Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Catching the hackers in the act
#1
About 71 minutes after the servers were set up online they were visited by automated attack tools that scanned them for weaknesses they could exploit, found security firm Cybereason.
Once the machines had been found by the bots, they were subjected to a "constant" assault by the attack tools.
Thin skin
The servers were accessible online for about 170 hours to form a cyber-attack sampling tool known as a honeypot, said Israel Barak, chief information security officer at Cybereason. The servers were given real, public IP addresses and other identifying information that announced their presence online.
"We set out to map the automatic attack activity," said Mr Barak.
To make them even more realistic, he said, each one was also configured to superficially resemble a legitimate server. Each one could accept requests for webpages, file transfers and secure networking.
"They had no more depth than that," he said, meaning the servers were not capable of doing anything more than providing a very basic response to a query about these basic net services and protocols.
"There was no assumption that anyone was going to go in and probe it and even if they did, there's nothing there for them to find," he said.
The servers' limited responses did not deter the automated attack tools, or bots, that many cyber-thieves use to find potential targets, he said. A wide variety of attack bots probed the servers seeking weaknesses that could be exploited had they been full-blown, production machines.
Many of the code vulnerabilities and other loopholes they looked for had been known about for months or years, he said. However, added Mr Barak, many organisations struggled to keep servers up-to-date with the patches that would thwart these bots potentially giving attackers a way to get at the server.



Gmail Support Number
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)