智邦网
2021-1-30 智邦网
编译 致远
据Breakingdefense网1月28日报道
五角大楼将加强对硅谷前沿创新企业投资,以开发防止网络内部威胁的新技术。
美国防部“国防创新单元”(DIU)授予CounterCraft 公司检测网络威胁并提供情报的交易协议。DIU已经研制出CounterCraft 平台的样机。
2020年12月,北约对CounterCraft平台组织打击黑客实验取得成功,计划用于防务。
该“网络欺骗平台”开发出相关技术,为敌对者制造陷阱,诱使对方在一旦突破网络时暴露其技术、工具和指挥架构。
CounterCraft首席增长官安米•吉拉尼说:“本质上就是蜜罐和蜜网”,即开发诱惑陷阱(蜜罐)并将这些陷阱连接起来,形成“蜜网”的网络安全技能。
DIU Turns To Honeypots For Advanced Cyber Defense
ALBUQUERQUE: A new investment by the Pentagon’s Silicon Valley outpost gives the military new tech to catch and stop insider threats on compromised networks. Announced January 25, the Defense Innovation Unit awarded an Other Transaction agreement to CounterCraft to detect and provide intelligence on cyber threats. DIU has already prototyped CounterCraft’s platform.
In 2016, NATO set out to incorporate honeypots into its defensive posture. In November 2020, NATO experimented with CounterCraft’s platform as a way to lure and red team identify hackers, and found the platform successful.
The technology, the Cyber Deception Platform, creates a trap for hostile actors, encouraging them to reveal their techniques, tools, and command structure once that have already breached a network.
“They’re essentially honeypots and honeynets,” said Amyn Gilani, CounterCraft’s Chief Growth Officer, referring to the cybersecurity techniques of making an enticing trap (honeypots) and linking those traps together (honeynets).
Honeypots themselves are an old technique. Famously, honeypots were used to detect the 2017 WannaCry attack. CounterCraft’s offering is designed to find more active intrusion, and then to convince the attackers into revealing all the tools they have before they realize they are in a virtual decoy.
“What we’re doing here is making an environment look really interesting. We’re putting real endpoint detection services on endpoints, making it look like a real environment,” said Gilani. “It’s interactive in a way — we’re putting breadcrumbs as well, along this honeynet network, so the threat actor can lure themselves into other honeypots as well.”
Convincing an attacker to fall into the honeypot means, in part, replicating the normal sloppiness with passwords or network bypasses attackers rely on. Those breadcrumbs could include passwords left in notepads or GitHub, or network credentials, the kind of absent-minded (or careless) mistakes humans normally make.
With the intentional fake trail set up, an attacker can go into the curated honeypot, and under the illusion that they have accessed something secure and important, start pulling in code and tools to steal planted information, and send it to other networks, be they criminal or nation-state, that are interested in the attack.
“We’re cataloging everything that the threat actor is doing within the honeypot environment,” said Gilani. This lets the organization using the dashboard “see what part of the kill chain they’re susceptible to attack. The threat actor is revealing their hand.”
As structured, this kind of trap and security is meant to find threats already inside the network, but ones who are looking for deeper access to information and, likely, looking to stay inside a network for longer.
“It reportedly took over 9 months for the attack team behind SolarWinds to make a mistake and get caught by a security process in FireEye,” said Gilani, “We specifically built CounterCraft as a company to create a solution to mitigate this situation. We deploy a number of campaigns across internal networks specifically designed to appeal to threat actors looking to get deeper network access to more important network assets from their current foothold.”
相关信息
美商务部:2020年美国经济萎缩3.5% 创1946年来最大降幅