Category: Honeypots

IoT Exploits: Around The World In 120 Days

Executive Summary Internet of Things (IoT) botnets commonly propagate by exploiting vulnerabilities in IoT devices. Telemetry from our IoT honeypots show the number of exploit attempts originating from bots continues to increase. The vulnerabilities they leverage are old, but clearly not obsolete. The most common […]

Read more

CoAP Attacks In The Wild

Executive Summary Attackers have recently begun launching CoAP reflection/amplification DDoS attacks, a protocol primarily used today by mobile phones in China, but expected to grow with the explosion of Internet of Things (IoT) devices. As with any reflection/amplification attack, attackers begin by scanning for abusable […]

Read more

Mirai: Not Just For IoT Anymore

Executive Summary Botmasters have taken the lessons from developing Internet of Things (IoT) malware and shifted their focus to targeting commodity Linux servers. Like many IoT devices, unpatched Linux servers linger on the network, and are being abused at scale by attackers sending exploits to […]

Read more

Dipping Into The Honeypot

Executive Summary Brute-forcing factory default usernames and passwords remains a winning strategy for Internet of Things (IOT) botnet propagation. Botnet operators with the best list will produce the larger botnet and obtain superior firepower for launching DDoS attacks. IOT bots are indiscriminate – they will […]

Read more

Buy Buy Exploitation

We stumbled across a set of links recently via the MITRE Honeyclient, which we feed our spam URLs to. A handful of URLs that have been spammed out were triggered as malicious. Analysis shows that they are roughly the same basic injected code. WARNING — […]

Read more

AV, how cam’st thou in this pickle?

While I’ve seen and heard random spatterings about why AV isn’t effective, or analyst reports from the likes of Yankee declaring “AV is Dead”, there’s been very little qualitative or quantitative study on precisely why. Well, beyond the endless flurry of new malware families and […]

Read more