Loading [MathJax]/extensions/MathMenu.js
Who are you? OSINT-based Profiling of Infrastructure Honeypot Visitors | IEEE Conference Publication | IEEE Xplore

Who are you? OSINT-based Profiling of Infrastructure Honeypot Visitors


Abstract:

Cyber attacks are reported daily and have become a major social issue. However, it is still unclear who the attackers are and their background. In this paper, using OSINT...Show More

Abstract:

Cyber attacks are reported daily and have become a major social issue. However, it is still unclear who the attackers are and their background. In this paper, using OSINT-based profiling, we shed light on the identity of individual attackers visiting honeypots of connected infrastructure. Specifically, focusing on unique hostnames and/or usernames of the connecting client machines in the Telnet negotiations, we found SNS accounts, such as LinkedIn, Twitter, Facebook, and GitHub, which we believe belong to eight individual attackers. According to the information from these SNS accounts, seven were with IT and/or security expertise. Four were employed by security, IT consulting, or IT engineering companies. Two publicized open repositories of vulnerability exploits and malware. After logging into the honeypot, three showed aggressive activities such as installing external tools, escalating privilege, and attempting lateral movement. One visitor accessed the honeypot for over six months, exhibiting a special interest in the system. We conclude that it is possible to identify and profile some of the honeypot visitors who publicize themselves.
Date of Conference: 11-12 May 2023
Date Added to IEEE Xplore: 26 May 2023
ISBN Information:
Conference Location: Chattanooga, TN, USA

Funding Agency:


Contact IEEE to Subscribe

References

References is not available for this document.