Law Enforcement's Cybercrime Honeypot Maneuvers Paying Off

Data Breach Today

Closing EncroChat and Sky, Plus Careful Word-of-Mouth Management, Drove Anom Uptake The global law enforcement "Anom" honeypot operation racked up impressive statistics for the number of criminals tricked into using the encrypted communications service.

A vulnerable honeypot exposed online can be compromised in 24 hours

Security Affairs

Researchers deployed multiple instances of vulnerable systems and found that 80% of the 320 honeypots were compromised within 24 hours. Researchers from Palo Alto Networks deployed a honeypot infrastructure of 320 nodes to analyze how three actors target exposed services in public clouds.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

How to Comprehend the Buzz About Honeypots

Dark Reading

Honeypots are crucial tools for security researchers and security teams. Understanding what they are and what they can do can be critical for making them safe and useful for your organization

Fake Smart Factory Honeypot Highlights New Attack Threats

Threatpost

The honeypot demonstrates the various security concerns plaguing vulnerable industrial control systems. Critical Infrastructure IoT Malware Web Security Cryptomining Malware CrySis ransomware cyber attack hack honeypot ICS industrial control system malware Phobos ransomware

New ZHtrap botnet uses honeypot to find more victims

Security Affairs

Netlab 360 experts discovered a new Mirai-based botnet dubbed ZHtrap that implements honeypot to find more victims. Researchers from Netlab 360 discovered a new Mirai-based botnet dubbed ZHtrap that implements honeypot to find more victims.

Learning From the Honeypot: A Researcher and a Duplicitous Docker Image

Dark Reading

When Larry Cashdollar set up a honeypot in a Docker image, he found behavior that was more enlightening than he had imagined

The Difference Between Sandboxing, Honeypots & Security Deception

Dark Reading

A deep dive into the unique requirements and ideal use cases of three important prevention and analysis technologies

Deception: Why It's Not Just Another Honeypot

Dark Reading

The technology has made huge strides in evolving from limited, static capabilities to adaptive, machine learning deception

Elaborate Honeypot 'Factory' Network Hit with Ransomware, RAT, and Cryptojacking

Dark Reading

A fictitious industrial company with phony employees personas, website, and PLCs sitting on a simulated factory network fooled malicious hackers - and raised alarms for at least one white-hat researcher who stumbled upon it

Cybersecurity in 2019: From IoT & Struts to Gray Hats & Honeypots

Dark Reading

While you prepare your defenses against the next big thing, also pay attention to the longstanding threats that the industry still hasn't put to rest

Blackrota Golang Backdoor Packs Heavy Obfuscation Punch

Threatpost

Malware backdoor Blackrota docker flaw Docker Remote API EKANS ransomware ELF go language gobfuscate golang honeypot malware obfuscation reverse analysis security vulnerability Snake unauthorized access

Poorly Secured Docker Image Comes Under Rapid Attack

Threatpost

A honeypot experiment shows just how quickly cybercriminals will move to compromise vulnerable cloud infrastructure.

Encrypted Communications Network 'Anom' Was Sting Operation

Data Breach Today

FBI Developed Smartphone-Based Platform as Honeypot for Criminals Thousands of suspected criminals have been relying on the "Anom" encrypted communications platform to coordinate their efforts.

Multistage Ransomware Attacks Threaten Critical Infrastructure

Data Breach Today

Cybereason CISO Israel Barak Shares Latest Honeypot Findings Cybereason's latest honeypot-derived research reveals that threat actors are increasingly targeting critical infrastructure providers with multistage ransomware attacks.

First Bluekeep Exploit Found in the Wild

Dark Reading

Crashing honeypots alerted the researcher who found the Bluekeep vulnerability

Podcast: The Evolution of Deception Technology

Threatpost

IoT Podcasts Deception Technology honeypot Honeypots medical devices SCADADeception technology is an emerging category of cyber defense that is particularly useful when it comes to IoT devices, SCADA systems and medical devices.

Common Cloud Misconfigurations Exploited in Minutes, Report

Threatpost

Opportunistic attackers instantly exploited insecurely exposed services deployed in honeypots by Unit 42 researchers, demonstrating the immediate danger of these typical mistakes.

Free Tool: Honey Feed

Security Affairs

Cybersecurity expert Marco Ramilli shared another tool of his arsenal that extracts suspicious IPs from undesired connections, his HoneyPots. In other words: HoneyPots. I run a personal HoneyPot network which stands from years and over time it harvested numerous IP addresses which could be, potentially, malicious (typically scanners). If you like having fresh HoneyPot feeds in your OSINT collection, please feel free to download them directly HERE. HoneyPot Page.

Analysis of the FBI’s Anom Phone

Schneier on Security

Motherboard got its hands on one of those Anom phones that were really FBI honeypots. The details are interesting. Uncategorized backdoors cell phones encryption FBI law enforcement

Automated Bots Growing Tool For Hackers

Threatpost

Hacks RSAC Automated Bot bot hack hacker honeypot RSAThe use of automated bots is becoming more prevalent for novice attackers as tools become more available, researchers found.

