Black Box Lures Hackers Into Honeypots

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
This little black box looks promising. Too bad it doesn't work like devices in the movies do. Once a hack is detected, a jolt of electricity immediately disables the hacker's PC, stuns the crook and alerts the authorities to their location. ;)

South African security firm Thinkst is hoping to give new life to an old idea—the honeypot—in a bid to help organizations detect security breaches and intruders in their private networks. Thinkst's Canary is a simple network appliance and corresponding online monitoring service that makes it easy to set up juicy-looking targets on the corporate LAN that will sound the alarm if any attempt is made to access them.
Click to expand...
 
One of the consistent features of large hacks, such as the late 2013 Target breach, is that attackers have been able to move around their victims' networks to find systems with interesting or valuable data without being detected.
Click to expand...

In the case of Target, the attackers WERE detected by FireEye. The alerts from FireEye were monitored by a team in India, the team in India escalated to a team in the U.S., and from there nobody know what happened. The U.S. team missed or ignored the alert.

They would probably have ignored hits from this Black Box too.

From one point of entry—a compromised Web server, say—the hackers perform what's called "lateral movement;" accessing other systems and computers on the same network, discovering new sets of user credentials to gain further access to their victims, and finding valuable information to steal.
Click to expand...

Which is why you should make sure those lateral connections don't exist. Such as in the case of Target (again) the attackers made their way from a system setup for a contractor HVAC company to access to all of Target's point-of-sale machines.

There's no reason why the contractor's system should have been connected without firewall to the systems that had access to customer data.
 
GaryJohnson said:
Which is why you should make sure those lateral connections don't exist. Such as in the case of Target (again) the attackers made their way from a system setup for a contractor HVAC company to access to all of Target's point-of-sale machines.

There's no reason why the contractor's system should have been connected without firewall to the systems that had access to customer data.
Click to expand...

Wow, really?

I hadn't read up on it.

I'm no network engineer. The only experience I have with setting up and managing networks is my home network (which admittedly is slightly more advanced than your average home network) and even I know better...

I would have expected that anything involving financial transactions would have been on its own dedicated network with no link to non-financial networks.

This is as boneheaded as the fact that airliner avionics can be accessed from the on-board wifi... :rolleyes:
 
GaryJohnson said:
There's no reason why the contractor's system should have been connected without firewall to the systems that had access to customer data.
Click to expand...

This is what companies get when they hire the best and brightest from Barns Business, Automotive, and Typing college.
 
Our Chief of Info Security periodically sends out phishing e-mails to internal employees with links to a honeypot they set up. Sneaky bastards. They've caught alot of employees giving out their network id's and password with this trick.
 
You must log in or register to reply here.
Back
Top