Honeypot – Cybersecurity Tool for Military Networks
This post is also available in: 
עברית (Hebrew)
Honeypots are not a new technique in cybersecurity. A honeypot is a computer system that’s intended to attract cyberattacks, like a decoy. It mimics a target for hackers and uses their intrusion attempts to gain information about cybercriminals and the way they are operating or to distract them from other targets.
A new cyber technology adopted by the US DoD is designed to find more active intrusion, and then to convince the attackers into revealing all the tools they have before they realize they are in a virtual decoy. The technology will provide the US military with new tools to catch and stop insider threats on compromised networks.
The Defense Innovation Unit (DIU) awarded an Other Transaction agreement to CounterCraft to detect and provide intelligence on cyber threats. DIU has already prototyped the company’s platform.
In 2016, NATO set out to incorporate honeypots into its defensive posture. In November 2020, NATO experimented with CounterCraft’s platform as a way to lure and red team identify hackers, and found the platform successful.
The technology, the Cyber Deception Platform, creates a trap for hostile actors, encouraging them to reveal their techniques, tools, and command structure once they have already breached a network.
“They’re essentially honeypots and honeynets,” said Amyn Gilani, CounterCraft’s Chief Growth Officer, referring to the cybersecurity techniques of making an enticing trap (honeypots) and linking those traps together (honeynets).
“What we’re doing here is making an environment look really interesting. We’re putting real endpoint detection services on endpoints, making it look like a real environment,” said Gilani. “It’s interactive in a way — we’re putting breadcrumbs as well, along this honeynet network, so the threat actor can lure themselves into other honeypots as well.”
According to breakingdefense.com, convincing an attacker to fall into the honeypot means, in part, replicating the normal sloppiness with passwords or network bypasses attackers rely on. Those breadcrumbs could include passwords left in notepads or GitHub, or network credentials, the kind of absent-minded (or careless) mistakes humans normally make.
With the intentional fake trail set up, an attacker can go into the curated honeypot, and under the illusion that they have accessed something secure and important, start pulling in code and tools to steal planted information, and send it to other networks, be they criminal or nation-state, that are interested in the attack.
