Honeypot Intelligence: U.S. as a Target

Monday, August 25, 2014 @ 05:08 PM gHale

Honeypots deployed in public cloud infrastructures across the globe showed most of the machines targeting the U.S. ended up located in China, the U.S., India, and Russia.

In 32 percent of the cyber-attacks directed at the United States, the computer systems used were in China, according to research by Alert Logic, a company providing Security-as-a-Service solutions in the cloud.

New Threats Emerging: Cisco Report
Social Network Security Risks Rampant
Faux Security Program is a RAT
APT: In Action for Six Years
IoT Devices Vulnerable to Attacks: Report

Not surprising, coming in second place was the U.S. as 21 percent of the machines used for the attacks were in its territory. Keep in mind this does not mean the attackers were in the U.S., only that they used systems in this country. Likewise with China, just because the systems were in China, that does not mean the attackers were in China. This gives a snapshot of possible scenarios.

According to the company, which combined information gathered from April 1, 2013 through September 30, 2013, and relied on data from 2,200 Alert Logic customers, 17 percent of the machines involved in cyber incidents affecting U.S. customers were from India, and 9 percent were in Russia.

Alert Logic’s attack map also reveals computers in countries like Korea (6 percent), Romania (6 percent), Vietnam (4 percent) and Brazil (2 percent) have also contributed to the overall number of attacks, but in a lesser amount.

In the case of Europe, most of the attacks (40 percent) originated from systems in Russia, followed by China and North and South America.

As far as Asia is concerned, the U.S. appears to have hosted most of the computers directing cyber-attacks against the region, with 63 percent.

The type of malware used in all three regions, as per the data collected by Alert Logic, is Conficker-A, found in 91 percent of the cases in the US, 77 percent in Europe and 62 percent in Asia.

The company informs that exploits for the Microsoft Directory Service (MS-DS), running on port 445, were the most prevalent for all three regions.

The incidents, however, ended up coming via other vectors, HTTP being prominent for the U.S. in 21 percent of the cases, followed by MySQL (13 percent).

In Europe, HTTP, MySQL Server, MySQL, RPC (remote procedure call) and FTP saw action in 13 percent of the cases, while MS-DS accounted for 35 percent of the attacks.

Most of the attacks in Asia leveraged MS-DS vulnerabilities, used in 85 percent of the incidents, according to Alert Logic.

Honeypots are decoy systems made vulnerable in order to catch information about the methods used by attackers to penetrate the system, as well as to collect details on the origin of bad guys’ activities.

Click here to view an infographic on the honeypot findings.

Leave a Reply

You must be logged in to post a comment.