Discovering connections between attackers
In the last few years, Pedram Hayati, founder of Australian IT company Security Dimension, has been developing a custom honeypot intelligence system called Smart Honeypot.
Honeypots - fake systems designed to look like the real thing - can be used for many different purposes. One of these is to determine what attackers are after, their capabilities and the tactics they use to achieve their goals, and this is why Hayati set up thirteen Smart Honeypots in different geographic regions of Amazon Web Services and Google Cloud (America, Europe, Asia and Oceania).
"All hosts were identical, mimicking a typical server, and during the experiment their IP addresses were not published," he explained to the audience at Hack in the Box conference in Amsterdam. Interestingly enough, even so it took on average less than ten minutes for attackers to find them and target them.