Law Enforcement's Cybercrime Honeypot Maneuvers Paying Off

Data Breach Today

Closing EncroChat and Sky, Plus Careful Word-of-Mouth Management, Drove Anom Uptake The global law enforcement "Anom" honeypot operation racked up impressive statistics for the number of criminals tricked into using the encrypted communications service.

A vulnerable honeypot exposed online can be compromised in 24 hours

Security Affairs

Researchers deployed multiple instances of vulnerable systems and found that 80% of the 320 honeypots were compromised within 24 hours. Researchers from Palo Alto Networks deployed a honeypot infrastructure of 320 nodes to analyze how three actors target exposed services in public clouds.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Fake Smart Factory Honeypot Highlights New Attack Threats

Threatpost

The honeypot demonstrates the various security concerns plaguing vulnerable industrial control systems. Critical Infrastructure IoT Malware Web Security Cryptomining Malware CrySis ransomware cyber attack hack honeypot ICS industrial control system malware Phobos ransomware

How to Comprehend the Buzz About Honeypots

Dark Reading

Honeypots are crucial tools for security researchers and security teams. Understanding what they are and what they can do can be critical for making them safe and useful for your organization

Robocall Results from a Telephony Honeypot

Schneier on Security

A group of researchers set up a telephony honeypot and tracked robocall behavior : NCSU researchers said they ran 66,606 telephone lines between March 2019 and January 2020, during which time they said to have received 1,481,201 unsolicited calls -- even if they never made their phone numbers public via any source.

New ZHtrap botnet uses honeypot to find more victims

Security Affairs

Netlab 360 experts discovered a new Mirai-based botnet dubbed ZHtrap that implements honeypot to find more victims. Researchers from Netlab 360 discovered a new Mirai-based botnet dubbed ZHtrap that implements honeypot to find more victims.

Learning From the Honeypot: A Researcher and a Duplicitous Docker Image

Dark Reading

When Larry Cashdollar set up a honeypot in a Docker image, he found behavior that was more enlightening than he had imagined

The Difference Between Sandboxing, Honeypots & Security Deception

Dark Reading

A deep dive into the unique requirements and ideal use cases of three important prevention and analysis technologies

Elaborate Honeypot 'Factory' Network Hit with Ransomware, RAT, and Cryptojacking

Dark Reading

A fictitious industrial company with phony employees personas, website, and PLCs sitting on a simulated factory network fooled malicious hackers - and raised alarms for at least one white-hat researcher who stumbled upon it

Deception: Why It's Not Just Another Honeypot

Dark Reading

The technology has made huge strides in evolving from limited, static capabilities to adaptive, machine learning deception

Cybersecurity in 2019: From IoT & Struts to Gray Hats & Honeypots

Dark Reading

While you prepare your defenses against the next big thing, also pay attention to the longstanding threats that the industry still hasn't put to rest

Blackrota Golang Backdoor Packs Heavy Obfuscation Punch

Threatpost

Malware backdoor Blackrota docker flaw Docker Remote API EKANS ransomware ELF go language gobfuscate golang honeypot malware obfuscation reverse analysis security vulnerability Snake unauthorized access

Poorly Secured Docker Image Comes Under Rapid Attack

Threatpost

A honeypot experiment shows just how quickly cybercriminals will move to compromise vulnerable cloud infrastructure.

Encrypted Communications Network 'Anom' Was Sting Operation

Data Breach Today

FBI Developed Smartphone-Based Platform as Honeypot for Criminals Thousands of suspected criminals have been relying on the "Anom" encrypted communications platform to coordinate their efforts.

Multistage Ransomware Attacks Threaten Critical Infrastructure

Data Breach Today

Cybereason CISO Israel Barak Shares Latest Honeypot Findings Cybereason's latest honeypot-derived research reveals that threat actors are increasingly targeting critical infrastructure providers with multistage ransomware attacks.

Pro-Ukraine Groups Exploit Containers to Launch DoS Attacks

Data Breach Today

Cybersecurity firm CrowdStrike's researchers say that through their Docker Engine honeypots, they observed two different Docker images targeting these assets

Analysis of the FBI’s Anom Phone

Schneier on Security

Motherboard got its hands on one of those Anom phones that were really FBI honeypots. The details are interesting. Uncategorized backdoors cell phones encryption FBI law enforcement

Podcast: The Evolution of Deception Technology

Threatpost

IoT Podcasts Deception Technology honeypot Honeypots medical devices SCADADeception technology is an emerging category of cyber defense that is particularly useful when it comes to IoT devices, SCADA systems and medical devices.

Free Tool: Honey Feed

Security Affairs

Cybersecurity expert Marco Ramilli shared another tool of his arsenal that extracts suspicious IPs from undesired connections, his HoneyPots. In other words: HoneyPots. I run a personal HoneyPot network which stands from years and over time it harvested numerous IP addresses which could be, potentially, malicious (typically scanners). If you like having fresh HoneyPot feeds in your OSINT collection, please feel free to download them directly HERE. HoneyPot Page.

First Bluekeep Exploit Found in the Wild

Dark Reading

Crashing honeypots alerted the researcher who found the Bluekeep vulnerability

Common Cloud Misconfigurations Exploited in Minutes, Report

Threatpost

Opportunistic attackers instantly exploited insecurely exposed services deployed in honeypots by Unit 42 researchers, demonstrating the immediate danger of these typical mistakes.

