Connect with us

Cyber Security

How to Comprehend the Buzz About Honeypots

Avatar

Published

on

Honeypots are crucial tools for security researchers and security teams. Understanding what they are and what they can do can be critical for making them safe and useful for your organization.

(image by Jag_cz, via Adobe Stock)

(image by Jag_cz, via Adobe Stock)

Everyone in security wants to know how criminals do their work… but everyone in security would rather watch cybercriminals’ handiwork while it plucks apart someone else’s computing infrastructure, not their own. Understanding your adversary is, after all, key to countering attacks, but most organizations are reluctant to enlist their production servers and networks for research.

So they turn, instead, to honeypots.

What is a honeypot?

A honeypot is a set of data or pieces of network infrastructure that appear to be vulnerable, legitimate production components but are, in fact isolated from the rest of the network. So attackers are attracted to them, but attacks can be studied without endangering the enterprise.

Honeypots have increased in importance as the cybersecurity battlefield has grown more dynamic. Rui Lopes, engineering and technical support manager for Panda Security explains that honeypots are critical tools of “counter-espionage” in cybersecurity, delivering key intelligence on attackers.

Analysis of honeypot activity can, he says, bring early awareness of new forms of attacks. With that, “in the age of malwareless and sophisticated cyberthreats, attack telemetry and its analysis becomes critical in customizing a protection model that fits the organization, its assets and its strategy rather than a turnkey approach that will simply not work in the long run,” Lopes says.

Ideally, a honeypot is isolated, robust, easily monitored, and easily rebuilt when it’s been successfully compromised by a criminal. For many, if not most, organizations, the combination of requirements is best met by virtual machines hosted on an isolated server.

Whether the honeypot is set up on a virtual machine or an isolated physical operating system instance, most will be set up with specific environmental variables, systems, or applications to attract particular criminals interested in specific targets.

Different flavors of honey

All honeypots are not created equal. It makes sense, since not all honeypots have the same purpose. While every honeypot is available on the Internet and vulnerable to one or more attack plans, the first major fork comes between honeypots serving the needs of production IT security teams and those serving the needs of security researchers.

Honeypots set up by enterprise IT teams tend to have a straightforward purpose: they gather information on the attacks being launched against the organization’s systems and applications. In most cases, that means a honeypot set up within the organization’s network address space, with some (or all) of the organization’s APIs and services exposed to the Internet.

The point of the enterprise honeypot is simple: it will allow the enterprise security team to see which ports and APIs are most frequently targeted, which username/password combinations are tried most often in credential-stuffing attempts, where the attacks are originating, and other basic but critical attack factors. They aren’t intended to be open-ended research devices, and in general they aren’t highly interactive. In particular, they aren’t intended to keep attackers engaged for long periods of time through highly interactive traps.

When security researchers set up a honeypot, they tend to have aims much different than those of enterprise security professionals. Research honeypots may be used to gather data on particular strains of malware or specific attack vectors, or they may provide data on more general trends in offensive cyber security.

At one extreme, research honeypots may have limited services, ports, or APIs open to the Internet so that they will be attractive to attackers searching for targets. At the other extreme, a research honeypot may duplicate a full enterprise server, complete with web interface, enterprise applications, and faux database. These full-featured research honeypots may also be quite interactive, allowing the attacker to go through several layers of the applications and services with appropriate responses from the honeypot.

These highly interactive honeypots are quite a bit more complex to set up and monitor than are the non-interactive or minimally interactive honeypots that gather data on more limited activities. Beyond the expense and complexity of setting up these highly interactive honeypots, there’s a risk, as well. The longer an attacker remains engaged with a honeypot, the more likely it is that they will find a flaw that either reveals the honeypot to be a research project or allows the attacker access to a production network.

Pulling data from the honeypot

Building a great honeypot is of no value if useful data isn’t returned to the security staff or researcher. The honeypot build process has to include processes and technology for safely gathering and reporting the captured data.

The first layer of data gathering can come from the logs of the firewall, IDS, or other security components that sit between the honeypot and the Internet. Together, they will provide information on the application and network traffic that are part of the attacks.

Next, server system logs will bring system-level data to the proceedings.  In addition, monitoring and analysis tools such as Tripwire can be used to provide more detailed records of network traffic and packet contents. The total data set from the various sources, correlated and analyzed, will give the security team or researchers information required to do detailed forensic analysis of the attack and its effects on the system.

