Antivirus Implement discreet monitoring of companies, information security experts, and just enthusiasts telemarketing data place honeypot systems. on the Internet to “catch” a new variant of a virus or identify unusual hacking tactics. Honeypots are so common that cybercriminals have developed a kind. of immunity: they quickly recognize that they are in front of a trap and simply ignore it. To study the Implement discreet monitoring of tactics of modern hackers, we created a realistic honeypot that lived on the Internet for seven months, attracting various attacks. We talked about how this happened in our study “Caught in the act: Running a realistic honey factory. to capture real threats” Some facts from the study are in this publication.
Honeypot Development: Checklist
The main task in creating our supertrap was to protect us from detection. by hackers who showed interest in it. This required a lot of work:
Create a realistic company legend, including full understand the customer journey names and photos of employees, phone numbers, and emails.
To invent and implement an industrial infrastructure model. that matches the legend of our company’s activities.
Decide which network services will be accessible from. the outside, but don’t get carried away with opening vulnerable ports so it doesn’t look like a trap for the unfortunate.
Organize the visibility of information leaks about a vulnerable. system and disseminate this information to potential attackers.
And now about everything in order.
Creating a legend
Cybercriminals are now used to encountering many honeypots. so the most advanced of them conduct a thorough investigation of each vulnerable system to saudi data make sure it is not a trap. For the same reason, we tried to ensure that the honeypot was not only. realistic in terms. of design and technical aspects, but also created the appearance of a real company.
Putting ourselves in the shoes of a hypothetical cool hacker. we developed a verification algorithm that would distinguish a real system from a trap. It included searching for company IP addresses in reputation systems, reverse-searching the history of IP addresses. searching for names and keywords associated with the company, as well as its counterparties, and much more. As a result, the legend turned out to be quite convincing and attractive.
We decided to position the decoy factory as a small boutique for industrial prototypes. working for very large anonymous clients in the military and aviation segments. This freed us from the legal complications associated with using an existing brand.
Next, we had to come up with a vision, mission, and name for the organization. We decided that our company would be a startup. with a small number of employees, each of whom was a founder. This added credibility to the story of the specialized nature of our business. which allowed it to handle sensitive projects for large and important clients. We wanted our company to appear weak from a cybersecurity perspective, but at the same time. it was obvious that we were working with important assets on targeted systems.