How AWS threat intelligence deters threat actors

Every day across the Amazon Web Services (AWS) cloud infrastructure, we detect and successfully thwart hundreds of cyberattacks that might otherwise be disruptive and costly.

Amazon Web Services (AWS) has developed a threat intelligence tool called MadPot to protect customers from cybercrime. MadPot is designed to discover and monitor threat activities and disrupt harmful activities whenever possible. It uses a huge number of plausible innocent targets to attract threat actors and observe their behavior. In the first quarter of 2023, the system stopped over 1.3 million outbound botnet-driven DDoS attacks and shared its security intelligence findings with relevant hosting providers and domain registrars.

MadPot was recently used to detect and disrupt a distributed denial of service (DDoS) botnet that was using a domain as a command and control (C2) domain. AWS automation contacted the company that was hosting the C2 systems and the registrar responsible for the DNS name, and the C2s were taken offline in less than 48 hours. It was also used to detect and understand the threat group called Sandworm, which was attempting to exploit a vulnerability affecting WatchGuard network security appliances. Finally, the system was used to help government cyber and law enforcement authorities identify and ultimately disrupt Volt Typhoon, the widely-reported state-sponsored threat actor.

AWS puts its global-scale threat intelligence to work for its customers and beyond. It incorporates findings from MadPot into its security tools, and it works closely with the security community and collaborating businesses around the world to isolate and take down threat actors. By using its global-scale insights to gather a high volume of security intelligence, AWS is able to help protect its customers automatically and make the internet as a whole a safer place.

AWS encourages customers to provide feedback and ask questions about the post in the comments section or by contacting AWS Support. For more information, customers can follow AWS Security on Twitter. MadPot is a powerful tool that will help AWS customers stay safe from cybercrime and make the internet a safer place for everyone. AWS will continue to develop and enhance their threat intelligence and response systems to make the internet a safer place.

📓 How AWS threat intelligence deters threat actors

👉🏽 Every day across the Amazon Web Services (AWS) cloud infrastructure, we detect and successfully thwart hundreds of cyberattacks that might otherwise be disruptive and costly. 👉🏽 Amazon Web Services (AWS) has developed a threat intelligence tool called MadPot. 👉🏽 MadPot is designed to protect customers from cybercrime by discovering and monitoring threats. 👉🏽 It disrupts harmful activities and observes threat actors' behavior. 👉🏽 MadPot uses innocent targets to attract threats and gather intelligence. 👉🏽 In Q1 2023, it stopped over 1.3 million botnet-driven DDoS attacks. 👉🏽 MadPot shares its security findings with hosting providers and domain registrars. 👉🏽 It detects and disrupts DDoS botnets using command and control domains. 👉🏽 MadPot helps identify and understand threat groups like Sandworm. 👉🏽 It assists government cyber and law enforcement authorities to disrupt state-sponsored threat actors. 👉🏽 AWS uses MadPot's insights to make the internet safer and offers support and feedback options.

🔗 source link: https://aws.amazon.com/blogs/security/how-aws-threat-intelligence-deters-threat-actors/

🔗 summarized content: https://hut.threathunterz.com/battlefield-intel/articles-and-reports/how-aws-threat-intelligence-deters-threat-actors

#AWS #MadPot #ThreatIntelligence #CybercrimeProtection #SaferInternet