“…This way, customers access the services they are paying for, or renting, over the Internet from public cloud, which run on remote servers that the provider will manage. Opposed to the private cloud, a public cloud will share its services among several different customers, but in a way that each individual customer’s data and applications are kept private and not accessible from other customers sharing the services [ 10 ].…”
In 2019, the majority of companies used at least one cloud computing service and it is expected that by the end of 2021, cloud data centres will process 94% of workloads. The financial and operational advantages of moving IT infrastructure to specialised cloud providers are clearly compelling. However, with such volumes of private and personal data being stored in cloud computing infrastructures, security concerns have risen. Motivated to monitor and analyze adversarial activities, we deploy multiple honeypots on the popular cloud providers, namely Amazon Web Services (AWS), Google Cloud Platform (GCP) and Microsoft Azure, and operate them in multiple regions. Logs were collected over a period of three weeks in May 2020 and then comparatively analysed, evaluated and visualised. Our work revealed heterogeneous attackers’ activity on each cloud provider, both when one considers the volume and origin of attacks, as well as the targeted services and vulnerabilities. Our results highlight the attempt of threat actors to abuse popular services, which were widely used during the COVID-19 pandemic for remote working, such as remote desktop sharing. Furthermore, the attacks seem to exit not only from countries that are commonly found to be the source of attacks, such as China, Russia and the United States, but also from uncommon ones such as Vietnam, India and Venezuela. Our results provide insights on the adversarial activity during our experiments, which can be used to inform the Situational Awareness operations of an organisation.
“…This way, customers access the services they are paying for, or renting, over the Internet from public cloud, which run on remote servers that the provider will manage. Opposed to the private cloud, a public cloud will share its services among several different customers, but in a way that each individual customer’s data and applications are kept private and not accessible from other customers sharing the services [ 10 ].…”
In 2019, the majority of companies used at least one cloud computing service and it is expected that by the end of 2021, cloud data centres will process 94% of workloads. The financial and operational advantages of moving IT infrastructure to specialised cloud providers are clearly compelling. However, with such volumes of private and personal data being stored in cloud computing infrastructures, security concerns have risen. Motivated to monitor and analyze adversarial activities, we deploy multiple honeypots on the popular cloud providers, namely Amazon Web Services (AWS), Google Cloud Platform (GCP) and Microsoft Azure, and operate them in multiple regions. Logs were collected over a period of three weeks in May 2020 and then comparatively analysed, evaluated and visualised. Our work revealed heterogeneous attackers’ activity on each cloud provider, both when one considers the volume and origin of attacks, as well as the targeted services and vulnerabilities. Our results highlight the attempt of threat actors to abuse popular services, which were widely used during the COVID-19 pandemic for remote working, such as remote desktop sharing. Furthermore, the attacks seem to exit not only from countries that are commonly found to be the source of attacks, such as China, Russia and the United States, but also from uncommon ones such as Vietnam, India and Venezuela. Our results provide insights on the adversarial activity during our experiments, which can be used to inform the Situational Awareness operations of an organisation.
“…The development of Cloud Computing is at the forefront of centralising application development and management, with a considerable impact on their configuration(s). It enables developers to use computer resources as a service, and therefore facilitates scaling application and access to data from anywhere, while saving costs and keeping hardware maintenance at low levels [1]. To keep up with the rapid development of the underlying technology, more and more companies are shifting their Information Technology (IT) infrastructures to the cloud, while providers offer more services in return.…”
The shift towards microservisation which can be observed in recent developments of the cloud landscape for applications has led towards the emergence of the Function as a Service (FaaS) concept, also called Serverless. This term describes the event-driven, reactive programming paradigm of functional components in container instances, which are scaled, deployed, executed and billed by the cloud provider on demand. However, increasing reports of issues of Serverless services have shown significant obscurity regarding its reliability. In particular, developers and especially system administrators struggle with latency compliance. In this paper, following a systematic literature review, the performance indicators influencing traffic and the effective delivery of the provider’s underlying infrastructure are determined by carrying out empirical measurements based on the example of a File Upload Stream on Amazon’s Web Service Cloud. This popular example was used as an experimental baseline in this study, based on different incoming request rates. Different parameters were used to monitor and evaluate changes through the function’s logs. It has been found that the so-called Cold-Start, meaning the time to provide a new instance, can increase the Round-Trip-Time by 15%, on average. Cold-Start happens after an instance has not been called for around 15 min, or after around 2 h have passed, which marks the end of the instance’s lifetime. The research shows how the numbers have changed in comparison to earlier related work, as Serverless is a fast-growing field of development. Furthermore, emphasis is given towards future research to improve the technology, algorithms, and support for developers.
