Human vs Machine Attack Response

Uploaded on 2018-04-18 in TECHNOLOGY-Key Areas-Artificial Intelligence, NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY--Developments

Machine automation provides leverage to attackers to scale out attacks beyond human capacity. However, machine analysis has its limits on the types of data it can assess compared to human capabilities.

Recently, Fidelis Cybersecurity completed a capture the flag exercise with deception defenses involving over 50 white-hat hackers and a dozen automated malware types.

This enabled Fidelis to analyse a human attacker’s behavior versus malware behavior, or how humans and malware would interact with the deception layer.

We first learned that early detection is critical while the knowledge gap is wide for attackers as they quickly become more effective and evasive the more they learn about a network environment.

Next, we gained some critical insights on breadcrumb, trap, and decoy varieties that can help make deception defenses deterministic. We also learned that any deployed deception layers need automation to be kept current and dynamic to be as realistic as possible to lure and engage attackers and thus diverting them away from real assets, resources, and data.

The results clearly show that automated malware attacks prefer structured data (e.g. applications and web browsers), whereas, humans prefer unstructured data they can freely analyse (e.g. information within files and emails).

For the most part, both human and malware attackers seek credentials and information to gain access within the network environment they target. This distinct pattern enables deception defenses to quickly determine the type of attack, human or malware.

With regards to passwords and credentials that were used as breadcrumbs, participants in the exercise discovered two passwords on average and then utilized each one 2.5 times on average. The maximum reuse of a single password was 11 times in 11 unique places.

Pro-Tip: If you use the same password for multiple systems, this analysis shows you should avoid this practice. Migrate to unique long pass phrases with less rotation and always consider multi-factor authentication when available.

In general, human attackers are attracted to files that may contain configuration instructions for an application with a username and password for a specific individual or a shared account.

Another popular file example is technical documents such as those providing information on how to use a corporate VPN service. Personal files with confidential information, IT/Corporate files, logs, databases, and reviewing recent files for Windows or Office are popular with human attackers and make good breadcrumbs and traps.

Poisoned data within files including fake, planted credentials provides a valuable lure to detect attackers as they reuse them.

On the other hand, malware due to its machine automation prefers structured data found in applications.

Examples include session apps (SSH, FTP, RDP clients, etc.), web browsers (history, passwords, bookmarks), and uninstall information for applications. Almost every application saves some type of information useful to attackers and often in a structured data format.

Learning about how malware analyses applications is aided by the leaking of Trojan programs on the Internet. There are over 200 known applications repeatedly monitored by malware automation making reconnaissance a valuable activity.

Understanding the differences in how humans and malware approach attacks creates the opportunity to develop an active, intelligent deception defense to lure, detect and defend.

Information  Management: 

You Might Also Read: 

The Self-Fulfilling Prophecy Of Intelligent Automation:

Ever-Evolving Trojan Devices Infects Android Systems:

« Death by Robot
What Does GDPR Mean For the Retail Industry? »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Kaspersky Lab

Kaspersky Lab

Kaspersky Lab is one of the world’s largest privately held vendors of endpoint cybersecurity solutions.

Barracuda

Barracuda

Barracuda provides a comprehensive cybersecurity platform to protect organizations from all major attack vectors that are present in today’s complex threats.

National Cyber Security Centre (NKSC) - Lithuania

National Cyber Security Centre (NKSC) - Lithuania

NKSC is the main Lithuanian cyber security institution, responsible for unified management of cyber incidents, monitoring and control of the implementation of cyber security requirements.

Penta Security

Penta Security

Founded on its data encryption technology, Penta Security is a leading provider of web and data security products, solutions and services.

TAG Cyber

TAG Cyber

TAG Cyber's mission is to provide world-class cyber security research, advisory, and consulting services to enterprise security teams around the world.

Center for Infrastructure Assurance and Security (CIAS)

Center for Infrastructure Assurance and Security (CIAS)

CIAS is developing the world's foremost center for multidisciplinary education and development of operational capabilities in the areas of infrastructure assurance and security.

Adarma Security

Adarma Security

Adarma are specialists in threat management including SOC design, build & operation.

MazeBolt Technologies

MazeBolt Technologies

Israel-based MazeBolt is an innovation leader in cybersecurity, with over two decades of experience in pioneering DDoS protection solutions.

Kontron

Kontron

Kontron offers a combined portfolio of secure hardware, middleware and services for Internet of Things (IoT) and Industry 4.0 applications.

Wickr

Wickr

Wickr's mission is to secure the world's most critical communications. Wickr provides the highest standard of encryption trusted by millions worldwide.

blueAllianceIT

blueAllianceIT

blueAlliance IT is an investment and growth platform that unites local MSP and IT companies around the nation, helping them to grow and operate competitively.

QA Consultants

QA Consultants

QA Consultants is North America’s largest software quality engineering services firm, an award-winning onshore provider of software testing and quality assurance solutions.

CloudWave

CloudWave

CloudWave, the expert in healthcare data security, provides cloud, cybersecurity, and managed services to healthcare organizations.

VLC Solutions

VLC Solutions

VLC Solutions is an independent solutions and technology service provider offering Cloud Services, Cybersecurity, ERP Services, Network Management Services, and Compliance Solutions.

Sentar

Sentar

Sentar is a cyber intelligence company, applying advanced analytics and systems engineering expertise to protect our national security by securing mission-critical assets.

NewEvol

NewEvol

Don’t React, Evolve! Outsmart threats with real-time AI-powered dynamic defense capability of NewEvol all-in-one cybersecurity platform.