Fake Smart Factory Honeypot Highlights New Attack Threats

Threatpost

The honeypot demonstrates the various security concerns plaguing vulnerable industrial control systems. Critical Infrastructure IoT Malware Web Security Cryptomining Malware CrySis ransomware cyber attack hack honeypot ICS industrial control system malware Phobos ransomware

How to Comprehend the Buzz About Honeypots

Dark Reading

Honeypots are crucial tools for security researchers and security teams. Understanding what they are and what they can do can be critical for making them safe and useful for your organization

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Elaborate Honeypot 'Factory' Network Hit with Ransomware, RAT, and Cryptojacking

Dark Reading

A fictitious industrial company with phony employees personas, website, and PLCs sitting on a simulated factory network fooled malicious hackers - and raised alarms for at least one white-hat researcher who stumbled upon it

The Difference Between Sandboxing, Honeypots & Security Deception

Dark Reading

A deep dive into the unique requirements and ideal use cases of three important prevention and analysis technologies

Cybersecurity in 2019: From IoT & Struts to Gray Hats & Honeypots

Dark Reading

While you prepare your defenses against the next big thing, also pay attention to the longstanding threats that the industry still hasn't put to rest

Deception: Why It's Not Just Another Honeypot

Dark Reading

The technology has made huge strides in evolving from limited, static capabilities to adaptive, machine learning deception

First Bluekeep Exploit Found in the Wild

Dark Reading

Crashing honeypots alerted the researcher who found the Bluekeep vulnerability

Podcast: The Evolution of Deception Technology

Threatpost

IoT Podcasts Deception Technology honeypot Honeypots medical devices SCADADeception technology is an emerging category of cyber defense that is particularly useful when it comes to IoT devices, SCADA systems and medical devices.

New Threat Actor ‘Rocke’: A Rising Monero Cryptomining Menace

Threatpost

A threat actor been spotted on a number of honeypots looking to download and execute malicious cryptomining malware. Hacks Malware Cryptominer cryptomining Cryptomining Malware honeypot malware Monero oracle web logic server rocke shell script threat actor

Automated Bots Growing Tool For Hackers

Threatpost

Hacks RSAC Automated Bot bot hack hacker honeypot RSAThe use of automated bots is becoming more prevalent for novice attackers as tools become more available, researchers found.

Even 'Regular Cybercriminals' Are After ICS Networks

Dark Reading

A Cybereason honeypot project shows that ordinary cybercriminals are also targeting weakly secured environments

Researchers Offer 'a VirusTotal' for ICS

Dark Reading

Free online sandbox, honeypot tool simulates a real-world industrial network environment

Misleading Cyber Foes with Deception Technology

Dark Reading

Today's deception products go far beyond the traditional honeypot by catching attackers while they are chasing down non-existent targets inside your networks

ThreatList: Malware Samples Targeting IoT More Than Double in 2018

Threatpost

A honeypot set up to sniff out data on infected IoT devices found a broad array of compromised devices – from Mikrotik routers to dishwashers. IoT Malware botnet Gafgyt IoT security malware mikrotek Mirai SSH Telnet

Microsoft warns of more disruptive BlueKeep attacks and urges patch installation

Security Affairs

The popular expert Kevin Beaumont observed some of its EternalPot RDP honeypots crashing after being attacked. huh, the EternalPot RDP honeypots have all started BSOD'ing recently.

Roboto, a new P2P botnet targets Linux Webmin servers

Security Affairs

In October one of the honeypots of the company captured the bot, its downloader , and some bot modules. “Fast forwarded to October 11, 2019, our Anglerfish honeypot captured another suspicious ELF sample, and it turned out to be the Downloader of the previous suspicious ELF sample.”

Over 19,000 Orange Livebox ADSL modems leak WiFi credentials

Security Affairs

Experts at Bad Packets observed a scan targeting their honeypot, further investigation allowed them to discover that they were leaking the local network access details.

First Cyber Attack ‘Mass Exploiting’ BlueKeep RDP Flaw Spotted in the Wild

Security Affairs

Yesterday, the popular expert Kevin Beaumont observed some of its EternalPot RDP honeypots crashing after being attacked. huh, the EternalPot RDP honeypots have all started BSOD'ing recently.

Hackers target MySQL databases to deliver the GandCrab ransomware

Security Affairs

The experts discovered the attacks because they hit one of the company’s honeypots that emulates MySQL listening on the default TCP port 3306. The GandCrab sample that targeted the honeypot was downloaded more than 500 times.

Hackers exploit Jenkins flaw CVE-2018-1000861 to Kerberods malware

Security Affairs

Marinho noticed some attacks hit one of his honeypots attempting to exploit this Jenkins vulnerability to deliver the Kerberods cryptominer. “After analyzing the threat which attacked one of my honeypots, I created the diagram shown in the picture below.