“…The more individuals and organizations use third-party services/providers either for generic tasks i.e. web-based email, Cloud storage (Virvilis et al 2011a), (Virvilis et al 2011b), (Agudo et al 2011) or security related tasks (Marianthi Theoharidou et al 2013), (Pitropakis et al 2013), the higher will be the gain for the attackers if they manage to exploit those services.…”
Τόσο ο αριθμός όσο και η πολυπλοκότητα των κυβερνοεπιθέσεων αυξάνονται διαρκώς. Τα ευρυζωνικά δίκτυα, οι σύνθετες διαδικτυακές πλατφόρμες, η χρήση social networks και cloud services και η αυξανόμενη χρήση έξυπνων συσκευών (π.χ. smartphones, tablets) - ακόμα και σε διαβαθμισμένα δίκτυα - έχουν δημιουργήσει νέες προκλήσεις. Οι πολύπλοκες και άρτια οργανωμένες επιθέσεις σε κρίσιμες υποδομές, στρατιωτικά δίκτυα και κυβερνητικούς φορείς που έχουν γίνει γνωστές τα τελευταία χρόνια, οφείλονται σε εξαιρετικά ικανές και άρτια οργανωμένες τεχνικές ομάδες, που συνήθως εργάζονται υπό την αιγίδα κάποιου κρατικού οργανισμού και είναι γνωστές ως Advanced Persistent Threat (APT). Η χρήση περίτεχνου ιομορφικού λογισμικού και άγνωστων αδυναμιών (zero-day vulnerabilities), κάνει την εντοπισμό και την αντιμετώπιση των συγκεκριμένων επιθέσεων ιδιαίτερα προβληματική με τις υπάρχουσες τεχνολογίες, οι οποίες ακολουθούν τις ίδιες σχεδιαστικές αρχές εδώ και δεκαετίες: Προσπάθεια πρόληψης επιθέσεων (prevention), και προσπάθεια εντοπισμού επιθέσεων σε πραγματικό χρόνο. Αυτή η σχεδιαστική λογική καθιστά ακόμα και τις λύσεις ασφάλειας που θεωρούνται ως state-of-the-art, ανεπαρκείς για την αντιμετώπιση εξεζητημένων (sophisticated) απειλών.Συνεπώς, είναι σαφής η ανάγκη επανασχεδιασμού των αμυντικών τεχνολογιών. Η χρήση τεχνικών παραπλάνησης (deception) αποτελεί μια εξαιρετική μέθοδο για εντοπισμό επιθέσεων, ανεξάρτητα από τις τεχνικές δεξιότητες των επιτιθεμένων. Η χρήση honeypots για τον εντοπισμό δικτυακών επιθέσεων, honey files και honey tokens για τον εντοπισμό μη εξουσιοδοτημένης πρόσβασης σταθμούς βάσης & εξυπηρετητές, και honey user-accounts / authentication tokens για τον εντοπισμό privilege escalation και pass-the-hash επιθέσεων, είναι μερικές από τις μεθόδους πάνω στις οποίες έχει βασιστεί το προτεινόμενο μοντέλο, για τον εντοπισμό εξεζητημένων επιθέσεων.Η αξιολόγηση του μοντέλου τονίζει τη υψηλή αποτελεσματικότητα του στον εντοπισμό εξεζητημένων απειλών.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.