Researchers have provided a unique insight into the activities of hackers by deploying a network of honeypots, designed to attract and monitor hacker behavior. By intentionally exposing Windows servers to the internet, hackers were able to remotely control these servers, enabling researchers to record and analyze 190 million events and 100 hours of video footage. The hackers involved in these activities were found to engage in various actions, including reconnaissance, installing malware, conducting click fraud, attempting to brute-force passwords, and masking their identities. The researchers categorized the hackers into different types based on their behaviors and motivations.
The first group, known as the “Rangers,” exhibited cautious behavior, conducting reconnaissance and potentially preparing for future attacks. The “Barbarians” attempted to gain unauthorized access to other computers using lists of compromised usernames and passwords. In contrast, the “Wizards” used the honeypot as a platform to launch attacks while hiding their trails and origins. The “Thieves” focused on monetizing their access to the honeypots, often through installing cryptocurrency miners or selling access to other hackers. Lastly, the “Bards” demonstrated minimal hacking skills, using the honeypots for browsing purposes, such as searching for malware and even accessing porn.
The researchers believe that observing these hacker activities provides valuable intelligence for researchers, law enforcement agencies, and cybersecurity teams. For example, law enforcement agencies can intercept the Remote Desktop Protocol (RDP) environments used by ransomware groups and gather intelligence from recorded sessions for investigations. Cybersecurity teams, on the other hand, can use this information to enhance their defenses and set up their own traps to protect their organizations. The researchers also noted that if hackers become aware of potential honeypots, they may change their strategies, creating obstacles that benefit everyone by slowing down their activities and increasing their risk of being caught.
In conclusion, the deployment of these honeypots has allowed researchers to gain valuable insights into the world of hackers and their activities. Observing and analyzing hacker behavior provides important information for researchers, law enforcement agencies, and cybersecurity teams, enabling them to protect organizations more effectively and investigate cybercrimes.