ANALYZING CYBER THREAT ACTORS OF E-LEARNING PLATFORMS BY THE USE OF A HONEYNET CLOUD BASED INFRASTRUCTURE
ANALYZING CYBER THREAT ACTORS OF E-LEARNING PLATFORMS BY THE USE OF A HONEYNET CLOUD BASED INFRASTRUCTURE

Summary/Abstract: With the advent of Advanced Persistent Threats, the complexity of the techniques, tactics and procedures used by the adversaries increased significantly and it becomes more and more clear that all industries are ought to adapt to the emerging threat landscape. While analyzing various industries and the importance of risk assessment within each of them, the authors of this paper shifted their perspective and started a more in depth review of the e-learning environment. Because universities represent the birth place of research and development, they also represent high value targets for threat actors within cybersecurity. Moreover, from a historical perspective, the first few viruses and worms were malicious programs that ran within universities' networks. Therefore, the authors conducted a research on gathering threat intelligence on actors performing attacks against e-learning platforms. As they are active promoters of the availability of education to everyone, the tools used among the experiment were open-source or free for educational purposes. The initial steps and perhaps one of the most effective projects on this matter would be the implementation of a honeypot environment for obtaining tailored indicators of compromise. In today's information technology field, automation is the aspect that drives any organization forward. A honeypot represents one or more systems (honeynet) with the purpose of detecting and deflecting attackers by luring them into the network. The importance of deployment of honeypots as a way of understanding who are the adversaries of e-learning platforms was studied by implementing a SSH honeynet in a Public Cloud environment. On this matter, the authors of this paper developed an infrastructure based in 3 geographical regions including: North America - San Francisco, Europe - London and Asia - Singapore. This is based on DigitalOcean Public Cloud subscription. The architecture is composed of low - interaction and high - interaction research honeypots deployed in all 3 regions to understand difference in attackers' tactics also based on time zones and geolocations. Moreover, for analyzing the data, log servers were installed in Frankfurt, Germany and Amsterdam, Netherlands. These are log collectors and parsers that are able to translate big data into readable and easy to use real-time dashboards. After analyzing the gathered data, the authors' conclusions are that this type of research is highly relevant to understand the current and future state of cyber security and more importantly to prepare the e-learning landscape for defending against emerging threats.

• Details
• Contents