undefined | Better HN

0 pointsnoir-york11y ago0 comments

> "breadcrumbs" which is specific data/files that you can place on the real machines

If the breadcrumbs are realistic then you will end up having employees mistake them for real data, and the employees being mistaken for an attack, no?

If the decoys are realistic then they will have realistic behaviour, for instance, doing an auto update. Now, let's say I'm a malicious actor on the network, and I fake the auto-update server so the patches downloaded are backdoored. Its very hard to detect this attack. Any network has a lot of broadcast traffic between all the nodes - if a decoy doesn't transmit any then it would be a suspicious, and if it does, then its hard work for a decoy to separate the real traffic from a potential attack.

0 comments

1 comments · 1 top-level

ddiinn211y ago

The trick is to make the breadcrumbs the type of data that an attacker is interested in, but a regular user will never be aware of.

For example in windows there is a cache of used credentials along with passwords, it is a known infection spreading technique to read that of an infected machine and use t across the network.

A breadcrumb would put a decoy's credentials in that cache. Thereby never doing any side effect to the user and definitively flag attackers by looking at any usage of those credentials.

j / k navigate · click thread line to collapse