The Difference Between Sandboxing, Honeypots & Security Deception

Dark Reading

A deep dive into the unique requirements and ideal use cases of three important prevention and analysis technologies

Cybersecurity in 2019: From IoT & Struts to Gray Hats & Honeypots

Dark Reading

While you prepare your defenses against the next big thing, also pay attention to the longstanding threats that the industry still hasn't put to rest

Deception: Why It's Not Just Another Honeypot

Dark Reading

The technology has made huge strides in evolving from limited, static capabilities to adaptive, machine learning deception

Free Tool: Honey Feed

Security Affairs

Cybersecurity expert Marco Ramilli shared another tool of his arsenal that extracts suspicious IPs from undesired connections, his HoneyPots. In other words: HoneyPots. If you like having fresh HoneyPot feeds in your OSINT collection, please feel free to download them directly HERE.

Podcast: The Evolution of Deception Technology

Threatpost

IoT Podcasts Deception Technology honeypot Honeypots medical devices SCADADeception technology is an emerging category of cyber defense that is particularly useful when it comes to IoT devices, SCADA systems and medical devices.

New Threat Actor ‘Rocke’: A Rising Monero Cryptomining Menace

Threatpost

A threat actor been spotted on a number of honeypots looking to download and execute malicious cryptomining malware. Hacks Malware Cryptominer cryptomining Cryptomining Malware honeypot malware Monero oracle web logic server rocke shell script threat actor

First Bluekeep Exploit Found in the Wild

Dark Reading

Crashing honeypots alerted the researcher who found the Bluekeep vulnerability

Even 'Regular Cybercriminals' Are After ICS Networks

Dark Reading

A Cybereason honeypot project shows that ordinary cybercriminals are also targeting weakly secured environments

Researchers Offer 'a VirusTotal' for ICS

Dark Reading

Free online sandbox, honeypot tool simulates a real-world industrial network environment

ThreatList: Malware Samples Targeting IoT More Than Double in 2018

Threatpost

A honeypot set up to sniff out data on infected IoT devices found a broad array of compromised devices – from Mikrotik routers to dishwashers. IoT Malware botnet Gafgyt IoT security malware mikrotek Mirai SSH Telnet

Misleading Cyber Foes with Deception Technology

Dark Reading

Today's deception products go far beyond the traditional honeypot by catching attackers while they are chasing down non-existent targets inside your networks

Microsoft warns of more disruptive BlueKeep attacks and urges patch installation

Security Affairs

The popular expert Kevin Beaumont observed some of its EternalPot RDP honeypots crashing after being attacked. huh, the EternalPot RDP honeypots have all started BSOD'ing recently.

Over 19,000 Orange Livebox ADSL modems leak WiFi credentials

Security Affairs

Experts at Bad Packets observed a scan targeting their honeypot, further investigation allowed them to discover that they were leaking the local network access details.

Hackers exploit Jenkins flaw CVE-2018-1000861 to Kerberods malware

Security Affairs

Marinho noticed some attacks hit one of his honeypots attempting to exploit this Jenkins vulnerability to deliver the Kerberods cryptominer. “After analyzing the threat which attacked one of my honeypots, I created the diagram shown in the picture below.

Hackers target MySQL databases to deliver the GandCrab ransomware

Security Affairs

The experts discovered the attacks because they hit one of the company’s honeypots that emulates MySQL listening on the default TCP port 3306. The GandCrab sample that targeted the honeypot was downloaded more than 500 times.

Australian Govt agency ACSC warns of Emotet and BlueKeep attacks

Security Affairs

The popular expert Kevin Beaumont observed some of its EternalPot RDP honeypots crashing after being attacked. huh, the EternalPot RDP honeypots have all started BSOD'ing recently.

How Cybercriminals are Targeting free Wi-Fi Users?

Security Affairs

Fake Honeypots. The fake honeypots are quite similar to the fake Wi-Fi access points, but the only difference is that the honeypot is set in a more sophisticated manner. Free Wi-Fi is convenient, but it is also unsafe and puts users at great risk.

Evolution of threat landscape for IoT devices – H1 2018

Security Affairs

The researchers set up a honeypot to collect data on infected IoT devices, the way threat actors infect IoT devices and what families of malware are involved. Security experts from Kaspersky have published an interesting report on the new trends in the IoT threat landscape.

IoT 109

First Cyber Attack ‘Mass Exploiting’ BlueKeep RDP Flaw Spotted in the Wild

Security Affairs

Yesterday, the popular expert Kevin Beaumont observed some of its EternalPot RDP honeypots crashing after being attacked. huh, the EternalPot RDP honeypots have all started BSOD'ing recently.

Past, present, and future of the Dark Web

Security Affairs

Honeypots. The dark web is full of honeypots. It is also impossible to determine the diffusion of honeypots. Or is the Dark Web itself a honeypot for criminals, anarchists, terrorists and. Which is the difference between the Deep Web and Dark Web?

