“Our idea was to run honeypots in people’s houses, some of my friends accepted, some of my friends didn’t,” Demeter said of the project, which he carried under the guidance of GReAT Director Costin Raiu. Demeter said the devices, mostly faulty routers, didn’t affect the users’ internet activity, they just silently recorded pings.
After planting vulnerable devices, mostly in the UK and his native Romania, Demeter was able to register 200 malicious or abusive IP addresses and almost 13 million hits from his honeypots.
“The fact that I still see RomPager exploits in a honeypot in 2017 means that there are still vulnerable routers out there,” Demeter told the crowd, “I think this trend will not go away, these attacks are almost four years old and I think they’re going to be around for a long time.”
With all the IOT (Internet of Things) devices out there this could get interesting really quick for the black hatters. A Mcdonalds BlackHat could might exploit your IOT device with a Mcdonalds HoneyPot network.
More from ThreatPost
“I was like ‘Oh my god, my honeypot doesn’t know how to handle FTP connections,’” Demeter said, “I found that pretty interesting because they changed their behavior, they adopted a new tactic because they realized that our honeypots were capable of automatically extracting the files.”
The researcher took a moment near the end of his talk to drill down on the botnet’s details further and tabulated which countries were the most probed. Southeast Asian countries like China and South Korea, perhaps not surprising, were the most active, with over one million pings each. The United States and Japan came in third and fourth with 360,000 and 340,000 respectively.
“As more and more devices are added to the network the vulnerability, the web space for attacks gets larger and larger,” Demeter said, “I think new devices that are being developed should have a thorough code review.”
Interesting black hat method for catching black hat botnets these botnets could be made up of hundreds to multi thousands of bots do to black hat nastyness.
Lets go back to 2016 and see what the Black Hats did with the record breaking IOT Botnet attack.
There were a number of incidents in 2016 that triggered increased interest in the security of so-called IoT or ‘smart’ devices. They included, among others, the record-breaking DDoS attacks against the French hosting provider OVH and the US DNS provider Dyn. These attacks are known to have been launched with the help of a massive botnet made up of routers, IP cameras, printers and other devices.
Last year the world also learned of a colossal botnet made up of nearly five million routers. The German telecoms giant Deutsche Telekom also encountered router hacking after the devices used by the operator’s clients became infected with Mirai. The hacking didn’t stop at network hardware: security problems were also detected in smart Miele dishwashers and AGA stoves. The ‘icing on the cake’ was the BrickerBot worm that didn’t just infect vulnerable devices like most of its ‘peers’ but actually rendered them fully inoperable.
With the completely connected IOT world there is massive potential for abuse of the system by black hat bot nets. I would imagine these Black Hatters get the information from the HoneyPot they need for the Massive DDOS attacks.