6 Ways to Anger Attackers on Your Network

Network Computing Dark Reading

Advertise

About Us

Newest First | Oldest First | Threaded View

[close this box]

Page 1 / 2 > >>

[email protected],
User Rank: Author
1/4/2019 | 7:19:51 PM

Re: Canaries

As with everything else there are some companies that provide the alerting infrastructure and send you an email. A quick google search will result in a few companies that provide a managed service.

samwebstudio,
User Rank: Apprentice
1/4/2019 | 6:46:22 AM

Re: Hack back

nice

MarkSitkowski,
User Rank: Moderator
1/3/2019 | 5:53:39 PM

Re: Hack back

There's a very simple and effective way to strike back, which will not violate any laws, and earn you some gratitude.

As you rightly pointed out, hackers don't use their own hardware, they use compromised machines, usually high-end servers.

The thing to do, as soon as you detect a hack attempt is:

Add a firewall rule blocking the IP address

Look up the owner of the IP in whois

Send your log extract, which shows the hack attempt, to the owner's abuse contact, and CC the country's CERT office

In all cases, the owner will either remove the malware/script or cancel the account generating the traffic. ISP's hate hackers nearly as much as you do, and you'll get cooperation from every country in the world.

The most satidfying message we received was from a Russian ISP, saying "This user has been terminated..."

We've been doing this for years and, to-date, have seen 102195 sources of hacking removed from the internet.

Do it. It works.

Joe Stanganelli,
User Rank: Ninja
12/29/2018 | 6:29:02 PM

A couple of points

The note about sharing information and working together is well taken. The financial-services sector has been doing this and scaling up their resources here for some years now -- with assistance/collaboration w/ government agencies as well (the latter of which see it as a matter of crime deterrence and national security).

The separate point about "non-prosecutable activity" is similarly well-taken. While I could never advise it as an attorney, risk and compliance professionals need to understand that security is about risk. Sometimes, non-compliance -- while unlawful and unrecommended by the attorneys -- is an effective business tactic.

Joe Stanganelli,
User Rank: Ninja
12/29/2018 | 6:23:00 PM

Re: Open-ports

@Dr.T: Of course, in some cases, accessibility trumps security. The key is looking at which ports are open and which ports are being accessed. Some ports have almost no business being accessed by unknown third parties ever.

idolapk,
User Rank: Apprentice
12/29/2018 | 2:51:01 PM

Re: Hack back

very nice

Dr.T,
User Rank: Ninja
12/27/2018 | 11:26:39 AM

Open-ports

“If you have an open port on your machine, for example, many people know you have a weakness.” Open ports are the same as least privileged approach, closed unless needed.

Dr.T,
User Rank: Ninja
12/27/2018 | 11:21:42 AM

Canaries

“Canaries are less invasive and less passive, and it's less likely even an advanced attacker will realize what happened.” I assume it still requires to set it up and monitor, do some resources are needed.

Dr.T,
User Rank: Ninja
12/27/2018 | 11:19:38 AM

Honeypots

“However, they require time to build and monitor, and companies often don't have the resources they need to do that” Honeypots are good, it requires resources obviously, you can use that resource to harden you production env.

Dr.T,
User Rank: Ninja
12/27/2018 | 11:17:45 AM

privileges

“Don't give people more privileges than they really need.” I think this is important aspect of whole security, and always missed use of least privilege rule.

Page 1 / 2 > >>

Editors' Choice

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry

David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP, 7/9/2021

Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours

Robert Lemos, Contributing Writer, 7/7/2021

It's in the Game (but It Shouldn't Be)

Tal Memran, Cybersecurity Expert, CYE, 7/9/2021

Live Events

Webinars

Black Hat USA - August 5-10 - Learn More

Black Hat Asia - May 9-12 - Learn More

More Informa Tech Live Events

White Papers

The Relationship Between Security Maturity and Business Enablement

Causes and Consequences of IT and OT Convergence

IT/OT Convergence Enables Security Operations Synergies

Cloud Journey Migration Stage: Adaptive Cloud Security

Cloud Incident Response Datasheet

More White Papers

Cartoon

Latest Comment: I've heard of people walking right out the front door with entire servers...

Cartoon Archive

Current Issue

The 10 Most Impactful Types of Vulnerabilities for Enterprises Today

Managing system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

Incident Readiness and Building Response Playbook

In this special report, learn the Xs and Os of any good security incident readiness and response playbook.

Download Now!

Battle for the Endpoint

0 comments

How Enterprises are Developing Secure Applications

0 comments

Assessing Cybersecurity Risk in Today's Enterprises

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2023-1142
PUBLISHED: 2023-03-27

In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use URL decoding to retrieve system files, credentials, and bypass authentication resulting in privilege escalation.

CVE-2023-1143
PUBLISHED: 2023-03-27

In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use Lua scripts, which could allow an attacker to remotely execute arbitrary code.

CVE-2023-1144
PUBLISHED: 2023-03-27

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contains an improper access control vulnerability in which an attacker can use the Device-Gateway service and bypass authorization, which could result in privilege escalation.

CVE-2023-1145
PUBLISHED: 2023-03-27

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-DataCollect service, which could allow deserialization of requests prior to authentication, resulting in remote code execution.

CVE-2023-1655
PUBLISHED: 2023-03-27

Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.4.0.

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]