12 posts tagged with "threat intelligence sharing"

Every publicly exposed server will be, at some point, attacked by botnets. In this blog post, we will concentrate on the SSH botnets, i.e., the ones that try to connect via SSH to vulnerable endpoints (due to weak user:password combinations, SSH daemon misconfigurations and so on). After connecting to an endpoint, they usually run various commands (e.g., download and execute malware).

As part of the SOCcare project where Politehnica Bucharest is one of the partners, we deployed a honeypot to detect and study the SSH botnets’ behavior. During the month of August, we discovered some interesting patterns.

The SOCcare project is aimed at building better cyber threat intelligence through improved analysis of digital artefacts, and then sharing this threat intelligence across the Eastern Europe region and beyond to increase cooperation and cyber resilience of Digital Europe.