Security News

Attackers typically find exposed "Secrets" - pieces of sensitive information that allow access to an enterprise cloud environment - in as little as two minutes and, in many cases, begin exploiting them almost instantly, highlighting the urgent need for comprehensive cloud security, according to Orca Security. Orca's research was conducted between January and May 2023, beginning with the creation of "Honeypots" on nine different cloud environments that simulated misconfigured resources in the cloud to entice attackers.

Hackers swarm to RDP. An experiment using high-interaction honeypots with an RDP connection accessible from the public web shows how relentless attackers are and that they operate within a daily schedule very much like working office hours. The attack count for the entire year reached 13 million login attempts.

Game developer Valve has announced that it permanently banned more than 40,000 accounts for using cheating software to gain an unfair advantage over other players in the Dota 2 game. The cheat gave players access to internal client app information that is not visible during normal gameplay, thus obtaining a competitive advantage.

CryPLH is a low-interactive and virtual Smart-Grid ICS honeypot simulating Siemens Simatic 300 PLC devices. With the development of cybersecurity technology, deception has been applied in various circumstances like the web, databases, mobile apps, and IoT. Deception technology has been embodied in some ICS honeypot applications in the OT field.

Over several weeks in October of 2022, Specops collected 4.6 million attempted passwords on their honeypot system. Though the examples given here focused on RDP connections, a honeypot is not limited to that type of connection, and any remote access system is subject to attacks, like SSH. What should an organization do to minimize the potential damage?

A three-year-long honeypot experiment featuring simulated low-interaction IoT devices of various types and locations gives a clear idea of why actors target specific devices. IoT devices are a booming market that includes small internet-connected devices such as cameras, lights, doorbells, smart TVs, motion sensors, speakers, thermostats, and many more.

A new botnet is hunting down and transforming infected routers, DVRs, and UPnP network devices into honeypots that help it find other targets to infect. Once it takes over a device, it prevents other malware from re-infecting its bots with the help of a whitelist that only allows already running system processes, blocking all attempts to run new commands.

NCSU researchers said they ran 66,606 telephone lines between March 2019 and January 2020, during which time they said to have received 1,481,201 unsolicited calls - even if they never made their phone numbers public via any source. The research team said they usually received an unsolicited call every 8.42 days, but most of the robocall traffic came in sudden surges they called "Storms" that happened at regular intervals, suggesting that robocallers operated using a tactic of short-burst and well-organized campaigns.

Web traffic to the servers of the notorious Dutch-German Cyberbunker hosting biz was filled with all kinds of badness, including apparent botnet command-and-control and denial-of-service traffic, says SANS Institute. Cyberbunker, aka CB3ROB, was raided last September by 600 German police gunmen who forced entry to the outfit's Traben-Trarbach HQ. Following the raid, infosec biz SANS was able to set up a honeypot on former Cyberbunker IPs to analyse traffic passing through them - and the results shed light on just what kind of dubious traffic was passing through the servers.

A honeypot created by Cybereason to lure cybercriminals and analyze their methods showed that ransomware attacks infiltrate their victims in multiple stages. Using a honeypot, researchers at security firm Cybereason were able to attract multiple criminals using ransomware and follow each stage of an attack.