Robocall Results from a Telephony Honeypot

Schneier on Security

A group of researchers set up a telephony honeypot and tracked robocall behavior : NCSU researchers said they ran 66,606 telephone lines between March 2019 and January 2020, during which time they said to have received 1,481,201 unsolicited calls -- even if they never made their phone numbers public via any source.

Fake Smart Factory Honeypot Highlights New Attack Threats

Threatpost

The honeypot demonstrates the various security concerns plaguing vulnerable industrial control systems. Critical Infrastructure IoT Malware Web Security Cryptomining Malware CrySis ransomware cyber attack hack honeypot ICS industrial control system malware Phobos ransomware

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

How to Comprehend the Buzz About Honeypots

Dark Reading

Honeypots are crucial tools for security researchers and security teams. Understanding what they are and what they can do can be critical for making them safe and useful for your organization

Learning From the Honeypot: A Researcher and a Duplicitous Docker Image

Dark Reading

When Larry Cashdollar set up a honeypot in a Docker image, he found behavior that was more enlightening than he had imagined

The Difference Between Sandboxing, Honeypots & Security Deception

Dark Reading

A deep dive into the unique requirements and ideal use cases of three important prevention and analysis technologies

Blackrota Golang Backdoor Packs Heavy Obfuscation Punch

Threatpost

Malware backdoor Blackrota docker flaw Docker Remote API EKANS ransomware ELF go language gobfuscate golang honeypot malware obfuscation reverse analysis security vulnerability Snake unauthorized access

Cybersecurity in 2019: From IoT & Struts to Gray Hats & Honeypots

Dark Reading

While you prepare your defenses against the next big thing, also pay attention to the longstanding threats that the industry still hasn't put to rest

Deception: Why It's Not Just Another Honeypot

Dark Reading

The technology has made huge strides in evolving from limited, static capabilities to adaptive, machine learning deception

Multistage Ransomware Attacks Threaten Critical Infrastructure

Data Breach Today

Cybereason CISO Israel Barak Shares Latest Honeypot Findings Cybereason's latest honeypot-derived research reveals that threat actors are increasingly targeting critical infrastructure providers with multistage ransomware attacks. CISO Israel Barak details why these strikes are so prevalent and concerning

Poorly Secured Docker Image Comes Under Rapid Attack

Threatpost

A honeypot experiment shows just how quickly cybercriminals will move to compromise vulnerable cloud infrastructure. Cloud Security Akamai Attacks botnet infection cryptomining Docker docker image email relay experiment honeypot larry cashdollar Mirai poorly secured twitch proxies work from home scam XMRig

First Bluekeep Exploit Found in the Wild

Dark Reading

Crashing honeypots alerted the researcher who found the Bluekeep vulnerability

Free Tool: Honey Feed

Security Affairs

Cybersecurity expert Marco Ramilli shared another tool of his arsenal that extracts suspicious IPs from undesired connections, his HoneyPots. In other words: HoneyPots. I run a personal HoneyPot network which stands from years and over time it harvested numerous IP addresses which could be, potentially, malicious (typically scanners). If you like having fresh HoneyPot feeds in your OSINT collection, please feel free to download them directly HERE. HoneyPot Page.

Podcast: The Evolution of Deception Technology

Threatpost

IoT Podcasts Deception Technology honeypot Honeypots medical devices SCADADeception technology is an emerging category of cyber defense that is particularly useful when it comes to IoT devices, SCADA systems and medical devices.

New Threat Actor ‘Rocke’: A Rising Monero Cryptomining Menace

Threatpost

A threat actor been spotted on a number of honeypots looking to download and execute malicious cryptomining malware. Hacks Malware Cryptominer cryptomining Cryptomining Malware honeypot malware Monero oracle web logic server rocke shell script threat actor

Automated Bots Growing Tool For Hackers

Threatpost

Hacks RSAC Automated Bot bot hack hacker honeypot RSAThe use of automated bots is becoming more prevalent for novice attackers as tools become more available, researchers found.

Even 'Regular Cybercriminals' Are After ICS Networks

Dark Reading

A Cybereason honeypot project shows that ordinary cybercriminals are also targeting weakly secured environments

Researchers Offer 'a VirusTotal' for ICS

Dark Reading

Free online sandbox, honeypot tool simulates a real-world industrial network environment

We infiltrated an IRC botnet. Here’s what we found

Security Affairs

To conduct this investigation, a CyberNews researcher infiltrated an IRC botnet that we captured in one of our honeypots. Our honeypot setup. In cybersecurity terms, a honeypot is a decoy service or system that poses as a target for malicious actors.