Safety first

When a honeypot is successful, an attacker will compromise its facilities, whether a single port or complete admin privileges. The complete plan for a honeypot must include steps to take when it is successful — how to regain control of the server, remove any artifacts left by the attacker, and (most important) prevent the attacker from using the honeypot as the first step in breaching the total enterprise network.

The first two can be accomplished with a “golden image” of the honeypot that can be re-applied to the physical server or server image on a virtual machine. The third is accomplished by a server that is on an entirely separate network, on a network segment logically separated from the production network, and with full network security between the honeypot and the rest of the enterprise.

One very real question, though, is whether, when the research is complete, the security team or researcher will shut down access to the honeypot in a way that allow the attacker to know that they’ve been duped by a honeypot. In most cases, the best solution is to keep the attacker in the dark, shutting down the honeypot with a “maintenance required” or similar message that excuses the shutdown with a reason not having to do with security.

There are a wide variety of software packages, both free and commercial for setting up a honeypot. Most of them are for honeypots intended for a specific goal, and none of them make it easy for a novice to safely set up a honeypot on or related to a production network. Reading through the documentation, the discussion pages on Github, or community conversations should go a long way, though, toward helping anyone understand precisely how the honeypot works and why it’s such a valuable tool for cybersecurity pros.

Related content:

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and … View Full Bio

More Insights

Source: https://www.darkreading.com/edge/theedge/how-to-comprehend-the-buzz-about-honeypots/b/d-id/1336788?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Cyber Security

IOTW: Ransomware Attack Closes Colonial Pipeline

Avatar

Published

on

Signs point to the fact that it was DarkSide, a Robin Hood-like hacking group who successfully executed a ransomware attack that shutdown the Georgia-based Colonial Pipeline. There are conflicting reports about how the incident will further impact the distribution of U.S. domestic oil to the Eastern states and gas prices. 

Private companies working with U.S. government agencies shutdown the cloud servers from which the attacks on the Colonial Pipeline and 12 other companies were launched. They also retrieved the stolen data which was bound for Russia.

The main pipeline has been closed for several days. While the smaller pipelines were also affected, they were restored first as part of a phased plan. The Pipeline stretches from Texas to the Northeast, delivering about 45% of the fuel consumed by the East Coast.

The Facts

On Friday, May 7, the Colonial Pipeline announced its operations had been halted as a result of a ransomware incident that shutdown the main pipeline and smaller pipelines. Incident response began the day before, on Thursday. 

By Sunday, the smaller lines were operational again. However, the mainline remains down at the time of this writing. Early in the week, President Joe Biden worked with the Department of Transportation to lift oil trucking hour restrictions to keep the gas products flowing. On Wednesday, the White House released an Executive Order on Imrpoving National Cyber Security. The Colonial Pipeline is now fully operational, but not before panic-stricken consumers started hoarding gas and complaining about price gouging.

The Colonial Pipeline transports more than 2.5 million barrels a day of diesel, gasoline, jet fuel and natural gas via Gulf Coast pipelines that span more than 5,500 miles.

Reuters reported that the hackers stole more than 100 GB of data and that the FBI and other government agencies had successfully collaborated with private companies to take down the cloud servers the hackers used to steal the data. The ransom amount remains undisclosed and so does Colonial Pipelines’ response to the extortion attempt.  

DarkSide claims it does not target schools, hospitals, nursing homes or government organizations and that it donates part of its bounty to charity. The group reportedly demands payment for a decryption key and is increasingly demanding additional payment not to publish stolen data. DarkSide also stated on its website recently that it is not geopolitically motivated.

The Colonial Pipeline attack has been deemed “the worst attack on critical infrastructure to date.” 

Lessons Learned

U.S. critical infrastructure has become a popular cyberwarfare target. The weak underbelly has been aging tech and industrial control systems (ICSs) which may lack adequate physical and cyber security.

The problem isn’t a new one, but the number of attacks continue to rise.

Quick Tips

No business is immune from a ransomware attack.

  • Limit administrative privileges.
  • Limit the use of hardware and software to authorized hardware and software. While this may not be possible in all organizations, it is important for critical infrastructure organizations.
  • Monitor system, application, network and user behavior for anomalous activity.
  • Do a thorough cybersecurity assessment that involves white hat penetration testing. Critical infrastructure organizations should check for physical and cyber weaknesses.
  • Fortify the soft spots.
  • Have an incident response plan in place that involves operations, finance, legal, compliance, IT, risk management and communications.
  • Patch software as soon as possible.
  • Train and update the workforce on cyber hygiene.
  • If your company is attacked, engage a firm that specializes in forensics. Contact local and federal law enforcement, as appropriate.

