Elaborate Honeypot 'Factory' Network Hit with Ransomware, RAT, and Cryptojacking

Discussion in 'malware problems & news' started by mood, Jan 22, 2020.

  1. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    27,805
    Elaborate Honeypot 'Factory' Network Hit with Ransomware, RAT, and Cryptojacking
    January 21, 2020
    https://www.darkreading.com/threat-...nsomware-rat-and-cryptojacking/d/d-id/1336842
    CyberScoop: Researchers set up a mock factory network — and watched the criminals rush in
    Trend Micro: Fake Company, Real Threats - Logs From a Smart Factory Honeypot
    Whitepaper: "Caught in the Act: Running a Realistic Factory Honeypot to Capture Real Threats"
    (PDF - 4.79 MB): https://documents.trendmicro.com/assets/white_papers/wp-caught-in-the-act-running-a-realistic-factory-honeypot-to-capture-real-threats.pdf
     
  2. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,913
    Location:
    U.S.A.
    The part I love from the .pdf write up is how they had to shut down RDP on the honeypot due to the fact that they were attacked so frequently. It made any external network traffic almost impossible. So all these attacks noted were outside of the RDP attack scope.

    Also of note is how one attacker modified Win firewall rules to allow RDP.
     
    Last edited: Jan 22, 2020
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.