Cloud Security Honeypot Research Findings

This technical report presents the findings of a honeypot research project conducted by the Orca Research Pod, aimed at understanding attacker tactics and techniques in cloud environments. The research was conducted between January and May 2023, simulating misconfigured cloud resources to observe how quickly attackers could exploit leaked secrets. The report outlines the methodology used, including the creation of various honeypots across popular cloud services such as GitHub, AWS S3, and SSH. Key findings reveal that attackers can weaponize leaked keys within minutes, with significant variations in access times across different resources. For instance, access to GitHub honeypots occurred within 2 minutes, while AWS S3 buckets were accessed within 1 hour. The report emphasizes the importance of understanding these tactics to enhance cloud security measures and provides practical recommendations for security professionals to safeguard their environments. It concludes that no region is immune to attacks, highlighting the global nature of cloud security threats.