Misleading Cyber Foes with Deception Technology

Dark Reading

Today's deception products go far beyond the traditional honeypot by catching attackers while they are chasing down non-existent targets inside your networks

ThreatList: Malware Samples Targeting IoT More Than Double in 2018

Threatpost

A honeypot set up to sniff out data on infected IoT devices found a broad array of compromised devices – from Mikrotik routers to dishwashers. IoT Malware botnet Gafgyt IoT security malware mikrotek Mirai SSH Telnet

Hackers are scanning the web for vulnerable Citrix systems

Security Affairs

Johannes Ullrich, the head of research at the SANS Technology Institute, confirmed that one of its honeypots set up to capture attacks attempting to exploit the recently disclosed flaw in the F5 Networks’ BIG-IP systems was targeted by hackers attempting to exploit two of the recent Citrix vulnerabilities. “As of today, my F5 honeypot is getting hit by attempts to exploit two of the Citrix vulnerabilities disclosed this week.”

Critical Oracle WebLogic flaw CVE-2020-14882 actively exploited in the wild

Security Affairs

Security researchers from SANS Technology Institute set up a collection of honeypots set up allowed the researchers to catch a series of attacks shortly after the exploit code for CVE-2020-14882 was publicly available. According to Johannes Ullrich, Dean of Research at SANS, the attacks that targeted the honeypots were originated from the following IP addresses: 114.243.211.182 – assigned to China Unicom 139.162.33.228 – assigned to Linode (U.S.A.)

Ransomware operators target CVE-2020-14882 WebLogic flaw

Security Affairs

Renato Marinho, a security researcher at Morphus Labs and SANS ISC handler reported that the WebLogic honeypots he set up were targeted by a large number of scans for CVE-2020–14882. “Starting late last week, we observed a large number of scans against our WebLogic honeypots to detect if they are vulnerable to CVE-2020–14882.” At least one ransomware operator appears to have exploited the recently patched CVE-2020-14882 vulnerability affecting Oracle WebLogic.

IPStorm botnet evolves to infect Android, Linux, and Mac devices

Security Affairs

Once a connection is established, the malware will check the presence of a honeypot by comparing the hostname of the attacked server to the string “svr04”, which is the default hostname of Cowrie SSH honeypot.

Stealthworker botnet targets Windows and Linux servers

Security Affairs

Akamai security researcher Larry Cashdollar discovered the campaign after his honeypot was hit by the malware. “Examining the honeypot logs, I determined the attackers had installed the Alternate Lite WordPress theme on the system, and a new binary process was running as the www-user. In addition, there was now a good deal of traffic between my honeypot and the internet.”

Microsoft warns of more disruptive BlueKeep attacks and urges patch installation

Security Affairs

The popular expert Kevin Beaumont observed some of its EternalPot RDP honeypots crashing after being attacked. huh, the EternalPot RDP honeypots have all started BSOD'ing recently. The popular expert Marcus Hutchins analyzed data shared by Beaumont and confirmed that attacks the honeypot systems were hit by attackers leveraging the BlueKeep exploits to deliver a Monero Miner.

Over 19,000 Orange Livebox ADSL modems leak WiFi credentials

Security Affairs

Experts at Bad Packets observed a scan targeting their honeypot, further investigation allowed them to discover that they were leaking the local network access details. “On Friday, December 21, 2018, our honeypots observed an interesting scan consisting of a GET request for /get_getnetworkconf.cgi. Threat actors are attempting to exploit a flaw in Orange LiveBox ADSL modems to retrieve their SSID and WiFi password in plaintext.

Roboto, a new P2P botnet targets Linux Webmin servers

Security Affairs

In October one of the honeypots of the company captured the bot, its downloader , and some bot modules. “Fast forwarded to October 11, 2019, our Anglerfish honeypot captured another suspicious ELF sample, and it turned out to be the Downloader of the previous suspicious ELF sample.” Security experts discovered a new peer-to-peer (P2P) botnet dubbed Roboto that is targeting Linux servers running unpatched Webmin installs.

Hackers target MySQL databases to deliver the GandCrab ransomware

Security Affairs

The experts discovered the attacks because they hit one of the company’s honeypots that emulates MySQL listening on the default TCP port 3306. The GandCrab sample that targeted the honeypot was downloaded more than 500 times. “The server appears to indicate more than 500 downloads of the sample I saw the MySQL honeypot download (3306-1.exe).

Hackers exploit Jenkins flaw CVE-2018-1000861 to Kerberods malware

Security Affairs

Marinho noticed some attacks hit one of his honeypots attempting to exploit this Jenkins vulnerability to deliver the Kerberods cryptominer. “After analyzing the threat which attacked one of my honeypots, I created the diagram shown in the picture below. Threat actors are exploiting a Jenkins vulnerability (CVE-2018-1000861) disclosed in 2018 to deliver a cryptocurrency miner using the Kerberods dropper.