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://www.cshub.com/attacks/articles/iotw-ransomware-attack-closes-colonial-pipeline

Continue Reading

AI

Pandemic Spurred Identity Fraud; AI and Biometrics Are Responding 

Avatar

Published

on

AI and biometrics are being more widely incorporated in new cybersecurity products, as losses from cyberattacks and identity theft increased dramatically in 2020. (Credit: Getty Images) 

By AI Trends Staff 

Cyberattacks and identity fraud losses increased dramatically in 2020 as the pandemic made remote work the norm, setting the stage for AI and biometrics to combine in efforts to attain a higher level of protection. 

One study found banks worldwide saw a 238% jump in cyberattacks between February and April 2020; a study from Javelin Strategy & Research found that identity fraud losses grew to $56 billion last year as fraudsters used stolen personal information to create synthetic identities, according to a recent account from Pymnts.com. In addition, automated bot attacks shot upward by 100 million between July and December, targeting companies in a range of industries.  

Companies striving for better protection risk making life more difficult for their customers; another study found that 40% of financial institutions frequently mistake the online actions of legitimate customers to those of fraudsters. 

Caleb Callahan, Vice President of Fraud, Stash Financial

“As we look toward the post-pandemic—or, more accurately, inter-pandemic—era, we see just how good fraudsters were at using synthetic identities to defeat manual and semi-manual onboarding processes,” stated Caleb Callahan, Vice President of Fraud at Stash Financial of New York, offering a personal finance app, in an interview with Pymnts. 

SIM Sway Can Create a Synthetic Identity  

One technique for achieving a synthetic identity is a SIM swap, in which someone contacts your wireless carrier and is able to convince the call center employee that they are you, using personal data that may have been exposed in hacks, data breaches or information publicly shared on social networks, according to an account on CNET.  

Once your phone number is assigned to a new card, all of your incoming calls and text messages will be routed to whatever phone the new SIM card is in.  

Identity theft losses were $712.4 billion-plus in 2020, up 42% from 2019, Callahan stated. “To be frank, our defenses are fragmented and too dependent on technologies such as SMS [texting] that were never designed to provide secure services. Banks and all businesses should be looking at how to unify data signals and layer checkpoints in order to keep up with today’s sophisticated fraudsters,” he stated.  

Asked what tools and technologies would help differentiate between fraudsters and legitimate customers, Callahan stated, “in an ideal world, we would have a digital identity infrastructure that banks and others could depend on, but I think that we are some ways away from that right now.”  

Going forward, “The needs of the travel and hospitality, health, education and other sectors might accelerate the evolution of infrastructure for safety and security,” Callahan foresees. 

AI and Biometrics Seen as Offering Security Advantages 

AI can be employed to protect digital identity fraud, such as by offering greater accuracy and speed when it comes to verifying a person’s identity, or by incorporating biometric data so that a cybercriminal would not be able to gain access to information by only providing credentials, according to an account in Forbes. 

Deepak Gupta, Cofounder and CTO, LoginRadius

AI has the power to save the world from digital identity fraud,” stated Deepak Gupta, author of the Forbes article and cofounder and CTO of LoginRadius, a cloud-based consumer identity platform. “In the fight against ID theft, it is already a strong weapon. AI systems are entirely likely to end the reign of the individual hacker.”  

While he sees AI authentication as being in an early phase, Gupta recommended that companies examine the following: the use of intelligent adaptive authentication, such as local and device fingerprint; biometric authentication, based on the face or fingerprints; and smart data filters. “A well-developed AI protection system will have the ability to respond in nanoseconds to close a leak,” he stated. 

Pandemic Altered Consumer Financial Behavior, Spurred Identity Fraud  

The global pandemic has had a dramatic impact on consumer financial behavior. Consumers spent more time at home in 2020, transacted less than in previous years, and relied heavily on streaming services, digital commerce, and payments. They also corresponded more via email and text, for both work and personal life.  

“The pandemic inspired a major shift in how criminals approach fraud,” stated John Buzzard, Lead Analyst, Fraud & Security, with Javelin Strategy & Research in a press release. “Identity fraud has evolved and now reflects the lengths criminals will take to directly target consumers in order to steal their personally identifiable information.” 

Companies made quick adjustments to their business models, such as by increasing remote interactions with borrowers for loan originations and closings, and criminals pounced on new vulnerabilities they discovered. Nearly one-third of identity fraud victims say their financial services providers did not satisfactorily resolve their problems, and 38% of victims closed their accounts because of lack of resolution, the Javelin researchers found.   

