Annual Computer Security Applications Conference (ACSAC) 2022

Full Program »

A Recent Year On the Internet: Measuring and Understanding the Threats to Everyday Internet Devices

An effective way to improve resilience to cyber attacks is to measure and understand the adversary capabilities. Gaining insights into the threats we are exposed to helps us build better defenses, share findings with practitioners, and identify the perpetrators to limit their impact. Honeypot interactions have been widely studied in the past to measure cyber attacks, but the focus of more recent honeypot studies has been on IoT-based threats. Hence, classic threats studied by honeypots in depth a decade ago, such as desktop malware and web threats, have lately received much less attention.

In this paper, we perform a measurement study on a large-scale honeypot data collected between July 2020 and June 2021 by a large cybersecurity company. We measure a set of 7 billion connections to extract 806 million alerts raised by 662 endpoints (honeypots) distributed globally. For this study, we create a framework that leverages Open Source Cyber Threat Intelligence (OSCTI) to generate high-level attack classification and malware campaign inferences. One of the main findings of our work is that some networks involved in rogue activities that were reported in literature more than a decade ago are still involved in malicious activity. Also, we find that 17 vulnerabilities disclosed more than a decade ago, even as early as 1999, are still used to launch cyber attacks. At the same time, the threat landscape has evolved, and we discover that a large fraction of recent campaigns (63.4%) are Stealers or Keyloggers, new attack vectors such as the SMB EternalBlue vulnerability enable rapid self-propagation of malware across the globe, and infection strategies are shared among multiple campaigns (e.g., 10K alerts for Gafgyt, Trickbot, Freakout, and Hajime utilize the infection strategy of Mirai or muBot).

Afsah Anwar
Northeastern University

Yi Hui Chen
Northeastern University

Roy Hodgman
Rapid 7

Tom Sellers
runZero

Engin Kirda
Northeastern University

Alina Oprea
Northeastern University

Paper (ACM DL)

Slides

 



Powered by OpenConf®
Copyright©2002-2023 Zakon Group LLC