Threats Hiding in Plain Sight: Turning the Tables on Cybercrime with Honeypots

Threats Hiding in Plain Sight: Turning the Tables on Cybercrime with Honeypots

In 2019, employees are seemingly always just one click away from a cyberthreat. But what if your business was the one posing the threat to cybercriminals?

We recently talked about digital steganography as a tactic for distributing harmful code — a hard-to-spot cybercrime tactic that can easily infect users on social media and image-rich websites.

In keeping with the theme of hiding in plain sight, let’s discuss how your security team can turn the tables on a cybercriminal through the use of a security measure known as a “honeypot.”

A honeypot allows your business to do the tricking instead of cybercriminals. Essentially, it’s a way to trick threat actors into hacking a fake system, getting stuck in this virtual honeypot and unveiling who they are and what they want from your business.

Let’s take a look at what exactly a honeypot is and how you can use this clever security tactic to catch hackers red-handed.

What Exactly is a Honeypot?

Does turning the tables on the pesky hackers sounds useful to you? First, you need to understand what exactly a honeypot is. Let’s look at the definition from technopedia.com: 

A honeypot is a decoy computer system for trapping hackers or tracking unconventional or new hacking methods. Honeypots are designed to purposely engage and deceive hackers and identify malicious activities performed over the Internet.

The honeypot system has far less security, making it appealing to cybercriminals trying to break into. As it is a decoy, it has to look the part. Features like graphical interfaces, login warning messages, data fields and more need to be included so that criminals believe they’ve hacked into a legitimate network.

Once a hacker has taken the bait and entered the system, you’re able to monitor everything they do. Are they looking for employee information? Do they want customer data? You’ll be able to understand their intent.

Why Setup a Honeypot?

Honeypots may seem like a more time-consuming security measure than the standard approach, but in reality, they are a very practical solution.

Data collected by honeypots can be used to enhance the rest of your company’s security systems. Unlike other systems, honeypots allow you to understand the hacker: what they want, how they are breaking in, what systems they exploit and more.

You can sync this information with data from your other security systems. If used correctly, the data generated from a honeypot will paint a full picture of malicious activity within your organization and help you set up relevant security alerts. Overall, your IT security is stronger with the data generated from a honeypot than without it. 

As noted by Mark Dargin from Network World, another benefit of a honeypot is that attackers can become frustrated in the decoy system, leading to them giving up on the attack altogether. The more time spent in the honeypot means more time wasted for the hacker and less time spent on your production system.

While an irritated cybercriminal is a fine benefit, the most substantial benefit to a honeypot is knowledge.

If you’ve been unsuccessful at determining how hackers enter your system, consider setting up an internal honeypot. According to the 2016 Cyber Security Intelligence Survey, IBM found that company insiders carried 60% of all attacks.

When deploying a honeypot to catch a potential insider threat, make sure only a few people know of its existence. Deploy a less secure gateway into your internal network will bait the rogue employee to show themselves.

How to Design Your Honeypot

Dargin explains that it’s critical to have proper alerts to your security team configured for your honeypot. You should have logs for all devices in the decoy system sent to a centralized logging server, and notifications set up for whenever an attacker enters the environment. This will enable staff to track the attacker and closely monitor the production environment to make sure it is secure.

The more detailed and closely resembling your actual environment the better — but doing so takes more time to deploy and configure. You want it to be attractive to the potential hacker, which means ignoring standard security practices.

Passwords should be weak and specific vulnerable ports should be left open. You want your honeypot to be as appealing to the attacker as possible so that they go into the decoy environment rather than the live production environment.

According to Dargin, attackers typically attack the less secure environment before going to one that has stronger defenses. This allows security staff to learn how hackers bypass the standard controls and gives them the opportunity to make adjustments after.  

Once these attackers in, you're all set to observe and record. The data you gather will be invaluable for improving your cybersecurity.

Not All Honeypots Are Good

Unsurprisingly, not all honeypots are used for good. You’ve likely heard the warning not to use public Wi-Fi. One of the main reasons are hotspot honeypots.

A criminal will set up a public network to connect in a common working location (i.e., coffee shop). They label it with the same name as the coffee shop’s public network and make it free to join. From there, numerous people will use it throughout the day. Users who access important shared files for work or use payment information will then have that information stolen. 

To avoid falling for a honeypot yourself, follow these steps from securityboulevard.com:

  • Turn Off the Wi-Fi: If your Wi-Fi is not turned on, there is no security or privacy risk whatsoever. You can instead use a 3G or 4G USB stick. On laptops, you can also use a wired Ethernet connection.
  • Avoid Open Wi-Fi Networks: If you care about the safety of your personal information, you should avoid open Wi-Fi networks altogether. Most cybersecurity specialists suggest this. If you are still going to use public networks, then use WPA-encrypted networks instead.
  • Use a VPN: If you still wish to use an open network, you should use what is known as a Virtual Private Network (VPN) to give yourself an additional layer of security. But even if you do use a VPN, the attacker might intervene with the Wi-Fi connection by sending a fake de-authentication frame.
  • Change Your Wi-Fi settings: Changing your Wi-Fi settings also helps in protecting your personal information and data. If your computer or smartphone no longer remembers the network it has connected to, this will also help protect your privacy. On the OS X, go to “network settings,” and under “advanced,” turn off “Remember networks this computer has joined.” 

Honeypots can dramatically improve your company’s security or damage it — depending which end you’re on. If your business is receiving high volumes of malicious traffic and other security measures aren’t working, a honeypot can help you understand what is happening and the best way to solve the problem. Just make sure you’re aware of all the ways honeypots can be put to use.

Interested in learning more about advanced cybersecurity tactics that will keep your business secure? Learn more about Switchfast’s cybersecurity services here.

Written by Nik Vargas