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers

Security Affairs

The researchers revealed that one of his honeypots was hit by this IoT malware that targets Intel machines running Linux. Akamai researcher Larry Cashdollar reported that a cryptocurrency miner that previously hit only Arm-powered IoT devices it now targeting Intel systems.

IoT 113

Experts found first Mirai bot targeting Linux servers via Hadoop YARN flaw

Security Affairs

Netscout observed tens of thousands of exploit attempts daily targeting it honeypots, in November attackers attempted to deliver some 225 unique malicious payloads exploiting the Hadoop YARN vulnerability. “ASERT has been monitoring exploit attempts for the Hadoop YARN vulnerability in our honeypot network and found a familiar, but surprising payload – Mirai.

Bad Packets warns of over 14,500 Pulse secure VPN endpoints vulnerable to CVE-2019-11510

Security Affairs

The scanning activity detected by the honeypots of BadPackets was originated from a host in Spain, threat actors aim at gaining access into the private VPN network. ??????????????

Episode 152: What the Silex Malware says about IoT Insecurity and Cloud Security CEO Steve Mullaney on Amazon ReInforce

The Security Ledger

When Akamai researcher Larry Cashdollar checked the contents of a honeypot operates from his home network on a recent morning, he was surprised by what he saw.

Weekly podcast: ICS attacks, Reddit and SIM swap arrests

IT Governance

Cybereason’s researchers recently set up a honeypot environment with a network architecture that replicated that of “typical power substation” and waited.

New Linux coin miner kills competing malware to maximize profits

Security Affairs

The experts detected a coinminer script on one of their honeypots and, the malicious code shares some parts with the Xbash malware and the KORKERDS cryptocurrency miner that leverages rootkit to avoid detection.

Multiple threat actors are targeting Elasticsearch Clusters

Security Affairs

“Through ongoing analysis of honeypot traffic, Talos detected an increase in attacks targeting unsecured Elasticsearch clusters. “Based on patterns in the payloads and exploit chains, Talos assesses with moderate confidence that six distinct actors are exploiting our honeypots.” Security researchers at Cisco Talos are warning of a spike in attacks on unsecured Elasticsearch clusters to drop cryptocurrency miners.

Information Disclosure flaw allows attackers to find Huawei routers with default credentials

Security Affairs

The attacker does not need to attempt a failed login anymore, or encounter a generic honeypot which doesn’t have this flag. Some models of Huawei routers are affected by a flaw that could be exploited by attackers to determine whether the devices have default credentials or not.

Ngrok Mining Botnet

Security Affairs

In my previous post I discussed the initial prototyping of a Docker Honeypot / Sandbox called Whaler. There’s a clear correlation between the honeypot first appearing on Shodan and an immediate wave of attacks.

Mining 114

Hacking the hackers – IOT botnet author adds his own backdoor on top of a ZTE router backdoor

Security Affairs

The code by Scarface targets devices on a different port, 8083 though( justifying why our NewSky honeypots are seeing a surge of this vulnerability usage on port 8083 instead of the standard 80/8080 ports).

IoT 114

Shellbot Botnet Targets IoT devices and Linux servers

Security Affairs

The experts used the credentials from one of the commands injected into the honeypots, they noticed the files’ contents often changed on the server and modification, deletion and addition of files mostly happened during daytime in Central European Time/CET.

IoT 114

Chalubo, a new IoT botnet emerges in the threat landscape

Security Affairs

These types of simple attacks on our honeypots are quite common, but what made this stand out was the libsdes sample.”

IoT 110

Challenges faced while training an AI to combat abuse

Elie

Collecting ground truth with honeypots : Honeypots. The main difficulty with honeypots is to make sure that the collected data is representative of the set of the attacks experienced by production systems.

Exclusive: MalwareMustDie analyzes a new IoT malware dubbed Linux/ AirDropBot

Security Affairs

But let’s go back to the beginning of the story when my very good friend @0xrb found in his honeypot this new “ Mirai like ” Linux malware, which has important differences with the Mirai implementation.

IoT 112

Cryptojacking campaign uses Shodan to scan for Docker hosts to hack

Security Affairs

The analysis of the logs and traffic data coming to and from the honeypot , revealed that the attackers used a container from a public Docker Hub repository named zoolu2.

Mining 114

Android Botnet leverages ADB ports and SSH to spread

Security Affairs

The malicious code attempt to determine if it is running in a honeypot , then it downloads the payload and changes its permission settings to allow its execution.

Mining 108

Malware Training Sets: FollowUP

Security Affairs

The popular expert Marco Ramilli provided a follow up to its Malware classification activity by adding a scripting section which would be useful for several purposes. On 2016 I was working hard to find a way to classify Malware families through artificial intelligence (machine learning).