On other occasions we have seen other types of threats more or less known by the general public: from ransomware to droppers, and now it is the turn of the honeypots (literally “honey pots”).
Origin of this curious term, honeypot
The origins on the terminology are quite uncertain. What is certain is that it concerns the analogy of “like flies on honey”, i.e. a trap attractive to unfortunate people (in this case, inexperienced users, generally), who fall just like flies on the honey jar.
Some even attribute the origin to the Disney character Winnie The Pooh, as he always gets into trouble due to his gluttony for honey.
Kaspersy, insteadargues that this term derives from espionage, the James Bond one, where a romantic relationship with someone serves to steal information: hence the analogy honeymoon (honeymoon) and honey pot.
What is certain is that the threat exists and it is not always easy to recognize.
Types of honeypots
They can be divided into two macro-categories:
- of research;
- of production.
Second North VPNThe research honeypots “they are used above all by government institutions and research centers and they are very complex systems whose main purpose is to analyze the attacks suffered in order to perfect the existing protection techniques“.
On the other hand those of production: “they are generally used by companies. They are usually implemented within a broader active defense system (Intrusion Detection System or IDS), i.e. a system that allows you to identify attacks in advance to activate the appropriate countermeasures.”
In addition to these two listed, they can be further classified into three other sub-typologies:
- Pure.
- Highly interactive.
- Low interaction.
Pure honeypots are basically physical machines intended for the purpose of distracting the attacker, therefore to thwart a potential hacker attack.
Those with high interaction are real computers that run applications or services, making intruders believe they are interacting with real company or organization information.
Instead the low interaction “honey pots” emulate operating systems or services, but allow defenders to gather less information about attacks.
As you can see, this round are not always negative
As you can see, in this case it is not always something that is used to steal data, but to defend data of companies, individuals and various organizations.
Contrary to other detection methods (see antivirus and antimalware), this technique gives a number much lower than false positives.
When honeypots, on the other hand, have a negative impact
An example of a “trap” of this type could be a program or a service that promises advantages (for example money), or in any case make the victim believe that he has disconnected from the site and unknowingly puts his data (the fake loginbasically).
Another example could be a program, or a service, which promises benefits for the user, but actually does something else; an example could be the recent duckduckgo case which, in defiance of various privacy promises, actually has Microsoft cookies in its mobile versions.
This is a typical example of a honeypot that it is to your detriment, not in your defense.
Recognizing them may be difficult
Indeed if a service is legit like DuckDuckGo case on mobile, it can be a considerable undertaking to recognize which are honeypots and which are not among various services, sites and programs.
The only option for you to recognize this set of threats is that of staying informed on events and the latest news on computer security and hearing various bells: there are no other ways.
As you see, compared to other well-defined threats, not only is this not always a threat, but it is difficult to define unambiguously.
#Honeypots #recognize #defend