“It is clear that financial institutions must continue to proactively and transparently manage fraud as a means to deepen their customer relationships,” stated Eric Kraus, Vice President and General Manager of Fraud, Risk and Compliance, FIS. The company offers technology solutions for merchants, banks, and capital markets firms globally. “Through our continuing business relationships with financial institutions, we know firsthand that consumers are looking to their banks to resolve instances of fraud, regardless of how the fraud occurred,” he added.  

This push from consumers who are becoming increasingly savvy online will lay a foundation for safer digital transactions.  

“Static forms of consumer authentication must be replaced with a modern, standards-based approach that utilizes biometrics,” stated David Henstock, Vice President of Identity Products at Visa, the world’s leader in digital payments. “Businesses benefit from reduced customer friction, lower abandonment rates and fewer chargebacks, while consumers benefit from better fraud prevention and faster payment during checkout.” 

The 2021 Identity Fraud Study from Javelin is now in its 18th year. 

Read the source articles and information from Pymnts.com, from CNETin Forbes and in a press release from Javelin Strategy & Research. 

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://www.aitrends.com/security/pandemic-spurred-identity-fraud-ai-and-biometrics-are-responding/

Continue Reading

Cyber Security

Pipeline Update: Biden Executive Order, DarkSide Detailed and Gas Bags

Avatar

Published

on

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://threatpost.com/pipeline-biden-darkside-gas-bags/166112/

Continue Reading

Cyber Security

8 Cyber Security Practices Every Organization Adopt

Avatar

Published

on

Computer internet cyber security background. Cyber crime vector illustration. digital
Computer internet cyber security background. Cyber crime vector illustration. digital

Cyber security is such a pressing matter among companies, especially for large enterprises. Since there’s a lot to get from hacking large companies, they’re bound to experience cyber threats such as Trojans, malware, phishing, and ransomware regularly. But remember that there have been cases of cyberattacks on businesses with 100 or fewer employees, so small- and medium-sized companies are not exempt from this issue.

Regardless of the size of your company, consider strengthening your cyber security. There’s no better way to do that than by increasing the number of your security controls.

Security controls are countermeasures that prevent cyberattacks and minimize security risks on information, physical property, and, most importantly, your computer systems. For more information, you can read the article of Beryllium regarding security controls.

If you plan to establish newer security controls for your computer systems, you might want to consider looking into the following cyber security practices:

Table of Contents

Invest In Antivirus Software

A long time ago, you only had to worry about viruses, but that’s no longer the case. Today, there are all kinds of cyberthreats such as Trojan horses, worms, spyware, ransomware, and malware. If you want to be protected against these kinds of threats, you should consider investing in antivirus software. Antivirus software refers to any program designed to detect and eliminate various threats to a system, including those mentioned earlier.

Establish A Firewall

Antivirus software focuses on threats that may corrupt the programs inside a computer system. However, it doesn’t cover external threats; for those, you need a firewall. A firewall is a form of security control that helps keep external threats from breaching a computer system in the first place. You can think of it as the first line of defense against cyber threats. A firewall partnered with antivirus software can provide extremely powerful protection for any organization.

Utilize Multifactor Authentication

Usually, when logging into a computer system, you need to input your username and an authentication code, which is the password. But as previously said, cyberthreats have already evolved. It’s no longer enough to use a single authentication code, and that’s what multifactor authentication (MFA) is all about.

Basically, multifactor authentication is the process of requiring more than two codes from the user. So instead of a password alone, the system may also ask for a fingerprint, one-time passwords (OTPs), and more. This reduces the chances of hackers getting into the system.

Encourage Safe And Secure Passwords

Although you can use MFA, passwords are still the hardest authentication codes to crack. Hackers can steal OTPs with special software or even fake fingerprints. However, passwords are difficult to predict, perhaps due to their randomness.

If you’re going to implement MFA, you might as well make sure your employees have safe and secure passwords. You can start by giving them a few pointers, such as the following:

    • Use a password generator for the sake of randomness.
    • Avoid common characters.
    • Use a mix of characters.
    • Lengthen your password.

Monitor Third Parties’ Access To Data

Certain companies outsource some of their operations to third-party agencies. In doing so, they’re giving those firms access to confidential information.

If you’re currently in partnership with an outsourcing agency, you might want to consider monitoring them and limiting their access to data as well. After all, you can’t strengthen their cyber security even if you want to. If you do suffer from security breaches due to their negligence, your company would be on the losing side, so it’s better to be safe than sorry.

