could find and compromise our honeypots in minutes was shocking,” principal cloud security researcher Jay Chen wrote.

“When a misconfigured or vulnerable service is exposed to the internet, it takes attackers just a few minutes to discover and compromise the service,” Chen wrote. “There is no margin of error when it comes to the timing of security fixes.”

The speed and ease in which attackers could act on the exploits is worrying. Most of the internet is now connected via cloud services. Chen points out the need to patch and secure cloud infrastructure is more important than ever.

Tip of the day: Did you know you can use Windowss built in antivirus Microsoft Defender also with scheduled scans? In our tutorial we give you step-by-step instructions on how to program your personal scan-schedule to keep your free of malware.