Our selection of alerts on honeypots: report 10 – may 2023

A good understanding of active threats is necessary to achieve a good security posture. The following report provides actual trends that emerge from the Internet Background Noise. The following data is based on the monitoring of two weeks of our Honeypots logs. Check out our previous report here. CVE-2020-2551 exploit attempts AndoryuBot targeting our honeypots […]

Our selection of alerts on honeypots: report 9 – may 2023

A good understanding of active threats is necessary to achieve a good security posture. The following report provides actual trends that emerge from the Internet Background Noise. The following data is based on the monitoring of two weeks of our Honeypots logs. SSH bruteforce attempts with variants of Password or Welcome Top commandlines when an […]

Our selection of alerts on honeypots: report 8 – april 2023

A good understanding of active threats is necessary to achieve a good security posture. The following report provides actual trends that emerge from the Internet Background Noise. The data are provided using two weeks of our worldwide honeypots’ logs. Find our previous bi-monthly report here, and subscribe for free to get even more valuable information. […]

Our selection of alerts on honeypots: report 7 – april 2023

A good understanding of active threats is necessary to achieve a good security posture. The following report provides actual trends that emerge from the Internet Background Noise. The data are provided using two weeks of our worldwide honeypots’ logs. SSH connection attempts: focus on 2 French IP addresses AndroxGh0st scanning for Laravel debug mode information […]

Linux – focus on a cryptomining attack dubbed color1337

Executive summary TEHTRIS Threat Hunters analyzed illicit cryptomining activity targeting Linux-based machines. The attack happened on one of our high interaction honeypots hosted in France in mid-January across a short timeframe (less than 5 minutes). Our honeypot was a Linux under Ubuntu 22.04. The cybercriminal group behind this attack employs a strategy to optimize the […]

Our selection of alerts on honeypots: report 6 – march 2023

A good understanding of active threats is necessary to achieve a good security posture.  The following report provides actual trends that emerge from the Internet Background Noise. The data are provided using two weeks of our Honeypots logs. Top credentials tested by cyber threat actors on SSH protocol Our honeypots – unavoidable victims of Mirai […]

Our selection of alerts on honeypots: report 5 – march 2023

A good understanding of active threats is necessary to achieve a good security posture.  The following report provides actual trends that emerge from the Internet Background Noise. The data are provided using two weeks of our Honeypots logs. Exploit of Realtek SDK vulnerability to propagate Mirai botnet IoCs – IP addresses Exploit of RCE vulnerability […]

Our selection of alerts on honeypots: report 4 – february 2023

These past two weeks, international TEHTRIS honeypots got relentlessly hit again by suspected malicious activities. The honeypots located in Southeast America, in South and Northeast Asia Pacific and in Western Europe were the most targeted. Here is an extract of some of the attack attempts that were detected. Attempts to exploit CVE-2019-12725 on German and […]

Our selection of alerts on honeypots: report 3 – february 2023

In this bi-monthly report based on the malicious activities detected by our worldwide honeypot network, you’ll find a focus on the ports and protocols most used by threat actors, as well as vulnerabilities – old and new – that are continuously tested by attackers. Top ports / protocols targeted by threat actors About 4070 / […]

Our selection of alerts on honeypots: report 2 – january 2023

This last two weeks, international TEHTRIS honeypots have been under the usual massive wave of malicious activities. To be more precise, the ones located in Northeast Asia Pacific were the most targeted. One IP conducting several malicious activities Precise health data are being searched out in Canada Bi-monthly statistics: Top 10 of credentials tested by […]

Cyber or not cyber ?

Once a month, receive the essential news and cyber watch by subscribing to the TEHTRIS newsletter.