Cybereason used the RSA Conference as a backdrop to announce research findings from its recent honeypot masquerading as a financial services company.
Dubbed ‘Operation Honeypot’ researchers learned that cyber criminals are using automated bots to support crimes such as spam campaigns, data mining and multi-purpose breaches that lay the foundation for human attackers to extract data and intellectual property. The project’s operational goals were to gather intelligence on the tactics, techniques and procedures used by cyber criminals to harvest proprietary information on financial services companies.
“We have never seen bots of this level built to assist a human attacker nor have they been commoditized to this degree. The automatic exploitation in seconds means defenders will likely be overwhelmed by the speed at which the bots infiltrate their environment. The increasing automation of internal network reconnaissance and lateral movement is an even larger concern,” said Israel Barak, Chief Information Security Officer, Cybereason.
Initially, Cybereason created traps on the dark web with the usernames and passwords of the websites Remote Desktop Protocol (RDP) in an attempt to lure hackers. This resulted in zero activity. Simultaneously, thousands of brute force attempts to crack the servers were unsuccessful due to strong encryption. After Cybereason simplified and weakened the passwords, it led to an intrusion in less than two hours. Several days later hackers entered the environment and set up the environment for data theft. Their efforts led to the theft of 3GBs of data over a 4-6 timeframe.
“The honeypot project was a fascinating exercise in exploring how automated bots are being used with more frequency to do the grunt work of humans. Our no name, insignificant hedge fund company would never have been targeted if not for the vast acceptance and use of automation tools to exploit vulnerabilities present in millions of servers around the world,” said Ross Rustici, senior director, intelligence services, Cybereason.
More on the findings and a timeline of the project is available here.
About Cybereason
Cybereason, creators of the leading cybersecurity data analytics platform, gives the advantage back to the defender through a completely new approach to cybersecurity. Cybereason offers endpoint detection and response (EDR), next-generation antivirus (NGAV), and active monitoring services, all powered by its proprietary data analytics platform. The Cybereason suite of products provides unmatched visibility, increases analyst efficiency and effectiveness, and reduces security risk. Cybereason is privately held, having raised $189 million from top-tier VCs, and is headquartered in Boston, with offices in London, Tel Aviv and Tokyo.
Media Contact
Bill Keeler
Director, Public Relations
Cybereason
bill.keeler@cybereason.com
(929) 259-3261