Honeypot techniques are used to lure cyber attackers into spaces where they can be tracked without doing harm. (Credit: Theresa Thompson (CC BY 2.0)
ALBUQUERQUE: A new investment by the Pentagon’s Silicon Valley outpost gives the military new tech to catch and stop insider threats on compromised networks. Announced January 25, the Defense Innovation Unit awarded an Other Transaction agreement to CounterCraft to detect and provide intelligence on cyber threats. DIU has already prototyped CounterCraft’s platform.
In 2016, NATO set out to incorporate honeypots into its defensive posture. In November 2020, NATO experimented with CounterCraft’s platform as a way to lure and red team identify hackers, and found the platform successful.
The technology, the Cyber Deception Platform, creates a trap for hostile actors, encouraging them to reveal their techniques, tools, and command structure once that have already breached a network.
“They’re essentially honeypots and honeynets,” said Amyn Gilani, CounterCraft’s Chief Growth Officer, referring to the cybersecurity techniques of making an enticing trap (honeypots) and linking those traps together (honeynets).
Honeypots themselves are an old technique. Famously, honeypots were used to detect the 2017 WannaCry attack. CounterCraft’s offering is designed to find more active intrusion, and then to convince the attackers into revealing all the tools they have before they realize they are in a virtual decoy.
“What we’re doing here is making an environment look really interesting. We’re putting real endpoint detection services on endpoints, making it look like a real environment,” said Gilani. “It’s interactive in a way — we’re putting breadcrumbs as well, along this honeynet network, so the threat actor can lure themselves into other honeypots as well.”
Convincing an attacker to fall into the honeypot means, in part, replicating the normal sloppiness with passwords or network bypasses attackers rely on. Those breadcrumbs could include passwords left in notepads or GitHub, or network credentials, the kind of absent-minded (or careless) mistakes humans normally make.
With the intentional fake trail set up, an attacker can go into the curated honeypot, and under the illusion that they have accessed something secure and important, start pulling in code and tools to steal planted information, and send it to other networks, be they criminal or nation-state, that are interested in the attack.
“We’re cataloging everything that the threat actor is doing within the honeypot environment,” said Gilani. This lets the organization using the dashboard “see what part of the kill chain they’re susceptible to attack. The threat actor is revealing their hand.”
As structured, this kind of trap and security is meant to find threats already inside the network, but ones who are looking for deeper access to information and, likely, looking to stay inside a network for longer.
“It reportedly took over 9 months for the attack team behind SolarWinds to make a mistake and get caught by a security process in FireEye,” said Gilani, “We specifically built CounterCraft as a company to create a solution to mitigate this situation. We deploy a number of campaigns across internal networks specifically designed to appeal to threat actors looking to get deeper network access to more important network assets from their current foothold.”
ROC-X – The solution to organic precision strike capabilities
At AUSA Global Force 2024, IAI will present integrated, AI-driven combat systems – both manned and unmanned – that are opening new opportunities on the battlefield.
Norway’s top officer on his ‘biggest challenge,’ next frigate and new NATO neighbors
Gen. Eirik Kristoffersen, Norway’s Chief of Defense, talks to Breaking Defense about his plans for spending on new frigates and subs, the challenges of upgrading Norway’s “digital backbone” and refilling the military’s stocks.
