Cybercriminal habits were analyzed in a recent report by Orca Security. The report reveals that attackers typically find exposed “secrets”— pieces of sensitive information that allow access to an enterprise cloud environment — in as little as two minutes and, in many cases, begin exploiting them almost instantly.

The research was conducted between January and May 2023, beginning with the creation of “honeypots” on nine different cloud environments that simulated misconfigured resources in the cloud to entice attackers. Each contained a secret Amazon Web Service (AWS) key. Key findings of the report include:

Misconfigured and vulnerable assets are discovered within minutes. Exposed secrets on GitHub, HTTP and SSH were all discovered in under five minutes. The AWS S3 Buckets were discovered in under one hour.

The more popular the resource, the easier it is to access and the more likely it is to contain sensitive information, the more attackers are inclined to do reconnaissance.

Although 50% of all observed exposed AWS key usage took place in the United States, usage occurred in almost every other region as well, including Canada, APAC, Europe and South America.