Sunday, September 8, 2024
Homecyber securityResearchers Tricked Hackers into Reveal Their Secrets Using Honeypot

Researchers Tricked Hackers into Reveal Their Secrets Using Honeypot

Published on

In the last three years, hackers unknowingly seeking data or malware deployment have found a seemingly vulnerable virtual machine that is hosted in the U.S., which in reality, is a cleverly designed trap.

While this cleverly designed, trap has been implanted by cybersecurity researchers to trick the hackers and make them reveal their dark secrets with the help of a honeypot.

Over 2,000 hackers breached a machine, letting GoSecure experts invisibly record their actions, including:-

- Advertisement - EHA
  • Screen activity
  • Mouse clicks
  • Data grabs
  • Metadata

Trap for Hackers

Using their RDP interception tool, GoSecure gathered extensive info on attackers, shared in a groundbreaking presentation at BlackHat USA:-

  • I Watched You Roll the Die: Unparalleled RDP Monitoring Reveal Attackers’ Tradecraft

While this story includes luring, understanding, characterizing, and dealing with threat actors to shift focus to advanced threats.

Threat actors like ransomware groups, exploit Remote Desktop Protocol (RDP) actively. That’s why to examine this; experts have crafted PyRDP, an open-source interception tool with the following key capabilities:-

  • Unmatched screen
  • Track Keyboard
  • Monitor mouseclicks
  • Clipboard data collection
  • File collection
Document
FREE Webinar

API Security Fundamentals: How to Discover, Scan and Protect APIs

API Attacks Have Increased by 400% – Understand the Fundamentals of Protecting Your APIs with a Positive Security Model – Register Now for a Free Webinar

Data captured

Moreover, security researchers at GoSecure built and set up a custom-designed cloud-based honeynet trap with RDP Windows servers and then ran them for 3-years.

Within a span of 3-years, they managed to accumulate several essential data and more than 190 million events which include:- 

  • 100 hours of video footage
  • 470 files collected from threat actors
  • Over 20,000 RDP captures 

Grouping Hackers

All the data that are gathered by the security analysts are used to categorize the hackers into different specified groups based on their behavior.

Here below we have mentioned all the groupings of the hackers:-

  • Rangers: This group extensively explores folders, assesses performance, and conducts reconnaissance through clicks or scripts, likely assessing compromised systems for future attacks.

Watch them in action:-

  • Thieves: This group exploits RDP access, taking control by altering credentials and engaging in various monetization activities, including traffmonetizer, pay-to-surf browsers, crypto miners, and Android emulators for mobile fraud.
  • Barbarians: This group employs a diverse toolkit for widespread brute-force attacks, leveraging compromised systems with IP lists, usernames, and passwords.
  • Wizards: This group cleverly uses RDP access as a portal for connecting to other similarly compromised computers, enhancing their operational security. Skillfully leveraging ‘living off the land’ techniques, so, monitoring them is important for in-depth threat intel.

Watch them in action:-

  • Bards: This group lacks hacking skills and uses the system for simple tasks, possibly buying RDP access from Initial Access Brokers (IABs) who compromise it.

However, this GoSecure showcase highlights the vast potential of RDP for research, law enforcement, and defense teams. Legal interception of ransomware RDP setups aids investigations through recorded session intelligence.

Keep informed about the latest Cyber Security News by following us on GoogleNews, Linkedin, Twitter, and Facebook.

Tushar Subhra
Tushar Subhra
Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

Vulnerabilities in IBM Products Let Attackers Exploit & Launch DOS Attack

IBM has issued a security bulletin addressing critical vulnerabilities in its MQ Operator and...

BBTok Abuses Legitimate Windows Utility Command Tool to Stay Undetected

Cybercriminals in Latin America have increased their use of phishing scams targeting business transactions...

Predator Spyware Exploiting “one-click” & “zero-click” Flaws

Recent research indicates that the Predator spyware, once thought to be inactive due to...

Tropic Trooper Attacks Government Organizations to Steal Sensitive Data

Tropic Trooper (aka KeyBoy, Pirate Panda, and APT23) is a sophisticated cyberespionage APT group,...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Vulnerabilities in IBM Products Let Attackers Exploit & Launch DOS Attack

IBM has issued a security bulletin addressing critical vulnerabilities in its MQ Operator and...

BBTok Abuses Legitimate Windows Utility Command Tool to Stay Undetected

Cybercriminals in Latin America have increased their use of phishing scams targeting business transactions...

Predator Spyware Exploiting “one-click” & “zero-click” Flaws

Recent research indicates that the Predator spyware, once thought to be inactive due to...