logo
allArticlesConferencesPresentations

Looking at 4 years of web honeypot attacks: tactics, techniques and trends

Conference:  OWASP 20th Anniversary Event

2021-09-24

Authors:   Malcolm Heath, Raymond Pompon

Summary

The presentation discusses the analysis of 8.5 million web honeypot events collected over 52 months to identify specific CVEs being targeted in large global attack campaigns and to understand attacker tactics and trends. The data-driven defense approach is emphasized.
  • Partnership with Deflexio to collect data from web sensors in hundreds of honeypots worldwide
  • 8.5 million events analyzed using Python, Pandas, NumPy, Jupiter Notebooks, and Elasticsearch
  • Identification of specific CVEs targeted in global attack campaigns and understanding of attacker tactics and trends
  • Data-driven defense approach emphasized
The presentation highlights the importance of data-driven defense in cybersecurity. By analyzing 8.5 million web honeypot events, the researchers were able to identify specific CVEs targeted in global attack campaigns and understand attacker tactics and trends. This kind of data is vital in building a data-driven defense. The use of tools like Python, Pandas, NumPy, Jupiter Notebooks, and Elasticsearch made it possible to analyze the large dataset. The partnership with Deflexio and their web sensors in hundreds of honeypots worldwide provided the necessary data. The presentation emphasizes the importance of a data-driven defense approach in cybersecurity.

Abstract

Abstract:We’ve collected over 9 million events from hundreds of web honeypots around the world for past 52 months. This session will present the results of our analysis of that data to help answer the question: what attacks should I expect?Using this honeypot data, we’ve been able to identify specific CVEs being targeted in large global attack campaigns. From this, we have clues on attacker tactics regarding which platforms and technologies receive attention time after time, and which fade from usage. This kind of data is vital in building a data-driven defense.Attendees also learn what kinds of attack are commonplace on the Internet, so the ones targeting them uniquely will stand out. We will explain techniques to investigate and classify web attack log traffic at scale.To quote Deming: In God we trust. Everyone else, bring data. We’re bringing the data.
Materials:
Tags:
honeypots
web security
data analysis
attack campaigns
defense strategies

Post a comment

Related work

Weaponizing Plain Text: ANSI Escape Sequences as a Forensic Nightmare

Conference:  Defcon 31
Authors: STÖK Hacker / Creative - Truesec
2023-08-01

Delta Lake: Diving into Data Lakes Without the Downsides

Conference:  OpenAI + Data Forum 2022
Authors: Kelly O'Malley
2022-06-22

Biometric Authentication Under Threat: Liveness Detection Hacking

Conference:  BlackHat USA 2019
Authors:
2019-08-07

I'm Unique, Just Like You: Human Side-Channels and Their Implications for Security and Privacy

Conference:  BlackHat USA 2019
Authors:
2019-08-07

ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication

Conference:  BlackHat USA 2021
Authors:
2021-08-04

Discovering Hidden Properties to Attack Node.js ecosystem

Conference:  Defcon 28
Authors:
2020-08-01