Sensor Network in Latin America and the Caribbean for Detecting Potential Threats Continues to Grow

13/05/2021

The honeypot sensor network deployed in Latin America and the Caribbean by CEDIA and The Shadowserver Foundation detected close to 103 thousand attacks originating in different IP addresses in the approximately 12.5 million events monitored by the network in the region in just one day.

This information was provided by Paul Bernal, one of the persons responsible for CEDIA, during the project’s presentation at the LACNIC 35 Technical Forum.

This initiative was selected as one of the winners of the FRIDA Grants Program in the Stability and Security category, and consists of the deployment of a sensor network to collect information on attempted computer security attacks targeting devices in the region. This network provides a unique view of the threats related to the Internet of Things in our region and, along with a communications campaign, will help reduce the number of devices that experience attacks.

The network “receives information about these attempted attacks or about malicious activities against devices in our region,” Bernal said.

The project uses existing IoT related open-source honeypots and deploys them at a large scale using the Shadowserver framework.

The goal is to implement 50 sensors in at least 15 countries across the region. Right now, the project has already deployed 33 sensors in 17 different countries.

An added, originally unplanned benefit is that the project allows obtaining information on the traffic to and from the region.

“A major advantage is that we are obtaining global data. While it is true that the goal of the project was to create a Latin American sensor network, we are connecting to a global sensor network and can therefore access traffic information, compromise indicators, and other details about the global activity against these honeypots,” Bernal added.

The data generated by the sensor network is shared with 21 national CSIRTs and 235 network operators, as well as with a total of 109 national CSIRTs and more than 5,000 network operators worldwide through Shadowserver’s daily remediation feeds.