Our selection of alerts on honeypots: report 10 – may 2023
A good understanding of active threats is necessary to achieve a good security posture. The following report provides actual trends that emerge from the Internet Background Noise. The following data is based on the monitoring of two weeks of our Honeypots logs. Check out our previous report here. CVE-2020-2551 exploit attempts AndoryuBot targeting our honeypots […]
Our selection of alerts on honeypots: report 9 – may 2023
A good understanding of active threats is necessary to achieve a good security posture. The following report provides actual trends that emerge from the Internet Background Noise. The following data is based on the monitoring of two weeks of our Honeypots logs. SSH bruteforce attempts with variants of Password or Welcome Top commandlines when an […]
Our selection of alerts on honeypots: report 8 – april 2023
A good understanding of active threats is necessary to achieve a good security posture. The following report provides actual trends that emerge from the Internet Background Noise. The data are provided using two weeks of our worldwide honeypots’ logs. Find our previous bi-monthly report here, and subscribe for free to get even more valuable information. […]
Our selection of alerts on honeypots: report 7 – april 2023
A good understanding of active threats is necessary to achieve a good security posture. The following report provides actual trends that emerge from the Internet Background Noise. The data are provided using two weeks of our worldwide honeypots’ logs. SSH connection attempts: focus on 2 French IP addresses AndroxGh0st scanning for Laravel debug mode information […]
Linux – focus on a cryptomining attack dubbed color1337
Executive summary TEHTRIS Threat Hunters analyzed illicit cryptomining activity targeting Linux-based machines. The attack happened on one of our high interaction honeypots hosted in France in mid-January across a short timeframe (less than 5 minutes). Our honeypot was a Linux under Ubuntu 22.04. The cybercriminal group behind this attack employs a strategy to optimize the […]
Our selection of alerts on honeypots: report 6 – march 2023
A good understanding of active threats is necessary to achieve a good security posture. The following report provides actual trends that emerge from the Internet Background Noise. The data are provided using two weeks of our Honeypots logs. Top credentials tested by cyber threat actors on SSH protocol Our honeypots – unavoidable victims of Mirai […]
Our selection of alerts on honeypots: report 5 – march 2023
A good understanding of active threats is necessary to achieve a good security posture. The following report provides actual trends that emerge from the Internet Background Noise. The data are provided using two weeks of our Honeypots logs. Exploit of Realtek SDK vulnerability to propagate Mirai botnet IoCs – IP addresses Exploit of RCE vulnerability […]
Our selection of alerts on honeypots: report 4 – february 2023
These past two weeks, international TEHTRIS honeypots got relentlessly hit again by suspected malicious activities. The honeypots located in Southeast America, in South and Northeast Asia Pacific and in Western Europe were the most targeted. Here is an extract of some of the attack attempts that were detected. Attempts to exploit CVE-2019-12725 on German and […]
Our selection of alerts on honeypots: report 3 – february 2023
In this bi-monthly report based on the malicious activities detected by our worldwide honeypot network, you’ll find a focus on the ports and protocols most used by threat actors, as well as vulnerabilities – old and new – that are continuously tested by attackers. Top ports / protocols targeted by threat actors About 4070 / […]
Attacks on VMware ESXi servers
These past few days, a ransomware attack campaign has taken place, affecting thousands of VMware ESXi servers in several countries, especially in Europe. It was massively and publicly discovered during the first weekend of February. This campaign appears to be exploiting the vulnerability CVE-2021-21974 (CVSS V3 : 8,8) for which a patch has been available […]
