美国防部“国防创新单元”（DIU）授予CounterCraft 公司检测网络威胁并提供情报的交易协议。DIU已经研制出CounterCraft 平台的样机。
DIU Turns To Honeypots For Advanced Cyber Defense
ALBUQUERQUE: A new investment by the Pentagon’s Silicon Valley outpost gives the military new tech to catch and stop insider threats on compromised networks. Announced January 25, the Defense Innovation Unit awarded an Other Transaction agreement to CounterCraft to detect and provide intelligence on cyber threats. DIU has already prototyped CounterCraft’s platform.
In 2016, NATO set out to incorporate honeypots into its defensive posture. In November 2020, NATO experimented with CounterCraft’s platform as a way to lure and red team identify hackers, and found the platform successful.
The technology, the Cyber Deception Platform, creates a trap for hostile actors, encouraging them to reveal their techniques, tools, and command structure once that have already breached a network.
“They’re essentially honeypots and honeynets,” said Amyn Gilani, CounterCraft’s Chief Growth Officer, referring to the cybersecurity techniques of making an enticing trap (honeypots) and linking those traps together (honeynets).
Honeypots themselves are an old technique. Famously, honeypots were used to detect the 2017 WannaCry attack. CounterCraft’s offering is designed to find more active intrusion, and then to convince the attackers into revealing all the tools they have before they realize they are in a virtual decoy.
“What we’re doing here is making an environment look really interesting. We’re putting real endpoint detection services on endpoints, making it look like a real environment,” said Gilani. “It’s interactive in a way — we’re putting breadcrumbs as well, along this honeynet network, so the threat actor can lure themselves into other honeypots as well.”
Convincing an attacker to fall into the honeypot means, in part, replicating the normal sloppiness with passwords or network bypasses attackers rely on. Those breadcrumbs could include passwords left in notepads or GitHub, or network credentials, the kind of absent-minded (or careless) mistakes humans normally make.
With the intentional fake trail set up, an attacker can go into the curated honeypot, and under the illusion that they have accessed something secure and important, start pulling in code and tools to steal planted information, and send it to other networks, be they criminal or nation-state, that are interested in the attack.
“We’re cataloging everything that the threat actor is doing within the honeypot environment,” said Gilani. This lets the organization using the dashboard “see what part of the kill chain they’re susceptible to attack. The threat actor is revealing their hand.”
As structured, this kind of trap and security is meant to find threats already inside the network, but ones who are looking for deeper access to information and, likely, looking to stay inside a network for longer.
“It reportedly took over 9 months for the attack team behind SolarWinds to make a mistake and get caught by a security process in FireEye,” said Gilani, “We specifically built CounterCraft as a company to create a solution to mitigate this situation. We deploy a number of campaigns across internal networks specifically designed to appeal to threat actors looking to get deeper network access to more important network assets from their current foothold.”