Carding
Professional
- Messages
- 2,870
- Reaction score
- 2,511
- Points
- 113
Rangers, Thieves and Bards: Not a role-playing game, but real hackers in action.
Over the past three years, cybercriminals trying to steal data or deploy malware have accidentally stumbled upon a decoy virtual machine (honeypot) hosted in the United States. Despite the presence of an easily cracked password, the machine was not just a computer, but a monitoring system that allows you to monitor the actions of hackers in real time.
Every time a cybercriminal broke into the system, GoSecure researchers were able to observe and analyze the hacker's actions. More than 100 hours of screen recordings that were made during the break-ins gave researchers a unique look at the techniques and tools used by hackers. The most interesting thing about the study is that some criminals accidentally revealed their tools, methods, and even personal information.
A study presented at the Black Hat conference in Las Vegas showed how attackers use the Remote Desktop Protocol (RDP). Over 3 years, 21 million login attempts were recorded, of which 2,600 were successful. The researchers classified the intruders into five categories based on characters from the board game Dungeons and Dragons:
GoSecure experts classified the attackers into 5 main categories.
The researchers paid special attention to how often RDP systems become the target of attacks. One security expert noted that hacking attempts occurred every 7 seconds. In conclusion, GoSecure experts urge companies to set up such traps in order to better understand threats and strengthen their cybersecurity systems.
Over the past three years, cybercriminals trying to steal data or deploy malware have accidentally stumbled upon a decoy virtual machine (honeypot) hosted in the United States. Despite the presence of an easily cracked password, the machine was not just a computer, but a monitoring system that allows you to monitor the actions of hackers in real time.
Every time a cybercriminal broke into the system, GoSecure researchers were able to observe and analyze the hacker's actions. More than 100 hours of screen recordings that were made during the break-ins gave researchers a unique look at the techniques and tools used by hackers. The most interesting thing about the study is that some criminals accidentally revealed their tools, methods, and even personal information.
A study presented at the Black Hat conference in Las Vegas showed how attackers use the Remote Desktop Protocol (RDP). Over 3 years, 21 million login attempts were recorded, of which 2,600 were successful. The researchers classified the intruders into five categories based on characters from the board game Dungeons and Dragons:
GoSecure experts classified the attackers into 5 main categories.
- Rangers: Investigated the system without taking any active actions;
- The Barbarians: actively used tools for hacking other systems, such as Masscan and NLBrute;
- Wizards: used RDP as a portal for attacks on other vulnerable systems;
- Thieves: Tried to monetize their access by installing cryptominers;
- Bards: The least defined group that acted randomly or without a specific purpose. Experts note that some bards may have bought access to RDP and used it for different purposes. For example, one of these attackers used RDP to search Google for "the most powerful virus", and another tried to log in to Google Ads. There were also those who tried unsuccessfully to find pornography on the Internet.
The researchers paid special attention to how often RDP systems become the target of attacks. One security expert noted that hacking attempts occurred every 7 seconds. In conclusion, GoSecure experts urge companies to set up such traps in order to better understand threats and strengthen their cybersecurity systems.
