CISPA
Browse

Cloud Watching: Understanding Attacks Against Cloud-Hosted Services

Download (731.6 kB)
conference contribution
posted on 2024-02-28, 08:35 authored by Liz Izhikevich, Manda Tran, Michalis Kallitsis, Zakir Durumeric, Aurore FassAurore Fass
Cloud computing has dramatically changed service deployment patterns. In this work, we analyze how attackers identify and target cloud services in contrast to traditional enterprise networks and network telescopes. Using a diverse set of cloud honeypots in 5 providers and 23 countries as well as 2 educational networks and 1 network telescope, we analyze how IP address assignment, geography, network, and service-port selection, influence what services are targeted in the cloud. We find that scanners that target cloud compute are selective: they avoid scanning networks without legitimate services and they discriminate between geographic regions. Further, attackers mine Internet-service search engines to find exploitable services and, in some cases, they avoid targeting IANA-assigned protocols, causing researchers to misclassify at least 15% of traffic on select ports. Based on our results, we derive recommendations for researchers and operators.

History

Primary Research Area

  • Empirical and Behavioral Security

Name of Conference

ACM Internet Measurement Conference (IMC)

Journal

IMC (ACM Internet Measurement Conference)

BibTeX

@conference{Izhikevich:Tran:Kallitsis:Durumeric:Fass:2023, title = "Cloud Watching: Understanding Attacks Against Cloud-Hosted Services", author = "Izhikevich, Liz" AND "Tran, Manda" AND "Kallitsis, Michalis" AND "Durumeric, Zakir" AND "Fass, Aurore", year = 2023, month = 10, journal = "IMC (ACM Internet Measurement Conference)" }

Usage metrics

    Categories

    No categories selected

    Licence

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC