Here’s what happens when you lay a trap for cybercriminals

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Welcome to our Community
Wanting to join the rest of our members? Feel free to sign up today.
Sign up

PCHF IT Feeds

PCHF Tech News
PCHF Bot
Jan 10, 2015
52,072
26
pchelpforum.net
To leave a database exposed online for even a brief period of time carries a significant risk for businesses, according to the findings of a recent experiment.

Cybersecurity firm Comparitech set up a honeypot, in the form of a deliberately exposed database hosted on an Elasticsearch instance, which was attacked by unauthorized parties for the first time only 8.5 hours after it was made public.

During the 11-day period in which the fake database remained exposed, hackers attempted to gain access on 175 separate occasions, averaging 18 attacks per day.

Unsecured databases


According to the Comparitech report, many hackers rely on IoT search engines such as Shodan.io or BinaryEdge to identify vulnerable databases worthy of attack.

Five days after the honeypot was first deployed, the database was indexed on Shodan, leading to the largest number of attacks in a single day (22). Within just one minute of the honeypot appearing in search listings, two distinct attacks took place.

The report was noted that a significant volume of attacks took place before the database was listed by any search engine, which Comparitech says demonstrates “how many hackers rely on their own proactive scanning tools rather than waiting on passive IoT search engines to crawl vulnerable databases.”

Of the 175 attacks incurred by the honeypot, almost all originated in the United States (89), Romania (38) and China (15). The majority of attacks attempted to gain information about the database and its settings, with hackers using the GET request method in 147 instances and the POST method in 24.

While the company's initial intention was to challenge the assumption that exposing data for a short period is unlikely to result in an attack, the experiment also served to highlight the wide range of cyberthreats businesses face.

After the research had already concluded, a ransomware bot discovered the still public honeypot and deleted the few files that remained - an attack that lasted only five seconds.

“If you want to recover your data send 0.06 TBC to [redacted address] and you must send email to [redacted address] with your IP. If you need a proof about your data just send email (sic). If you don’t do a payment all your data may be used for our purposes and/or will be leaked/sold,” read a note left behind by the malicious bot.

The security firm noted that a portion of the attackers identified as part of the study could well have been fellow security researchers (benign attackers), which are often indistinguishable from malicious actors.

SB6LXQy55l8


Continue reading...