RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2
2020/06/25 10:19:40

Honeypot (hacker traps)

Content

2020: Hanipot attacks reveal 4 0Day vulnerabilities in industrial systems

On June 21, 2020, it became known that scientists from Cambridge University and the IB company Industrial Defenica conducted an experiment to study the threats to which industrial control systems used to control equipment in various areas are potentially vulnerable - from chemical processes to energy generation and building automation systems.

For communication, many industrial management systems use both old communication protocols and IP networks, including the Internet, which poses security risks. In addition, vulnerabilities in such systems often remain uncorrected, and only some industrial protocols use authorization or encryption.

As part of the study, experts deployed a network of 120 so-called hanipots - traps disguised as programmable logic controllers and remote terminals, in 22 countries of the world. Over the 13 months of the experiment, researchers recorded 80 thousand attacks on hanipots and 9 attempts to operate industrial protocols, including 4 attempts to use previously unknown vulnerabilities. One of these attacks used a previously published PoC exploit. Researchers gave all information about exploited vulnerabilities to device manufacturers.

Most often, specialists recorded DoS attacks and command-replay attacks. As explained by one of the authors of the experiment, Michael Dodson, in the real situation, a DoS attack could completely disable the target device or disrupt the ability to communicate over the network. [1]

2019: Rostelecom will place decoys for hackers to collect data on new cyber attacks

On December 4, 2019, it became known that Rostelecom invited telecom operators to place decoys (the so-called hanipots - from English honeypot) for hackers to collect data on new cyber attacks. This is  a special software that simulates the operation of a vulnerable device or server.

Having discovered the bait, the attackers are likely to try to penetrate the company's network through it. The program records all the actions of hackers on the server, then they are analyzed by cybersecurity specialists, writes RBC.

Rostelecom will create hanipots to capture hackers

Rostelecom specialists also propose to establish an exchange of information about cyber attacks between telecom operators. So the security teams will have up-to-date information about new cyber warfare metoles.

How much such a system costs is not disclosed. The state will not finance their installation, the operators themselves will do this.

Telecom market participants generally supported the idea of ​ ​ Rostelecom. Experts in the field of information security call telecom operators one of the most interested users of trap servers. At the same time, such software can itself pose a danger to telecom operators, although with the correct configuration, the risk can be leveled, warned Kaspersky Lab.

According to the antivirus company, hanipots record about 20 thousand attacks every 15 minutes, while most often servers are attacked from China (30%), Brazil (19%), Egypt (12%), Russia (11%) and the United States (8%).

Rostelecom presented its concept of creating an early warning system for computer attacks on the telecommunications infrastructure of Russia at a meeting of the working group on the Information Security direction of the national Digital Economy program. The working group "generally approved the idea," Rostelecom said[2]

Notes