Skip to content

Davey Winder

delivering award-winning technology journalism since 1991

  • home
  • about me
  • follow me on mastodon
  • privacy policy
  • Toggle search form
Someone laying on floor looking at iPad

Lazy hackers employ gruntbots to quickly breach network defences

Posted on April 20, 2018April 20, 2018 By Davey Winder

Cybereason researchers have been analysing a complex network honeypot operation, and the results should make every CISO pause for thought

Establishing fake servers to attract attackers is nothing new, and while the results can be useful from a threat intelligence perspective they don’t tend to reveal anything particularly new either. Where the attackers are coming from is of less value than what they do when they arrive, and that’s where the fake financial company created by Cybereason really delivered the goods; it was discovered and breached by automated bots almost instantly. “These tools will drop the average dwell time of an attacker from a couple of hours to a couple of minutes” the researchers warn. The Cybereason researchers saw a lot of rudimentary activity across all services, but what really caught their eye was the botnet that struck within two hours of the team weakening additional RDP ports.  It literally did the grunt work for the attackers, who didn’t participate manually in the attack until after the bots had exploited known vulnerabilities, scanned the network, dumped credentials of the compromised machines and created new user accounts to enable the perpetrators to easily return even if the actual users changed their passwords in the meantime. Sounds like a lot of work, doesn’t it? Yet this took the botnet just 15 seconds to achieve from start to finish.

Click here to read complete article

Threat Intelligence Tags:Automation, Botnets, Cybercrime, Hacking, Research

Post navigation

Previous Post: Candy bar security posture leaves enterprises soft on the inside
Next Post: Calculating the cost of cyber-risk

Related Articles

New iPhone Security Warning As Malicious Lockdown Mode Trick Revealed Apple
Samsung Confirms Hackers Compromised Customer Data Starting July 2019 Hacking
New Critical Security Warning For iPhone, iPad, Watch, Mac—Attacks Underway Analysis
New Emergency Chrome Security Update After Critical iOS 16.6.1 Release Analysis
Windows Users Urged To Update As Microsoft Confirms New Zero-Day Exploits Infosecurity
Stolen Reddit Data To Be Published Unless API Changes Dropped, Hackers Say Cybercrime

Categories

Post Archive

Tags

0day Analysis Android Apple Apps breach bug bounty Business Chrome crime Cybercrime Data Protection Encryption Enterprise Google Government Hackers Hacking Health healthcare industry iOS IoT iPhone Malware Microsoft News NHS Opinion passwords Phishing Privacy ransomware Research Russia Samsung threat intelligence Twitter Update Vulnerabilites vulnerabilities Vulnerability Windows Windows 10 zero-day

Copyright © 2025 Davey Winder .

×
Cookies
We serve cookies. If you think that's ok, just click "Accept all". You can also choose what kind of cookies you want by clicking "Settings". Read our cookie policy
Settings Refuse all Accept all
Cookies
Choose what kind of cookies to accept. Your choice will be saved for one year. Read our cookie policy
  • Necessary
    These cookies are not optional. They are needed for the website to function.
  • Statistics
    In order for us to improve the website's functionality and structure, based on how the website is used.
  • Experience
    In order for our website to perform as well as possible during your visit. If you refuse these cookies, some functionality will disappear from the website.
  • Marketing
    By sharing your interests and behavior as you visit our site, you increase the chance of seeing personalized content and offers.
Save Refuse all Accept all
GDPR Cookie Policy