Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label DDoS botnets. Show all posts

AWS Employs MadPot Decoy System to Thwart APTs and Botnets

 

Amazon Web Services (AWS), a prominent player in cloud computing, has unveiled its internal defense system, MadPot, which has proven effective in luring and trapping malicious activities, including those orchestrated by nation-state-backed Advanced Persistent Threats (APTs) such as Volt Typhoon and Sandworm.

Conceived by AWS software engineer Nima Sharifi Mehr, MadPot is described as an advanced network of monitoring sensors equipped with automated response capabilities. This system ensnares malicious actors, monitors their actions, and generates protective data for various AWS security products.

MadPot is ingeniously designed to mimic numerous plausible targets, thwarting Distributed Denial of Service (DDoS) botnets, and preemptively blocking formidable threat actors like Sandworm from compromising AWS customers.

According to AWS, the sensors are vigilant over a staggering 100 million potential threat interactions and probes daily worldwide. Out of these, about 500,000 are identified as malicious activities, and this colossal trove of threat intelligence is meticulously analyzed to provide actionable insights on potentially harmful online activities. 

The response capabilities automatically shield the AWS network from identified threats, and they also reach out to other companies whose infrastructure is being exploited for malicious purposes.

In the case of Sandworm, the honeypot effectively intercepted the actor's attempt to exploit a security vulnerability in WatchGuard network security appliances. AWS not only identified IP addresses but also other distinct attributes linked to the Sandworm threat involved in the attempted breach of an AWS customer.

MadPot's remarkable capability to simulate a range of services and engage in extensive interactions enabled AWS to gather additional insights about Sandworm campaigns. This included specific services targeted by the actor and post-exploitation commands initiated by them. Armed with this intelligence, AWS promptly informed the affected customer, who took swift action to rectify the vulnerability.

Furthermore, AWS highlighted that the data and insights gathered by MadPot are harnessed to enhance the efficacy of their security tools, including AWS WAF, AWS Shield, AWS Network Firewall, and Amazon Route 53 Resolver DNS Firewall. These are complemented by detective and reactive services like Amazon GuardDuty, AWS Security Hub, and Amazon Inspector.