The rise of IoT related attacks, as demonstrated so effectively by Mirai and its variants, as well as incidents such as Wannacry, (Not)Petya and recently VPNFilter, have reinforced the case for using honeypots as effective tools for detecting, collecting and analysing Internet-wide threats. Our ability to effectively respond to and mitigate a new threat relies on not just the fast acquisition of the global picture of an incident but also on obtaining new malware samples for analysis. Thus it is critical to have the capability to quickly deploy new honeypot sensors at scale that enable the above. The talk will cover the non-profit Shadowserver Foundation’s latest efforts at building, deploying and maintaining such large-scale honeypot networks, involving hundreds or thousands of sensors. It will describe the unique challenges encountered and lessons learned whilst attempting to automate the process of deployment and management as much as possible. The talk will introduce the honeypot deployment framework developed as part of a new EU Horizon 2020 Project - SISSDEN, along with a live demo. It will also present some of the resuIts of analysis of the collected data. It is important to stress that the data collected from these sensor networks is shared with the security community (90+ National CERTs, 4000+ network owners etc) as part of the free daily Shadowserver victim remediation feeds.

Details

time: 14:50
speakers: Piotr Kijewski

Other sessions:

Who needs an IP-address anyway? The (in)security of non-IP connected IoT devices


Security for Safety, the holy grail of ICS is coming under attack


Deterrence in cyberspace: challenge or illusion?


Got hacked! Now what?