Microsoft uses honeypot techniques to deter cybercriminals by info.odysseyx@gmail.com October 22, 2024 written by info.odysseyx@gmail.com October 22, 2024 0 comment 10 views 10 Deception is critical to the brutal activities of black hat hackers, but, as Microsoft recently showed, it can also be a powerful weapon against those hackers. At a BSides event in Exeter, England earlier this year, the software maker’s “chief of deception”, Ross Bevington, described an ambitious project that lures cybercriminals with realistic-looking honeypot tenants with access to Microsoft’s Azure cloud to gather intelligence about them and disrupt them. their operation. According to Microsoft, it monitors about 25,000 phishing sites every day, feeding about 20% of them with honeypot certificates. Once an attacker logs into the fake tenant, every action they take is logged, allowing Microsoft to learn the threat actor’s tactics, strategies, and tactics (TTP). “I worked for Microsoft for 11 years and deployed deception technology for some of its customers and was involved in internal projects that used deception technology. As far as I can tell from the very limited details, it appears to be a large-scale fraud scheme,” said Roger Grimes, a defense campaigner. KnowBe4Security Awareness Training Provider in Clearwater, Fla. “Most fraud schemes involve one or a few fraud endpoints,” he told TechNewsWorld. “This one appears to involve hundreds of fake users and a bunch of fake tenants with simulated content. It’s pretty big as far as fraudulent schemes go.” Playing mind games with baddies “During Microsoft’s presentation at Bsides, one thing caught my eye: phishing schemes using fake Azure tenants to map infrastructure,” added Chris Dukich, founder Display nowA digital signage company in Boston. “This is a new level of deception that gives Microsoft the advantage of being able to gather intelligence on phishers around the world and disable them before they can deploy their attacks widely,” he told TechNewsWorld. Stephen Kowsky, Field CTO Slash NextA Pleasanton, Calif.-based computer and network security company noted that Microsoft’s approach to using fake Azure tenants represents an innovative change in deception tactics. “By leveraging their cloud infrastructure, they have created a more scalable and dynamic honeypot environment,” he told TechNewsWorld. “This approach allows real-time monitoring and analysis of attacker behavior within a controlled, yet realistic, cloud ecosystem, providing deep insight into sophisticated phishing operations.” Besides explaining its honeypot scheme, the BSides session may have another purpose for Microsoft. “Deception technology is not something defenders talk about very often,” says Casey Ellis, its San Francisco-based founder and advisor. Bograwhich operates a crowdsourced bug bounty platform. “Part of its utility comes from the fact that it looks exactly like a live system, so the general deployment method is a silent one.” “By announcing that they’re doing this, Microsoft is playing a bit of mind games with the bad guys,” he told TechNewsWorld. Cheating techniques are not for everyone As Microsoft illustrates, deception can be an effective tool for thwarting the digital reckless, but it’s not for everyone. “Fraud tactics take a lot of resources,” admits Vaclav Vincalek, a virtual CTO and founder of 555vCTOIn Vancouver, British Columbia, Canada. “It needs to be set up properly, and then you need manpower to monitor it,” he told TechNewsWorld. “And, of course, the question is, what do you do with the information?” Grimes agreed. “The average organization does not have the time to conduct such research activities and, in general, when fraud technologies are used, they are used for early warning to speed up incident response and reduce costs and downtime.” Some of these manpower concerns can be addressed through the use of artificial intelligence. “Creating realistic or believable deception environments becomes an ideal task for employing a large language model AI, as one needs to be able to create many separate accounts that interact with each other, with a backlog of historical communications between them to search for threat actors. Via ,” Daniel Blackford, director of threat research Proofpointan enterprise security company in Sunnyvale, California, told TechNewsWorld. Grimes praised Microsoft and other big companies for doing the hard work of using deception to research and learn, and then using the lessons learned to improve defenses that benefit everyone. “As much as I like fraud technology in general, mitigating phishing is not the best use case for the average organization,” he added, “but Microsoft is using it — where they’re learning what the current and latest tools are, the techniques, and the techniques — it’s a great tool. .” Combat Phishing While using deception to combat phishing may not be in the cards for every organization, it can be a powerful weapon for those who want to deploy it for this purpose. “Deception can be a powerful tool against phishing, using fake assets — such as decoy emails, websites or credentials — to mislead attackers into revealing their tactics without compromising real data,” said Sean Loveland, cybersecurity expert. safetyA global enterprise and government cybersecurity company. “Using these methods, organizations deploy phishers in controlled settings, enabling security teams to detect and analyze phishing attempts in real-time,” he told TechNewsWorld. “It diverts the threat from the actual target while gathering intelligence on phishing tactics.” “Additionally,” Loveland continued, “simulated phishing campaigns train users and internal monitoring systems to recognize and prevent real attacks, enhancing overall security.” Kowsky added that phishing remains a significant threat to organizations as it evolves and adapts to new security measures. “BEC (business email compromise) innovation has declined, and instead, we’ve seen the rise of multi-channel 3D phishing attacks. Threat actors are innovating and exploiting trusted services like OneDrive, Dropbox and GitHub to deliver malicious emails,” he said. “This shift in tactics makes phishing a constant and growing concern for organizations.” “Phishing is and will continue to be one of the most significant threats facing individuals and organizations,” Loveland added “New AI-powered phishing tools, combined with personal data available to phishers, will fundamentally change things for phishers.” For organizations that use deception to combat phishing attacks, Vincalek offers this advice: “Deception works really well when organizations combine the technique with other security measures. Businesses should not rely on deception alone to combat all phishing attacks.” Grimes added: “If you use spoofing technologies, be sure to customize them so that they mimic your real environment. For example, if you primarily use Microsoft Windows in your environment, you can use the same default services and network ports for your spoofing. Want technologies to look like Windows.” “A common mistake new fraud technology users make,” he explains, “is to remove fraud technologies that don’t seem natural to their environment, advertising the wrong services and ports for what the company actually uses.” Share 0 FacebookTwitterPinterestEmail info.odysseyx@gmail.com previous post OpenAI Assistants Interactive Visualizations Using Chart.js next post From Pixels to Intelligence: Introduction to OCR Free Vision RAG using Colpali For Complex Documents You may also like How to strengthen AI security with MLSecOps December 6, 2024 The Sonos Arc Ultra raises the bar for home theater audio December 5, 2024 Aptera Motors will showcase its solar EV at CES 2025 December 3, 2024 How Chromebook tools strengthen school cybersecurity December 2, 2024 Nvidia unveils the ‘Swiss Army Knife’ of AI audio tools: Fugato November 26, 2024 Nvidia Blackwell and the future of data center cooling November 25, 2024 Leave a Comment Cancel Reply Save my name, email, and website in this browser for the next time I comment.