Experts found first Mirai bot targeting Linux servers via Hadoop YARN flaw

Security Affairs

Netscout observed tens of thousands of exploit attempts daily targeting it honeypots, in November attackers attempted to deliver some 225 unique malicious payloads exploiting the Hadoop YARN vulnerability. “ASERT has been monitoring exploit attempts for the Hadoop YARN vulnerability in our honeypot network and found a familiar, but surprising payload – Mirai.

How Cybercriminals are Targeting free Wi-Fi Users?

Security Affairs

Fake Honeypots. The fake honeypots are quite similar to the fake Wi-Fi access points, but the only difference is that the honeypot is set in a more sophisticated manner. It is certain that one of these is a honeypot which is there to capture users’ data and use their sensitive information in the wrong way. Free Wi-Fi is convenient, but it is also unsafe and puts users at great risk. Here’s how the cybercriminals attack user on these open networks.

MY TAKE: Why speedy innovation requires much improved cyber hygiene, cloud security

The Last Watchdog

To demonstrate this, Trend Micro set up a honeypot, imitating an industrial factory, to see how quickly and often it would get attacked. Speed is what digital transformation is all about. Organizations are increasingly outsourcing IT workloads to cloud service providers and looking to leverage IoT systems. Related: The API attack vector expands Speed translates into innovation agility. But it also results in endless ripe attack vectors which threat actors swiftly seek out and exploit.

First Cyber Attack ‘Mass Exploiting’ BlueKeep RDP Flaw Spotted in the Wild

Security Affairs

Yesterday, the popular expert Kevin Beaumont observed some of its EternalPot RDP honeypots crashing after being attacked. huh, the EternalPot RDP honeypots have all started BSOD'ing recently. The popular expert Marcus Hutchins analyzed data shared by Beaumont and confirmed that attacks the honeypot systems were hit by attackers leveraging the BlueKeep exploits to deliver a Monero Miner.

Evolution of threat landscape for IoT devices – H1 2018

Security Affairs

The researchers set up a honeypot to collect data on infected IoT devices, the way threat actors infect IoT devices and what families of malware are involved. “Overall for the period January 1 – July 2018, our Telnet honeypot registered more than 12 million attacks from 86,560 unique IP addresses, and malware was downloaded from 27,693 unique IP addresses.” Security experts from Kaspersky have published an interesting report on the new trends in the IoT threat landscape.

IoT 77

Australian Govt agency ACSC warns of Emotet and BlueKeep attacks

Security Affairs

The popular expert Kevin Beaumont observed some of its EternalPot RDP honeypots crashing after being attacked. huh, the EternalPot RDP honeypots have all started BSOD'ing recently. The popular expert Marcus Hutchins analyzed data shared by Beaumont and confirmed that attacks the honeypot systems were hit by attackers leveraging the BlueKeep exploits to deliver a Monero Miner.

Citrix Workspace flaw can allow remote hack of devices running vulnerable app

Security Affairs

Citrix addressed a vulnerability in its Citrix Workspace app that can allow an attacker to remotely hack the computer running the vulnerable application.

Past, present, and future of the Dark Web

Security Affairs

Honeypots. The dark web is full of honeypots. It is also impossible to determine the diffusion of honeypots. Or is the Dark Web itself a honeypot for criminals, anarchists, terrorists and. Which is the difference between the Deep Web and Dark Web? Considerations about past, present, and future of the Dark Web. These are intense days for the Dark Web.

Multiple threat actors are targeting Elasticsearch Clusters

Security Affairs

“Through ongoing analysis of honeypot traffic, Talos detected an increase in attacks targeting unsecured Elasticsearch clusters. “Based on patterns in the payloads and exploit chains, Talos assesses with moderate confidence that six distinct actors are exploiting our honeypots.” Security researchers at Cisco Talos are warning of a spike in attacks on unsecured Elasticsearch clusters to drop cryptocurrency miners.

Bad Packets warns of over 14,500 Pulse secure VPN endpoints vulnerable to CVE-2019-11510

Security Affairs

The scanning activity detected by the honeypots of BadPackets was originated from a host in Spain, threat actors aim at gaining access into the private VPN network. ?????????????? BadPackets experts observed on August 22 a mass scanning activity targeting Pulse Secure “Pulse Connect Secure” VPN endpoints vulnerable to CVE-2019-11510. On August 22, BadPackets experts observed a mass scanning activity targeting Pulse Secure “Pulse Connect Secure” VPN endpoints vulnerable to CVE-2019-11510.