An IDS based on Suricata and the SELKS distribution, always interesting to see directly what kind of malware is beaconing to its CnC.We installed Moloch as a full packet capture tool, very useful when you need to drill down on packets and sessions. The first infrastructure was hosted in Europe and included all the tools to monitor the honeypot (in terms of host and network). The goal of this post is to explain how we created a honeypot for POS with open source tools and custom scripts, and to show the results from 3 months of running a honeypot (samples, TTP, groups …). But what do we know really about POS malware? Can we create groups of malware and relate them to groups of cyber criminals? As is the case for standard malware, we need a honeypot for POS, so we can publicly share the TTP (techniques, tactics, and procedures) of POS cyber criminals. Obviously, details of this kind of breach cannot be made public (banks, ongoing investigation, reputation …). Not a month goes by without news about another new POS (point-of-sale) malware or credit card data breach.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |