SAN FRANCISCO – The use of automated bots is becoming more prevalent for novice attackers as tools become more available, researchers found.
A honeypot experiment, detailed by Cybereason at this year’s RSA Conference, showed the commoditization of using bots to perform low-level tasks. The honeypot showed an automated bot come in and lay the groundwork – by exploiting vulnerabilities and other automated tasks – for the hacker to then come in and siphon off 3GB of data.
“If exploit automation wasn’t enough of a concern for security teams, this technique has grown even more potent with attackers using bots that can automatically exploit vulnerabilities, create backdoors, dump passwords, conduct network reconnaissance and laterally move in seconds,” according to Cybereason’s report.
Cybereason set up the honeypot by releasing usernames and passwords for the Remote Desktop Protocol (RDP) for three servers in the network in dark markets and paste sites to see how suspicious hackers have become of the forums that were once thriving with illicit activity.
“The genesis of the project was to test a hypothesis about what hackers did once they get access to high functioning networks, how automated bots took advantage of the environment, and when hackers actually entered,” said Ross Rustici, Cybereason’s Senior Director of Intelligence Services, in an interview with Threatpost.
Cybereason researchers observed a bot break in through the RDP and complete launch an automated exploitation of the network, taking actions very quickly through automated scripting.
........
........
........