, , , , , , , ,

Researchers watched 100 hours of hackers hacking honeypot computers

Imagine being able to sit behind a hacker and observe them take control of a computer and play around with it.

That’s pretty much what two security researchers did thanks to a large network of computers set up as a honeypot for hackers.

The researchers deployed several Windows servers deliberately exposed on the internet, set up with Remote Desktop Protocol, or RDP, meaning that hackers could remotely control the compromised servers as if they were regular users, being able to type and click around.

Thanks to these honeypots, the researchers were able to record 190 million events and 100 hours of video footage of hackers taking control of the servers and performing a series of actions on them, including reconnaissance, installing malware that mines cryptocurrencies, using Android emulators to conduct click fraud, brute-forcing passwords for other computers, hiding the hackers’ identities by using the honeypot as a starting point for another attack, and even watching porn. The researchers said a hacker successfully logging into its honeypot can generate “tens of events” alone.

“It’s basically like a surveillance camera for RDP system because we see everything,” Andréanne Bergeron, who has a Ph.D. in criminology from the University of Montreal, told TechCrunch.

Bergeron, who also works for cybersecurity firm GoSecure, worked with her colleague Olivier Bilodeau on this research. The two presented their findings on Wednesday at the Black Hat cybersecurity conference in Las Vegas.

The two researchers classified the type of hackers based on Dungeons and Dragons character types.

The “Rangers,” according to the two, carefully explored the hacked computers, doing reconnaissance, sometimes changing passwords, and mostly leaving it at that. “Our hypothesis is that they are evaluating the system they compromised so that another profile of attacker can come back later,” the researchers wrote in a blog post published on Wednesday to accompany their talk.

The “Barbarians” use the compromised honeypot computers to try and bruteforce into other computers using known lists of hacked usernames and passwords, sometimes using tools such as Masscan, a legitimate tool that allows users to port-scan the whole internet, according to the researchers.

The “Wizards” use the honeypot as a platform to connect to other computers in an attempt to hide their trails and the actual origin of their attacks. According to what Bergeron and Bilodeau wrote in their blog post, defensive teams can gather threat intelligence on these hackers, and “reach deeper into compromised infrastructure.”

According to Bergeron and Bilodeau, the “Thieves” have the clear goal of monetizing their access to these honeypots. They may do that by installing crypto miners, programs to perform click fraud or generate fake traffic to websites they control, and selling access to the honeypot itself to other hackers.

Finally, the “Bards” are hackers with very little or almost no skills. These hackers used the honeypots to use Google to search for malware, and even watch porn. These hackers sometimes used cell phones instead of desktop or laptop computers to connect to the honeypots. Bergeron and Bilodeau said they believe this type of hacker sometimes uses the compromised computers to download porn, something that may be banned or censored in their country of origin.

In one case, a hacker “was downloading the porn and sending it to himself via Telegram. So basically circumventing a country-level ban on porn,” Bilodeau told TechCrunch. “What I think [the hacker] does with this then is download it in an internet cafe, using Telegram, and then he can put it on USB keys, and he can sell it.”

Bergeron and Bilodeau concluded that being able to observe hackers interact with this type of honeypots could be very useful not just for researchers like them, but also law enforcement or cybersecurity defensive teams — also known as blue teams.

“Law enforcement could lawfully intercept the RDP environments used by ransomware groups and collect intelligence in recorded sessions for use in investigations,” the researchers wrote in the blog post. “Blue teams for their part can consume the [Indicators of Compromise] and roll out their own traps in order to further protect their organization, as this will give them extensive documentation of opportunistic attackers’ tradecraft.”

Moreover, if hackers start to suspect that the servers they compromise may be honeypots, they will have to change strategies and decide whether the risks of being caught are worth it, “leading to a slow down which will ultimately benefit everyone,” according to the researchers.

Read more on TechCrunch:

https://techcrunch.com/2023/08/09/researchers-watched-100-hours-of-hackers-hacking-honeypot-computers/


November 2024
M T W T F S S
 123
45678910
11121314151617
18192021222324
252627282930  

About Us

Welcome to encircle News! We are a cutting-edge technology news company that is dedicated to bringing you the latest and greatest in everything tech. From automobiles to drones, software to hardware, we’ve got you covered.

At encircle News, we believe that technology is more than just a tool, it’s a way of life. And we’re here to help you stay on top of all the latest trends and developments in this ever-evolving field. We know that technology is constantly changing, and that can be overwhelming, but we’re here to make it easy for you to keep up.

We’re a team of tech enthusiasts who are passionate about everything tech and love to share our knowledge with others. We believe that technology should be accessible to everyone, and we’re here to make sure it is. Our mission is to provide you with fun, engaging, and informative content that helps you to understand and embrace the latest technologies.

From the newest cars on the road to the latest drones taking to the skies, we’ve got you covered. We also dive deep into the world of software and hardware, bringing you the latest updates on everything from operating systems to processors.

So whether you’re a tech enthusiast, a business professional, or just someone who wants to stay up-to-date on the latest advancements in technology, encircle News is the place for you. Join us on this exciting journey and be a part of shaping the future.

Podcasts

TWiT 1006: Underwater Alien Civilizations – Bluesky Growth, Tyson Vs. Paul, AI Granny This Week in Tech (Audio)

How Bluesky, Alternative to X and Facebook, Is Handling Explosive Growth Netflix's Live Mike Tyson Vs. Jake Paul Fight Battling Sound & Streaming Glitches In Lead-Up To Main Event Biden Asked Microsoft to "Raise the Bar on Cybersecurity." He May Have Helped Create an Illegal Monopoly. CFPB looks to place Google under federal supervision, setting up clash Apple's Tim Cook Has Ways to Cope With the Looming Trump Tariffs Apple Removes Another RFE/RL App At Request Of Russian Regulator Here's Why I Decided To Buy 'InfoWars' Elon Musk's X Corp. files notice in Alex Jones' Infowars bankruptcy case Spotify's Plans For AI Generated Music, Podcasts, and Recommendations, According To Its Co-President, CTO, and CPO Gustav Söderström This 'AI Granny' Bores Scammers to Tears Congress ponders underwater alien civilizations, human hybrids, and other unexplained stuff In Memoriam: Thomas E. Kurtz, 1928–2024 Host: Leo Laporte Guests: Alex Kantrowitz, Daniel Rubino, and Iain Thomson Download or subscribe to This Week in Tech at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
  1. TWiT 1006: Underwater Alien Civilizations – Bluesky Growth, Tyson Vs. Paul, AI Granny
  2. TWiT 1005: $125,000 in Baguettes – iPod Turns 23, The $1.1M AI Painting, Roblox
  3. TWiT 1004: Embrace Uncertainty – Political Texts, Daylight Saving Time, Digital Ad Market
  4. TWiT 1003: CrabStrike – Delta Sues Crowdstrike, Hospital AI, Surge Pricing
  5. TWiT 1002: Maximum Iceland Scenario – Data Caps, 3rd Party Android Stores, Nuclear Amazon