New Threat Actor ‘Rocke’: A Rising Monero Cryptomining Menace

Threatpost

A threat actor been spotted on a number of honeypots looking to download and execute malicious cryptomining malware. Hacks Malware Cryptominer cryptomining Cryptomining Malware honeypot malware Monero oracle web logic server rocke shell script threat actor

Even 'Regular Cybercriminals' Are After ICS Networks

Dark Reading

A Cybereason honeypot project shows that ordinary cybercriminals are also targeting weakly secured environments

Researchers Offer 'a VirusTotal' for ICS

Dark Reading

Free online sandbox, honeypot tool simulates a real-world industrial network environment

Misleading Cyber Foes with Deception Technology

Dark Reading

Today's deception products go far beyond the traditional honeypot by catching attackers while they are chasing down non-existent targets inside your networks

Experts monitor ongoing attacks using exploits for Log4j library flaws

Security Affairs

Dr. Web set up one of its honeypots to analyze the impact of the Log4J vulnerabilities on systems exposed online and discovered an intense activity between December 17th-20th. Researchers from DrWeb monitored attacks leveraging exploits for vulnerabilities in the Apache Log4j library.

New Go malware Capoae uses multiple flaws to target WordPress installs, Linux systems

Security Affairs

The researchers discovered the threat after a sample of the malware targeted one Akamai honeypot. The attackers dropped a PHP malware sample through a backdoor linked to a WordPress plugin called Download-monitor, which was installed after the honeypot was accessed.

ThreatList: Malware Samples Targeting IoT More Than Double in 2018

Threatpost

A honeypot set up to sniff out data on infected IoT devices found a broad array of compromised devices – from Mikrotik routers to dishwashers. IoT Malware botnet Gafgyt IoT security malware mikrotek Mirai SSH Telnet

No, I Did Not Hack Your MS Exchange Server

Krebs on Security

The group looks for attacks on Exchange systems using a combination of active Internet scans and “honeypots” — systems left vulnerable to attack so that defenders can study what attackers are doing to the devices and how.

We infiltrated an IRC botnet. Here’s what we found

Security Affairs

To conduct this investigation, a CyberNews researcher infiltrated an IRC botnet that we captured in one of our honeypots. Our honeypot setup. In cybersecurity terms, a honeypot is a decoy service or system that poses as a target for malicious actors.

Hackers are scanning the web for vulnerable Citrix systems

Security Affairs

“As of today, my F5 honeypot is getting hit by attempts to exploit two of the Citrix vulnerabilities disclosed this week.” The list of IPs that are scanning for this vulnerability along with the requests sent to the honeypots are available in here.

Data of 106 million visitors to Thailand leaked online

Security Affairs

While the IP address of the database is still public, the database was taken offline and has been replaced with a honeypot. Security researchers discovered an unsecured database exposed online containing the personal information of millions of visitors to Thailand.

Two Linux botnets already exploit Log4Shell flaw in Log4j

Security Affairs

Researchers at NetLab 360 reported that their Anglerfish and Apacket honeypots were already hit by attacks attempting to trigger the Log4Shell flaw in the Log4j library.

Critical Oracle WebLogic flaw CVE-2020-14882 actively exploited in the wild

Security Affairs

Security researchers from SANS Technology Institute set up a collection of honeypots set up allowed the researchers to catch a series of attacks shortly after the exploit code for CVE-2020-14882 was publicly available. According to Johannes Ullrich, Dean of Research at SANS, the attacks that targeted the honeypots were originated from the following IP addresses: 114.243.211.182 – assigned to China Unicom 139.162.33.228 – assigned to Linode (U.S.A.)

Ransomware operators target CVE-2020-14882 WebLogic flaw

Security Affairs

Renato Marinho, a security researcher at Morphus Labs and SANS ISC handler reported that the WebLogic honeypots he set up were targeted by a large number of scans for CVE-2020–14882. “Starting late last week, we observed a large number of scans against our WebLogic honeypots to detect if they are vulnerable to CVE-2020–14882.” At least one ransomware operator appears to have exploited the recently patched CVE-2020-14882 vulnerability affecting Oracle WebLogic.

Warning the World of a Ticking Time Bomb

Krebs on Security

“There are researchers running honeypots to [attract] attacks from different groups, and those honeypots are getting shelled left and right,” she said.

Stealthworker botnet targets Windows and Linux servers

Security Affairs

Akamai security researcher Larry Cashdollar discovered the campaign after his honeypot was hit by the malware. “Examining the honeypot logs, I determined the attackers had installed the Alternate Lite WordPress theme on the system, and a new binary process was running as the www-user.

IPStorm botnet evolves to infect Android, Linux, and Mac devices

Security Affairs

Once a connection is established, the malware will check the presence of a honeypot by comparing the hostname of the attacked server to the string “svr04”, which is the default hostname of Cowrie SSH honeypot.

Abcbot and Xanthe botnets have the same origin, experts discovered

Security Affairs

Researchers at Talos discovered malware resembling a cryptocurrency mining bot when they were alerted to an intrusion on one of their Docker honeypots.”

Security Affairs newsletter Round 342

Security Affairs

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here.

Log4Shell was in the wild at least nine days before public disclosure

Security Affairs

A few hours ago, researchers at NetLab 360 reported that their Anglerfish and Apacket honeypots were already hit by attacks attempting to trigger the Log4Shell flaw in the Log4j library.