Australian Govt agency ACSC warns of Emotet and BlueKeep attacks

Security Affairs

The popular expert Kevin Beaumont observed some of its EternalPot RDP honeypots crashing after being attacked. huh, the EternalPot RDP honeypots have all started BSOD'ing recently.

How Cybercriminals are Targeting free Wi-Fi Users?

Security Affairs

Fake Honeypots. The fake honeypots are quite similar to the fake Wi-Fi access points, but the only difference is that the honeypot is set in a more sophisticated manner. Free Wi-Fi is convenient, but it is also unsafe and puts users at great risk.

Evolution of threat landscape for IoT devices – H1 2018

Security Affairs

The researchers set up a honeypot to collect data on infected IoT devices, the way threat actors infect IoT devices and what families of malware are involved. Security experts from Kaspersky have published an interesting report on the new trends in the IoT threat landscape.

IoT 106

Past, present, and future of the Dark Web

Security Affairs

Honeypots. The dark web is full of honeypots. It is also impossible to determine the diffusion of honeypots. Or is the Dark Web itself a honeypot for criminals, anarchists, terrorists and. Which is the difference between the Deep Web and Dark Web?

Experts found first Mirai bot targeting Linux servers via Hadoop YARN flaw

Security Affairs

Netscout observed tens of thousands of exploit attempts daily targeting it honeypots, in November attackers attempted to deliver some 225 unique malicious payloads exploiting the Hadoop YARN vulnerability. “ASERT has been monitoring exploit attempts for the Hadoop YARN vulnerability in our honeypot network and found a familiar, but surprising payload – Mirai.

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers

Security Affairs

The researchers revealed that one of his honeypots was hit by this IoT malware that targets Intel machines running Linux. Akamai researcher Larry Cashdollar reported that a cryptocurrency miner that previously hit only Arm-powered IoT devices it now targeting Intel systems.

IoT 113

Bad Packets warns of over 14,500 Pulse secure VPN endpoints vulnerable to CVE-2019-11510

Security Affairs

The scanning activity detected by the honeypots of BadPackets was originated from a host in Spain, threat actors aim at gaining access into the private VPN network. ??????????????

Episode 152: What the Silex Malware says about IoT Insecurity and Cloud Security CEO Steve Mullaney on Amazon ReInforce

The Security Ledger

When Akamai researcher Larry Cashdollar checked the contents of a honeypot operates from his home network on a recent morning, he was surprised by what he saw.

Weekly podcast: ICS attacks, Reddit and SIM swap arrests

IT Governance

Cybereason’s researchers recently set up a honeypot environment with a network architecture that replicated that of “typical power substation” and waited.

New Linux coin miner kills competing malware to maximize profits

Security Affairs

The experts detected a coinminer script on one of their honeypots and, the malicious code shares some parts with the Xbash malware and the KORKERDS cryptocurrency miner that leverages rootkit to avoid detection.

Ngrok Mining Botnet

Security Affairs

In my previous post I discussed the initial prototyping of a Docker Honeypot / Sandbox called Whaler. There’s a clear correlation between the honeypot first appearing on Shodan and an immediate wave of attacks.

Mining 113

Multiple threat actors are targeting Elasticsearch Clusters

Security Affairs

“Through ongoing analysis of honeypot traffic, Talos detected an increase in attacks targeting unsecured Elasticsearch clusters. “Based on patterns in the payloads and exploit chains, Talos assesses with moderate confidence that six distinct actors are exploiting our honeypots.” Security researchers at Cisco Talos are warning of a spike in attacks on unsecured Elasticsearch clusters to drop cryptocurrency miners.

Information Disclosure flaw allows attackers to find Huawei routers with default credentials

Security Affairs

The attacker does not need to attempt a failed login anymore, or encounter a generic honeypot which doesn’t have this flag. Some models of Huawei routers are affected by a flaw that could be exploited by attackers to determine whether the devices have default credentials or not.

Hacking the hackers – IOT botnet author adds his own backdoor on top of a ZTE router backdoor

Security Affairs

The code by Scarface targets devices on a different port, 8083 though( justifying why our NewSky honeypots are seeing a surge of this vulnerability usage on port 8083 instead of the standard 80/8080 ports).

IoT 114

Shellbot Botnet Targets IoT devices and Linux servers

Security Affairs

The experts used the credentials from one of the commands injected into the honeypots, they noticed the files’ contents often changed on the server and modification, deletion and addition of files mostly happened during daytime in Central European Time/CET.

IoT 114

Challenges faced while training an AI to combat abuse

Elie

Collecting ground truth with honeypots : Honeypots. The main difficulty with honeypots is to make sure that the collected data is representative of the set of the attacks experienced by production systems.

Chalubo, a new IoT botnet emerges in the threat landscape

Security Affairs

These types of simple attacks on our honeypots are quite common, but what made this stand out was the libsdes sample.”

IoT 106