Imagine you have a little cousin who likes to sneak coins from your pockets, but you cannot prove it. What can you do? You can deliberately leave some decoy money in your wallet to lure them in and then catch them red-handed. That is exactly how honeytokens work, but instead of naughty children, they lure cybercriminals.
Honeytokens are clever threat detection methods used by cybersecurity experts. They have a straightforward purpose: to alert the team when something potentially malicious happens.
Although they do not protect anything exactly, they work similarly to security alerts. That’s why they are sometimes called canary tokens: in the 20th century, miners took canaries down to the mines, as the fragile birds reacted to toxic gas earlier than humans.
Honeytokens are usually implemented by organizations and do not have many applications regarding individuals’ online safety. If you wish to secure your devices and protect yourself from cyber threats in your daily life, there are various methods to do so, such as using anti-malware software and VPNs, which not only secure your connections but also answer the common “how do I hide my IP?” question.
What are honeytokens?
Honeytokens are digital assets deliberately designed to be attractive to various cybercriminals and hackers. They serve no real purpose in an organization – they act like assets but are forged. They do, however, act as alarm systems: they are placed in systems to notify security teams when someone tries to access them.
Honeytokens are also used as reconnaissance tools: if properly designed, they can not only notify teams of possible unauthorized access but also provide important information about the attacker, such as their system information, IP address, and the types of data they are looking for. This enables the security team to respond quickly by turning off affected parts of systems and assessing the scale of the threat.
There are several types of honeytokens, for example:
● Database entries: databases contain personal information about customers, employees, and contractors, such as their names, employee login information, etc. These entries can be valuable to attackers, so placing attractive honeytokens in databases is usually a good idea.
● Files and documents: decoy documents that resemble essential business or financial data can also be valuable to criminals. Of course, they do not contain any relevant information, and when opened, a notification is sent to the security team.
● Email addresses: Fake email addresses can be used to detect phishing campaigns. The company creates a dummy email account and places the address in its customer database. If the account starts getting spammed with malicious messages, it means a breach has occurred.
Honeytokens must be strategically placed and designed to be effective. This means they must be attractive to cybercriminals and pretend to contain important information. They must also blend in with legitimate resources so that hackers do not suspect they might fall into a trap.
Moreover, their placement cannot be random. Typically, before deploying honeytokens, an organization must assess which resources are most valuable and, therefore, most at risk.
Are honeytokens and honeypots the same thing?
Honeytokens and honeypots are similar in name and use, but there is a slight difference between the two. Honeytokens are just data bits that mimic legitimate information and act as decoys.
Honeypots, on the other hand, are entire systems designed to lure criminals. They can take many forms: networks, software applications, and servers. They are designed to alert organizations that they have been accessed and distract hackers and make them think they have gained access to valuable information.
Pros and cons of honeytokens
Pros:
● Warning system. Like real canaries, canary tokens (honeytokens) warn about certain threats before they get out of hand. Well-placed honeytokens alert the security team to suspicious access and/or activity.
● Reconnaissance tools. Honeytokens collect important data about attackers and can be used to track their patterns, enabling cybersecurity experts to respond accordingly.
● No intrusions. Once deployed, honeytokens can stay seamlessly combined with real data. They do not disrupt an organization’s daily operations.
Cons:
● False alarms. Honeytokens send alerts when accessed, but they can alert the security team to a non-existent attack if the access is accidental.
● Limited use. Honeytokens serve only as alerting and data collection tools. They do not protect systems or information and are ineffective against all threats.
Honeytokens are a creative method of detecting threats and are helpful, but remember: you do not want to experience any type of attack, detectable or not. That is why prevention is just as important as detection. Honeytokens and honeypots are great decoy systems that should be implemented just in case. We recommend focusing on the proactive prevention of cyber threats: using VPNs to protect networks, keeping hardware and software up to date, investing in firewalls, and educating employees about online security at work and in their personal lives.
Equipped with a Bachelor of Information Technology (BIT) degree, Lucas Noah stands out in the digital content creation landscape. His current roles at Creative Outrank LLC and Oceana Express LLC showcase his ability to turn complex technology topics into engagin... Read more
