There’s a very interesting blog post that was put up by Trustwave which speaks to the fact that they have a network of honeypots around the world, and are able to gather some pretty interesting intel on threat actors and the attacks that they carry out:
During a six-month period that ended in May 2023, we collected and analyzed vast amounts of data from over 38,000 unique IPs and downloaded more than 1,100 unique payloads served during exploitation attempts. Almost 19% of the total recorded web traffic was malicious, and botnets were responsible for over 95% of the malicious web traffic detected.
We encountered multiple targeted attacks directed at specific honeypots, where threat actors sought to exploit the enterprise applications under examination. The primary objective of these attacks was to upload a web shell, enabling attackers to carry out further actions against the potential victims that our sensors were mimicking. A web shell is a malicious script or program that provides unauthorized access and control over a compromised website or web server. It is typically uploaded by an attacker to gain administrative-level privileges and execute arbitrary commands on the target system.
Joe Saunders, CEO, RunSafe Security has this comment on Trustwave’s work:
“Fixing and patching is too late. Threat actors are very efficient and move with speed, as demonstrated by Patel & Cieslak. What we need is a new approach to cyber protection that protects against classes of exploits even when a patch is not available.
I encourage you to read the blog post as it is pretty eye opening. And hopefully it can serve as a guide to allow you to protect your enterprise.