(844) 627-8267
(844) 627-8267

A Clever Honeypot Tricked Hackers Into Revealing Their Secrets | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

For the past three years, hapless cybercriminals trying to steal data or deploy malware have been stumbling upon a virtual machine hosted in the United States. Like countless others, this machine’s weak password could easily be cracked. But, unbeknown to the hackers, the remote machine they’ve been accessing is a trap.

Every time one of the 2,000-plus attackers forced their way into the machine, researchers at cybersecurity firm GoSecure could watch their every move. Secretly, they recorded the machine’s screen, observing every mouse click and keyboard tap, as well as stealthily grabbing any data copied onto the clipboard of the attacker’s own devices.

An analysis of more than 100 hours of screen recordings from the attacks—an arguably unprecedented amount of data about the behavior of cybercriminals in action—shows the hackers gave away many of their most precious secrets. They inadvertently revealed the hacking tools they use and how they use them and what they do when they break into a system. Those foolish enough to log in to their personal email accounts also handed over details about their lives away from the keyboard.

Some attackers were sophisticated, while others appeared inept. And some just behaved oddly—one person who logged into the machine changed the desktop background and logged out, and another wrote “lol” before covering their tracks and leaving, the researchers behind the study say.

“It’s basically a surveillance camera that shows everything they do,” says Andréanne Bergeron, a cybersecurity researcher at GoSecure who analyzed the mountain of recorded screen footage. Various kinds of honeypots to catch cybercriminals have existed for years. “There’s a lot of personal information that they use, even when they are attacking,” Bergeron adds. “In the end, they are like us. They think like us. And they do errors, they do mistakes.”

Bergeron along with her colleague Olivier Bilodeau, GoSecure’s cybersecurity research director, set up the honeypot to catch potential cybercriminals using Microsoft’s Remote Desktop Protocol (RDP). The RDP allows people to remotely log in to a computer and see its desktop on their own screen. The setup, which requires a username and password, is commonly used by IT staff within businesses to help colleagues with problems and install updates.

In recent years, RDP systems with insecure logins—such as weak passwords that can be unlocked via password-guessing software—have provided key access points for cybercriminals breaking into corporate networks. Ransomware gangs have particularly made use of RDPs for attacks, says Mark Stockley, a security expert at Malwarebytes who has researched insecure RDPs. “If I can get an RDP session on your computer, then it’s as good as me pushing you off your chair and sitting down in front of it,” says Stockley, who is not connected to the new research. If an attacker has administrator access, they may be able to move around an entire network and deploy ransomware.


Click Here For The Original Story From This Source.

National Cyber Security