It is a jungle out there! If you happen to run a honeypot, you will be amazed by number of intrusions your receive in matter of a few minutes. The issue is even bigger when it comes to servers hosted on cloud. They are constantly being targeted by online adversaries and cyber criminals. The public IP addresses assigned to every cloud instance is from a predefined IP address pool. Therefore, from adversaries perspective it is trivial to identify and target these cloud instances.
We started a journey of experiments and called it Project Amazon EC2 to find out what attacks are received by cloud hosts on a major cloud provider specifically Amazon Web Services (AWS).
We have deployed a number of Smart Honeypots across AWS geographic zone. We make each cloud host to mimic a typical cloud hosted server often used by online business to server a public website.
The observations have been fascinating and we regularly share the results though our blog posts, mailing list and tweets.