Skip to main content

São Paulo/SP – October 24, 2022. o honeypot technology would be nothing more than a “bait” system, a honey pot made to attract, in this case, the hackers.  This trap system while attacked by a hacker opens up 2 solutions to the “hacker problem”.

*By Gabriel Marcondes

honeypot - Overview

According to Kaspersky, in 2022 between the months of January and April the attacks hackers in Brazil's small and medium-sized companies grew by 41% compared to the same period last year. This means that more and more hackers are taking advantage of smaller companies that, as a consequence, most of the time, do not have a system and security resources that a large company has. But how could I, the CEO or CISO of a company, protect my business from these intruders?

One of the solutions to this problem could be the honeypot, a “bait” system that attracts cyber attacks to a false target, thus keeping your environment safe.

To better understand this subject we can look to the past, the so-called honeypot or honeytrap was created in the world of espionage and consists of using a spy, usually a woman, to extract information using the novel as the main “weapon”. Once your victim falls into this trap, information can be extracted by methods such as blackmail or seduction, with the victim speaking their secrets of their own free will.

Back to the present… the honeypot technology would be nothing more than a “bait” system, a honey pot made to attract, in this case, the hackers.  This trap system while attacked by a hacker opens up 2 solutions to the “hacker problem”. The first is to distract you, as the intruder is preoccupied invading the honeypot and not your company's main system, for example. The second solution that the use of a honeypot provides is the study of this invader. As it is a fake system, there is no danger of being invaded, so efforts can be focused on collecting the modus operandi of that hacker, protecting your main system from a similar attack, or even discovering information about this person.

Types of honeypot

There are two types of honeypots with different interactions, below are some examples:

honeypots low interactivity: simulates some basic services, such as a email:

a honeypot considered of low interactivity is Nepenthes, which can be configured, for example, to detect botnets, scanning for spam and possible attacks phishing together with antivirus.

honeypots high interactivity: simulates real systems, such as a server:

an example of honeypot of high interactivity are the honeynets virtualization software, where with the use of virtualization software it is possible to use several operating systems with applications and services installed at the same time, enabling the collection of data and obtaining information from the intruders.

The greater the interactivity of the honeypot, the greater the difficulty for the attacker to succeed in his objective, that is, the more time is spent and more data can be collected, increasing the company's security, not to mention that the more real the simulation is, the less the attacker will suspect who is falling into a trap.

Final considerations

The honeypots can assist in the security of a company in several ways, from protecting its employees' mailboxes to detecting intrusion attacks, if combined with other tools, such as an antivirus or some network monitoring tool, it becomes a strong security barrier. It is also important to mention the possibility of creating an intelligence report where, with the data collected, it is possible to act in a defensive way, continuously improving the security of your company's systems.

— Gabriel Marcondes is a GRC Trainee at [SAFEWAY]

How can we help?

THE SAFEWAY is an Information Security consulting company recognized by its clients for offering high value-added solutions through projects that fully meet the needs of the business. In 14 years of experience, we have accumulated several successful projects that have earned us credibility and prominence with our clients, who largely make up the 100 largest companies in Brazil.

today through 25 strategic partnerships with global manufacturers and our SOC, SAFEWAY is considered a one stop shopping with the best solutions in technology, processes and people. We have both the technical skills and the experience necessary to assist your company in the process of structuring controls and preparing the environment for the implementation of an ISMS, SGS or SGCN and, consequently, certification of operations, services or companies to the ISO27001, ISO20000 or ISO22301 standards.

In order to support companies in this process of evaluation and adaptation to the requirements of the LGPD, [SAFEWAY] has in its portfolio of services, the Cybersecurity Health Check whose objective is to carry out a diagnosis of the CyberSecurity, Information Security and Data Privacy implemented in your company, contemplating the pillars of Law SuitPeople and Technology.

through the Cybersecurity Health Check, risks associated with information security and privacy of internal processes and activities are identified, existing controls and new controls evaluated according to the size of your organization to increase the level of maturity and compliance, in accordance with good information security practices. If you would like more information, contact one of our experts!