Sour news from a honeypot network
Welcome to Cyber Security Today. It’s Friday, July 7th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
 |
 |
 |
I’m away this week, so today’s podcast isn’t about hard news. It’s about a report released by Trustwave on recent detections by its network of honeypots. For those who don’t know, a honeypot is an online trap to lure threat actors. From their point of view it looks like a business with a number of applications exposed to the internet.
The most recent analysis of six months of honeypot data showed a couple of interesting things:
First, threat actors continue hoping to exploit unpatched vulnerabilities months after a security update is released. For example, F5 released a patch for its Big-IP load balancer in May, 2022. A year later, the honeypot data shows, hackers are still looking for networks that haven’t patched this device. They wouldn’t look for unpatched devices if IT administrators weren’t so slow in patching them.
Second, hackers work fast once a proof of concept for exploiting a vulnerability has been released. Six days after a proof of concept was released in February of this year for a vulnerability in Fortinet’s FortiNAC network access controller, the Trustwave honeypot detected exploitation attempts.
The continuing lesson: IT administrators have to keep on top of security patches released by their vendors, giving the patches a priority depending on their IT environment. Then test and install them as soon as possible.
Note that often threat actors try to install a web shell and from there broaden their attack. So strong identity and access control is vital. So is monitoring traffic for suspicious activity.
The third thing coming out of the honeypot data is the related need to patch and secure internet-connected devices like servers, routers and digital video cameras. Why? To make sure they aren’t used as part of a botnet. Botnets are huge networks of compromised devices that are manipulated to launch denial-of-service attacks and spread malware.
Almost 19 per cent of the total recorded web traffic the Trustwave honeypots attracted was malicious. And botnets were responsible for over 95 per cent of that malicious web traffic. So make sure your organization’s devices aren’t responsible for the spread of malware to others because they are part of a botnet.
There’s a link to the full report here.
Later today the Week in Review edition of the podcast will be available. The entire show will be about ransomware. My guest is Aaron McIntosh, co-author of the Ransomware Task Force’s Blueprint for Ransomware Defense.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.
