Saturday, December 9, 2023

MadPot: AWS Honeypot to Disrupt Threat Actors

In the realm of cybersecurity, the battle against threat actors never stops. With its vast cloud infrastructure, Amazon Web Services (AWS) is at the forefront of this ongoing struggle. 

AWS employs a global network of sensors and advanced disruption tools daily to detect and thwart hundreds of cyberattacks. 

These relentless efforts remain largely unseen but play a pivotal role in safeguarding AWS’s network, infrastructure, and customers. 

Beyond protecting its own ecosystem, AWS collaborates with responsible providers to combat threat actors operating within their infrastructure, contributing to a safer internet as a whole.


Deploy Advanced AI-Powered Email Security Solution

Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware

Global-Scale Threat Intelligence with AWS Cloud:

AWS boasts the largest public network footprint of any cloud provider, granting it unparalleled real-time insight into internet activities. 

Leveraging this scale, AWS Principal Security Engineer Nima Sharifi Mehr pioneered innovative approaches to gather threat intelligence. 

The result was MadPot, an internal suite of tools designed for two primary purposes: detecting and monitoring threats and disrupting harmful activities when possible. 

MadPot has evolved into a sophisticated system of monitoring sensors and automated response capabilities.

MadPot: Mimicking Real Systems at Scale:

MadPot, resembling honeypots, deceives threat actors by appearing as a vast array of plausible innocent targets. 

This approach attracts threat actors, whose behavior is then observed and acted upon. 

MadPot sensors monitor over 100 million potential threat interactions daily, with around 500,000 classified as malicious. 

This wealth of threat intelligence is analyzed to provide actionable insights about potential harmful activity across the internet. 

Automated responses protect AWS’s network from identified threats, and relevant information is shared with companies whose infrastructure is used for malicious activities.

Swift Action and Disruption:

Internet probes detect it within approximately 90 seconds of deploying a new MadPot sensor. In just three minutes on average, attempts to penetrate and exploit it occur. 

MadPot then analyzes telemetry, code, network connections, and other threat actor behavior data points. 

High-confidence findings trigger disruptive actions, such as disconnecting threat actors from AWS networks. 

Additionally, threat data is shared with customers through Amazon GuardDuty, allowing their own tooling and automation to respond effectively.

Collaborating with the Security Community:

AWS actively collaborates with the security community, sharing threat intelligence findings. In the first quarter of 2023 alone:

– 5.5 billion signals from internet threat sensors and 1.5 billion signals from active network probes were used in anti-botnet security efforts.

– Over 1.3 million outbound botnet-driven DDoS attacks were stopped.

– Security intelligence findings were shared with hosting providers and domain registrars, including nearly a thousand botnet Command and Control (C2) hosts.

– 230,000 Layer 7/HTTP(S) DDoS attacks were traced back and disrupted.

Effectiveness in Action: Botnets, Sandworm, and Volt Typhoon:

MadPot has proven its effectiveness in identifying and mitigating threats across various infrastructure types. It has successfully disrupted DDoS botnets, aided in identifying and mitigating the Sandworm threat group, and contributed to dismantling state-sponsored threat actor Volt Typhoon.

The relentless efforts of AWS’s MadPot system demonstrate its commitment to securing the cloud and making the internet a safer place for all.

Protect yourself from vulnerabilities using Patch Manager Plus to quickly patch over 850 third-party applications. Take advantage of the free trial to ensure 100% security.


Latest articles

WordPress POP Chain Flaw Exposes Over 800M+ Websites to Attack

A critical remote code execution vulnerability has been patched as part of the Wordpress...

Russian Star Blizzard New Evasion Techniques to Hijack Email Accounts

Hackers target email accounts because they contain valuable personal and financial information. Successful email...

Exploitation Methods Used by PlugX Malware Revealed by Splunk Research

PlugX malware is sophisticated in evasion, as it uses the following techniques to avoid...

TA422 Hackers Attack Organizations Using Outlook & WinRAR Vulnerabilities

Hackers exploit Outlook and WinRAR vulnerabilities because these widely used software programs are lucrative...

Bluetooth keystroke-injection Flaw: A Threat to Apple, Linux & Android Devices

An unauthenticated Bluetooth keystroke-injection vulnerability that affects Android, macOS, and iOS devices has been...

Atlassian Patches RCE Flaw that Affected Multiple Products

Atlassian has been discovered with four new vulnerabilities associated with Remote Code Execution in...

Reflectiz Introduces AI-powered Insights on Top of Its Smart Alerting System

Reflectiz, a cybersecurity company specializing in continuous web threat management, proudly introduces a new...

Endpoint Strategies for 2024 and beyond

Converge and Defend

What's the pulse of Unified Endpoint Management and Security (UEMS) in Europe? Join us live to uncover the strategies that are defining endpoint security in the region.

Related Articles