Posted on 06/11/2020 6:31:44 PM PDT by DUMBGRUNT
Researchers set up a tempting honeypot to monitor how cyber criminals would exploit it. Then it came under attack.
Security company Cybereason built a 'honeypot' designed to look like an electricity company with operations across Europe and North America. The network was made to look authentic to entice potential attackers by including IT and operational technology environments, as well as human interface interface systems.
... it was only three days until attackers discovered the network and were finding ways to compromise it – including a ransomware campaign which infiltrated chunks of the network, as well as grabbing log-in credentials.
"Only after the other stages of the attack were completed, the attack detonated the ransomware across all compromised endpoints simultaneously. This is a common trait to multi-stage ransomware campaigns, that is intended to amplify the impact of the attack on the victim,"
(Excerpt) Read more at zdnet.com ...
I must have missed it.
It is hard to judge the significance of this. IMHO the honeypot was likely made easy to crack to gin up some business.
surprised it took three days.
Seems like a lot of work to verify what we already know. Unless they go after the attackers it’s worthless. Most of the attacks come from rogue nations such as China, so nothing gonna happen there.
This type of thing should be done to BLM/left wing sites.
This is pretty fun to do.
That's two of us. Put an unprotected Win7/Win8/Win10 machine on your home network and use the default install for all three OS' and watch how fast they get owned. It's a matter of hours.
Let's see. Fake Network simulating endpoints in different countries with remote access vulnerabilities and "researchers" did this.
This is no small honeypot. It took a lot of work to set this up. And it had to look authentic otherwise it wouldn't attract what it did.
I'd say this was a very successful honeypot if it was done by McAfee or such and they observed the next generation of these things and how they work. Very useful indeed.
Also very useful for cybersecurity as they get a peek at what the latest nasty stuff looks like.
Not entirely worthless. It is possible to gain understanding of attack specifics and improve detection of future attacks. But too your point, unless there is an effort to backtrack, not much will change.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.