Check For Security Patches And Updates

Operating systems roll out security patches and updates every now and then. Your job is to apply those patches as soon as possible. Even if you leave your computer system outdated only for a few hours, there can be severe consequences.

Back Up All Data

Regardless of how secure your system is, there’s no guarantee that a hacker won’t get past your security controls. To minimize the damage from security breaches, companies must have a backup of all their data on a device not connected to the computer system. That way, if ever the computer system’s corrupted, you don’t have to worry about your data getting lost.

Educate Your Employees

Making mistakes is what makes one human. Some errors have minor consequences, but some can lead to huge problems. If your employees have access to the company’s system, the only thing hackers need to do is to take advantage of inexperienced employees. They can do this through phishing and other social engineering techniques.

If you don’t want your employees to bear all the blame for a security breach, try raising their awareness through training that teaches them about cyber security threats. Granted, it won’t guarantee 100% security, but it will reduce the chances for a cyberattack nonetheless.

Wrapping Up

Take note that every security control has a weakness. Your job is to ensure that those weaknesses are taken care of by other security controls. Take antivirus software and firewall, for example. Antivirus software deals with internal threats, while a firewall deals with external threats. If you want to strengthen your cyber security, you need to know how cyber security practices interact with each other, and this guide should have everything you need in that regard.

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://cybersguards.com/8-cyber-security-practices-every-organization-adopt/

Continue Reading
ZDNET35 mins ago

US pipeline ransomware attack serves as fair warning to persistent corporate inertia over security

Esports43 mins ago

Evil Geniuses become first team to qualify for The International 10

Esports46 mins ago

Valorant Error Code VAN 81: How to Fix

Energy47 mins ago

AlphaESS lance de nouveaux produits et programmes au salon Smart Energy Conference & Exhibition de 2021

ZDNET50 mins ago

ASD knows who attacked the APH email system but isn’t revealing who

Energy52 mins ago

Levi’s largest Knit supplier in Pakistan expands capacity with TUKATECH

Energy1 hour ago

Global Aluminum Extrusion Market to grow by 8.87 million tons|Key Drivers and Market Forecasts|17000+ Technavio Research Reports

Blockchain1 hour ago

Hong Kong in Talks with China to Stretch Cross-Border Testing of Digital Yuan

ZDNET1 hour ago

Labor pitches ‘startup year’ as key to Australia’s future

Esports1 hour ago

Ninja claims he once made $5 million in a month from Fortnite Support-A-Creator Code

Payments2 hours ago

MFS Africa invests in Cameroon’s Maviance

ai-women.jpg
Payments2 hours ago

Wise looks to next generation of IT staff with coding school kood / Jõhvi

Payments2 hours ago

Central bankers split on CBDC future

Big Data2 hours ago

Aeva announces customer deal; shares soar even after results disappoint

Big Data2 hours ago

Elon Musk on crypto: to the mooooonnn! And back again

Big Data2 hours ago

Airbnb bookings jump 52% as vaccinations spur vacation rental demand

Big Data2 hours ago

Disney’s streaming growth slows as pandemic lift fades, shares fall

Big Data2 hours ago

Dogecoin pops after Musk tweets about ‘promising’ system improvements

Cyber Security2 hours ago

IOTW: Ransomware Attack Closes Colonial Pipeline

Cleantech2 hours ago

Congress’s Chance to Protect Our Coasts

Esports2 hours ago

CS:GO Update 1.37.9.1 adds several updates to new map Ancient

Aviation2 hours ago

Qantas Future Small Plane: The Embraer E2 Family Vs Airbus A220

Energy2 hours ago

Aerosol Packaging Market will Accelerate at a CAGR of over 4% through 2021-2025|Growing Focus Toward Sustainable Approach In Packaging to upheave Growth|Technavio

Cleantech2 hours ago

Line 5 Pipeline Continues Operation, Violating Michigan Order

Energy2 hours ago

How Young Entrepreneur Jeff Clayton Is Innovating the Dropshipping Logistics Industry

Aviation3 hours ago

COVID-19: Air Canada extends flight ban from India to June 22

Aviation3 hours ago

Edmonton Airport, JOIN & IAC sign MoU

Aerospace3 hours ago

Axelspace raises $24 million in Series C round

Aviation3 hours ago

Exchange Income Corporation Maintains Record of Consistently Solid Performance One Year into Pandemic

Energy3 hours ago

Pan American Silver Announces Results of Annual General and Special Meeting

Trending