Automated Bots Growing Tool For Hackers

Threatpost

Hacks RSAC Automated Bot bot hack hacker honeypot RSAThe use of automated bots is becoming more prevalent for novice attackers as tools become more available, researchers found.

New Threat Actor ‘Rocke’: A Rising Monero Cryptomining Menace

Threatpost

A threat actor been spotted on a number of honeypots looking to download and execute malicious cryptomining malware. Hacks Malware Cryptominer cryptomining Cryptomining Malware honeypot malware Monero oracle web logic server rocke shell script threat actor

Researchers Offer 'a VirusTotal' for ICS

Dark Reading

Free online sandbox, honeypot tool simulates a real-world industrial network environment

Even 'Regular Cybercriminals' Are After ICS Networks

Dark Reading

A Cybereason honeypot project shows that ordinary cybercriminals are also targeting weakly secured environments

Misleading Cyber Foes with Deception Technology

Dark Reading

Today's deception products go far beyond the traditional honeypot by catching attackers while they are chasing down non-existent targets inside your networks

Experts monitor ongoing attacks using exploits for Log4j library flaws

Security Affairs

Dr. Web set up one of its honeypots to analyze the impact of the Log4J vulnerabilities on systems exposed online and discovered an intense activity between December 17th-20th. Researchers from DrWeb monitored attacks leveraging exploits for vulnerabilities in the Apache Log4j library.

Pro-Ukraine attackers compromise Docker images to launch DDoS attacks on Russian sites

Security Affairs

The attacks were monitored by cybersecurity firm CrowdStrike, who discovered that the Docker Engine honeypots deployed between February 27 and March 1 were compromised and used in the DDoS attacks.

ThreatList: Malware Samples Targeting IoT More Than Double in 2018

Threatpost

A honeypot set up to sniff out data on infected IoT devices found a broad array of compromised devices – from Mikrotik routers to dishwashers. IoT Malware botnet Gafgyt IoT security malware mikrotek Mirai SSH Telnet

Vulnerable Docker Installations Are A Playhouse for Malware Attacks

Security Affairs

Uptycs researchers identified ongoing malicious campaigns through our Docker honeypot targeting exposed Docker API. The Uptycs Threat Research team has identified ongoing malicious campaigns through our Docker honeypot targeting exposed Docker API port 2375.

No, I Did Not Hack Your MS Exchange Server

Krebs on Security

The group looks for attacks on Exchange systems using a combination of active Internet scans and “honeypots” — systems left vulnerable to attack so that defenders can study what attackers are doing to the devices and how.

New Go malware Capoae uses multiple flaws to target WordPress installs, Linux systems

Security Affairs

The researchers discovered the threat after a sample of the malware targeted one Akamai honeypot. The attackers dropped a PHP malware sample through a backdoor linked to a WordPress plugin called Download-monitor, which was installed after the honeypot was accessed.

We infiltrated an IRC botnet. Here’s what we found

Security Affairs

To conduct this investigation, a CyberNews researcher infiltrated an IRC botnet that we captured in one of our honeypots. Our honeypot setup. In cybersecurity terms, a honeypot is a decoy service or system that poses as a target for malicious actors.

Hackers are scanning the web for vulnerable Citrix systems

Security Affairs

“As of today, my F5 honeypot is getting hit by attempts to exploit two of the Citrix vulnerabilities disclosed this week.” The list of IPs that are scanning for this vulnerability along with the requests sent to the honeypots are available in here.

Warning the World of a Ticking Time Bomb

Krebs on Security

“There are researchers running honeypots to [attract] attacks from different groups, and those honeypots are getting shelled left and right,” she said.

Hiding Devices Using Port Knocking or Single-Packet Authorization (SPA)

eSecurity Planet

For example, in addition to implementing SPA on a sheriff department’s evidence server, we can add a honeypot named “evidence server.”. The typical attack scan will miss the hidden server and lead to a focus on the honeypot.

Data of 106 million visitors to Thailand leaked online

Security Affairs

While the IP address of the database is still public, the database was taken offline and has been replaced with a honeypot. Security researchers discovered an unsecured database exposed online containing the personal information of millions of visitors to Thailand.

B1txor20 Linux botnet use DNS Tunnel and Log4J exploit

Security Affairs

The malware was first spotted on February 9, 2022, when 360Netlab’s honeypot system captured an unknown ELF file that was spreading by exploiting the Log4J vulnerability. Researchers uncovered a new Linux botnet, tracked as B1txor20, that exploits the Log4J vulnerability and DNS tunnel.

Stealthworker botnet targets Windows and Linux servers

Security Affairs

Akamai security researcher Larry Cashdollar discovered the campaign after his honeypot was hit by the malware. “Examining the honeypot logs, I determined the attackers had installed the Alternate Lite WordPress theme on the system, and a new binary process was running as the www-user.

Ransomware operators target CVE-2020-14882 WebLogic flaw

Security Affairs

Renato Marinho, a security researcher at Morphus Labs and SANS ISC handler reported that the WebLogic honeypots he set up were targeted by a large number of scans for CVE-2020–14882. “Starting late last week, we observed a large number of scans against our WebLogic honeypots to detect if they are vulnerable to CVE-2020–14882.” At least one ransomware operator appears to have exploited the recently patched CVE-2020-14882 vulnerability affecting Oracle WebLogic.