People have been trying to protect themselves against criminals in numerous ways. In the digital field, honeypots have been successfully used for decades to detect cyber dangers with a false target in the IT environment. Meanwhile, malicious actors know how to circumvent this. French cybersecurity company TEHTRIS therefore comes up with “nomadic” honeypots, which criminals can deceive time and again.
Honeypots often make a cameo when yet another criminal network is unmasked. For example, two security researchers were recently able to watch hackers for 100 hours through a remote desktop session. The attackers thought they had penetrated an extensive corporate network. This allowed the security experts to learn an enormous amount about the modus operandi of the hackers in question. The duo noted that this methodology could also be helpful for investigative teams.
There have been variations of the honeypot concept in the past. Virtual honeypots are the simplest to create, mostly simulating a TCP/IP address of a legitimate device. It is also possible to mimic a physical device that is entirely focused on deceiving a cybercriminal. Once one attacks this false target, a security team can figure out who the culprits are and where the data goes. At least, that’s the idea.
One problem with conventional honeypots is that once discovered by a criminal, they remain unchanged within the network. This gives a cybercrime group a chance to communicate among themselves that this is a false target after which a malicious attack is easier to achieve.
From static to dynamic
A nomadic honeypot, according to TEHTRIS, should solve this problem: It automatically changes its location in the network so that a criminal can never determine where it will be next. It is a result of the Automated Moving Target Defense (AMTD) concept, which Gartner has lauded as an important aid to security. TEHTRIS explains that a quarter of all cloud applications will likely use this dynamic form of defense by 2025. Criminals are unable to inform themselves about such a security solution. So for that reason, a more critical role for deception in the fight against cybercrime seems to be on the horizon.
“Cybercriminals are better organized and more motivated than ever. Therefore, it is crucial to act collectively and implement adaptable, effective defenses,” stated co-founder and CTO Laurent Oudot. “With this new generation of honeypots, TEHTRIS is providing the community with advanced cyber intelligence and confirming its position as a pioneer in cyber threat detection.”
Beyond detection & response
TEHTRIS wants to think bigger, however: it is coming up with 1,300 nomadic honeypots located in 50 countries. Together, these form a “dynamic decoy,” as they put it. The honeypots are designed to detect any kind of malicious activity on the Web and would then identify and neutralize them. They continuously receive a new IP address, thus maximizing the life of the defense mechanism. In fact, as a criminal, you can’t simply get rid of the honeypot in place or ignore it, as you can be fooled by it multiple times. However, the idea, of course, is that a hacker will be unaware for as long as possible that there even is a decoy.
According to the company, this innovation is also a manifestation of the changing security posture that companies seek. Instead of constantly reacting to threats with all the haste that comes with it, they are trying to incorporate as much proactivity as possible.
TEHTRIS takes that proactivity even further. Thet compare the analytical capabilities of the new innovation to a global weather forecast: the network of honeypots, because of its large scale, could see what types of threats are prominent in certain regions, akin to seeing signs of a hurricane forming over warm water. Through a trend report, it lets the outside world know how many criminals are active online and where.
The company shares the findings from its nomadic honeypot network with security institutions such as ANSSI and the Cyber Threat Alliance. On its own XDR platform, TEHTRIS offers even more insights. In addition, organizations themselves can set an additional trap in their local network with TEHTRIS Deceptive Response, which provides real-time alerts when threats are on the trail. You can read about their findings in the company’s blogs.
Also read: Backdoor malware targets unrecoverable Barracuda ESG appliances