“HoneyPot Network Cyber Intelligence Report”
This report was produced as a result of examining attacks on the "IntelProbe Honeypot Network". The first HoneyPot studies were published by Clifford Stoll in 1990 in “The Cuckoo's Egg” This concept, which has preserved its popularity and functionality until today, is explained as traps that may attract the attention of attackers. The advantages of HoneyPot systems include the following considerations.
• It offers the ability to track and learn the attackers' actions and behavior while on the go.
• HoneyPot provides the opportunity to collect information about attack vectors, malware and exploits.
• It offers the opportunity to create and analyze profiles of attackers.
• HoneyPot offers the opportunity to keep attackers away from real systems by spending time on fake systems.
• Offers the ability to understand, predict and defend possible attacks
A lot of valuable information is obtained with HoneyPots, which are the pitfalls that offer the ability to monitor and learn the movement and behavior of the attackers while they are in action, which can attract attention. It was seen that a significant part of the attacks detected with IntelProbe Honeypot Network was carried out by botnets. It was also analyzed in attacks on the HoneyPot network system, where botnets such as MIRAI and FBOT were detected, also through attacks on the TOR network.
It was observed that the sources of attacks targeting especially the public sector match the Tor Exit Nodes. Many attacks were found to originate from the Far East.
We analyzed that, usernames and passwords used during brute force attacks, it is thought that most of the relevant are simple password policies and network devices with default configuration are targeted. All relevant data and information can be found in the findings section of the report.
You can download the HoneyPot Network Cyber Intelligence Report below.