In a couple of our previous articles we already spoke on the topic of cyber security – in ‘IoT Security – Threats and Vulnerabilities’, where we outlined a few of the most common security issues and solutions to them. We also spoke about the new era of security and the uses of blockchain technology for securing IoT networks in ‘Hottest Trends in IoT for 2018’. In this article we are going to focus specifically on one of the methods of protection from cyber criminals – the use of honeypots. Not only that, we are also going to introduce you to one of the recent contributions to the cyber security environment – the HoneyBot.
First, we need to explain what a honeypot means to those of you who have come across the term for the first time. A honeypot in the Internet realm is a bit different than the general and often used meaning as a container filled with honey. It is usually a decoy of a computer system, specifically set up to attract cyber-attacks. It aims to detect, deflect and lure cyber criminals. The way it achieves that is, that it consists of data and computers which are programmed to simulate the behavior of a real system. The purposes of a honeypot include: track and study the behavior of cyber attackers, pinpoint possible vulnerabilities in the system, and even find the identities of cyber criminals.
Based on specific criteria, honey pots are segmented into two groups. The first group is based on deployment:
Research honeypots – They are mostly used by educational institutions to study and analyze how attacks develop and progress, to understand the attacker’s motives and mentality and his tactics when targeting different networks.
Production honeypots – They are used mainly by companies and corporations, not only for the purpose of understanding hacker mentality, but for diverting and mitigating the risk of attacks. Production honeypots have the role of playing a decoy, being placed inside a production network with other production servers. When they are being accessed a signal is being sent to the cyber security expert and wile the honeypot is stalling the hacker, vulnerabilities in the system can be identified and fixed.
The second group is based on the criteria of design. These are some of the main types of honeypots:
High interaction – They usually imitate the activities of a production system, meaning that instead of making predictions on the hacker’s behavior, they provide an environment that tracks all activity and allows a lot of services within a system to ‘be exploited’. Although they are more plausible in the eyes of the hacker, they are also more complex to set up and harness a bigger risk.
Low interaction honeypots – In contrast to the high interaction honeypots, low interaction ones stimulate only activities which are highly favored by attackers. They offer limited activity, but carry a lower risk as well, and are easier to deploy.
Other types of honeypots may include: pure honeypots, malware honeypots, spam honeypots, email traps, database honeypot, client honeypot, etc.
A recent addition was made by researchers to the cyber security environment at Georgia Tech’s School of Electrical and Computer Engineering. They developed a robot fulfilling the functions of a honeypot, thus called – HoneyBot. It is a four-wheeled decoy robot, which similar to a regular honeypot, serves the purposes of acting as bait for hackers, by mimicking a factory robot. Different from the typical assembly line robots, the HoneyBot is equipped with all the necessary sensors to make it look like a remote-controlled free-standing robot, which can navigate itself around factory grounds. The robot is instructed to stand immobile until a hacker connects to it, after which it performs simple tasks (like picking something up). However, when the infiltrator requests an action which might be threatful to security, the robot’s sensors feed the cyber attacker information which shows the performance of the task, while in real life- HoneyBot does something different.
On the other end of the line, cyber security experts can use data from the robot to monitor the actions of the attacker and even potentially – identify him. While the robot is still in the trial stages of its development, it is interesting to see how the principals of honeypots can be combined with robotics in making new ways of securing production processes.
Lastly, we need to mention that honeypots are not perfect – they too can be a cause of cyber security issues like firewall broken encryption and failures to detect attacks (we need to mention that they are generally unable to detect attacks which are directed to other systems and not to a honeypot specifically). Some people speculate that they can even be helpful to cyber criminals as they give them a preview of the system that could lead to a more well-planned second attack. Other questions arising from their use is the matter of whether they are even ethical and legal for luring a person into committing a crime (even if it is a computer). With all that said we hope you enjoyed this article, and if you are interested in more content around the topic of cyber security – you can sign up for our free Cyber Security Briefing, which comes out bi-weekly and contains the most recent and relevant news from the world of cyber security.
