What is a Honeypot?
A honeypot is a soft and romantic weapon or technique. Its motive is only to gain information about the target without given your real identification. It may be used for the good and bad purpose.
You may not have heard about them before. But honeypots have been around for decades. The principle of working behind them is simple: Don’t go looking for cyber-attackers. Prepare something that would attract their interest — The Honeypot — Wait for the attackers to show up — And then wait to be trapped — A Honeytrap.
What is the difference between Honeypot and Honeytrap?
Honeypot and Honeytrap are different. A Honeytrap is a phenomenon or full process to gain targets’ information where the Honeypot technique used.
For example, Romance or sexual affair is involved as a pot or technique to attract the target. Here the ‘target’ or ‘subject of investigates’ is a single person which have a lot of information about his/her sector. The full phenomenon where using this technique to gain success is called Honeytrap.
How do honeypots work?
If you, for instance, were in charge of IT security for a bank, you might set up a honeypot system that, to outsiders, looks like the bank’s network. The same goes for those in charge of — or researching — other types of secure, internet-connected systems.
By monitoring traffic to such systems, you can better understand where cybercriminals are coming from, how they operate, and what they want. More importantly, you can determine which security measures you have in place are working — and which ones may need improvement.
Examples of honeypots and their benefits
In 2015, Symantec, Norton’s parent company, set up a honeypot to attract attacks on so-called Internet of Things (IoT) devices. These are internet-connected items, such as home routers, digital video recorders, and cameras. Symantec’s IoT honeypot worked. As reported in the company’s 2017 Internet Security Threat Report, attacks on the honeypot almost doubled from January to December 2016.
What can experts learn from honeypot data? Well, in the case of Symantec’s IoT honeypot, researchers were able to determine a lot of things, including these:
- Countries from which attacks originated. China, the U.S., Russia, Germany, and Vietnam made up the top five. (These metrics measured the countries in which the IP address of the attacking device was based, but does not necessarily mean the attackers themselves operated from these countries.)
- Passwords attempted — “admin” was No. 1, and “123456” wasn’t far behind.
- The need for baseline security standards on IoT devices — to make them less vulnerable to attack.
Another honeypot example? In 2015, internet security experts set up an online railway control system as honeypot bait. The goal was to study how criminals would attack projects where they could put the public at risk. In this case, the only damage done was to a model train set at a German technology conference. Over two weeks, the so-called “HoneyTrain” suffered 2.7 million attacks.
What could be at stake?
Stealing personal information from online targets is one thing. Targeting public transportation systems is another. Beyond the IoT devices and the HoneyTrain, researchers have used honeypots to expose vulnerabilities with medical devices, gas stations, industrial control systems used for such things as electrical power grids, and more.
Given all the attention that the bad guys get for their hacking and data breach efforts, it’s good to know that the good guys have a few tricks up their sleeves to help protect against cyberattacks.
As more and more devices and systems become internet-connected, the importance of battling back against those who use the internet as a weapon will only increase. Honeypots can help.