Cloud computing has dramatically changed service deployment patterns. In this work, we analyze how attackers identify and target cloud services in contrast to traditional enterprise networks and network telescopes. Using a diverse set of cloud honeypots in 5~providers and 23~countries as well as 2~educational networks and 1~network telescope, we analyze how IP address assignment, geography, network, and service-port selection, influence what services are targeted in the cloud. We find that scanners that target cloud compute are selective: they avoid scanning networks without legitimate services and they discriminate between geographic regions. Further, attackers mine Internet-service search engines to find exploitable services and, in some cases, they avoid targeting IANA-assigned protocols, causing researchers to misclassify at least 15\% of traffic on select ports. Based on our results, we derive recommendations for researchers and operators.

翻译：云计算已深刻改变了服务部署模式。本研究通过对比传统企业网络与网络望远镜，分析了攻击者如何识别并针对云服务发起攻击。我们利用分布在5家云服务商、23个国家/地区的多样化云蜜罐，以及2个教育网络和1个网络望远镜，系统考察了IP地址分配机制、地理位置、网络拓扑及服务端口选择等因素如何影响云环境下受攻击服务的目标分布。研究发现，针对云计算资源的扫描器具有选择性：它们会规避缺乏合法服务的网络段，并能区分不同地理区域进行攻击。此外，攻击者会利用互联网服务搜索引擎定位可被利用的服务资源，在某些情况下会刻意避开IANA指定协议，导致研究人员对特定端口至少15%的流量产生误分类。基于上述发现，我们为研究人员和运维人员提出了针对性建议。