Human vs Machine Attack Response

Uploaded on 2018-04-18 in TECHNOLOGY-Key Areas-Artificial Intelligence, NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY--Developments

Machine automation provides leverage to attackers to scale out attacks beyond human capacity. However, machine analysis has its limits on the types of data it can assess compared to human capabilities.

Recently, Fidelis Cybersecurity completed a capture the flag exercise with deception defenses involving over 50 white-hat hackers and a dozen automated malware types.

This enabled Fidelis to analyse a human attacker’s behavior versus malware behavior, or how humans and malware would interact with the deception layer.

We first learned that early detection is critical while the knowledge gap is wide for attackers as they quickly become more effective and evasive the more they learn about a network environment.

Next, we gained some critical insights on breadcrumb, trap, and decoy varieties that can help make deception defenses deterministic. We also learned that any deployed deception layers need automation to be kept current and dynamic to be as realistic as possible to lure and engage attackers and thus diverting them away from real assets, resources, and data.

The results clearly show that automated malware attacks prefer structured data (e.g. applications and web browsers), whereas, humans prefer unstructured data they can freely analyse (e.g. information within files and emails).

For the most part, both human and malware attackers seek credentials and information to gain access within the network environment they target. This distinct pattern enables deception defenses to quickly determine the type of attack, human or malware.

With regards to passwords and credentials that were used as breadcrumbs, participants in the exercise discovered two passwords on average and then utilized each one 2.5 times on average. The maximum reuse of a single password was 11 times in 11 unique places.

Pro-Tip: If you use the same password for multiple systems, this analysis shows you should avoid this practice. Migrate to unique long pass phrases with less rotation and always consider multi-factor authentication when available.

In general, human attackers are attracted to files that may contain configuration instructions for an application with a username and password for a specific individual or a shared account.

Another popular file example is technical documents such as those providing information on how to use a corporate VPN service. Personal files with confidential information, IT/Corporate files, logs, databases, and reviewing recent files for Windows or Office are popular with human attackers and make good breadcrumbs and traps.

Poisoned data within files including fake, planted credentials provides a valuable lure to detect attackers as they reuse them.

On the other hand, malware due to its machine automation prefers structured data found in applications.

Examples include session apps (SSH, FTP, RDP clients, etc.), web browsers (history, passwords, bookmarks), and uninstall information for applications. Almost every application saves some type of information useful to attackers and often in a structured data format.

Learning about how malware analyses applications is aided by the leaking of Trojan programs on the Internet. There are over 200 known applications repeatedly monitored by malware automation making reconnaissance a valuable activity.

Understanding the differences in how humans and malware approach attacks creates the opportunity to develop an active, intelligent deception defense to lure, detect and defend.

Information  Management: 

You Might Also Read: 

The Self-Fulfilling Prophecy Of Intelligent Automation:

Ever-Evolving Trojan Devices Infects Android Systems:

« Death by Robot
What Does GDPR Mean For the Retail Industry? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Standards Council of Canada (SCC)

Standards Council of Canada (SCC)

SCC leads and facilitates the development and use of national and international standards and accreditation services in Canada.

X4 Technology

X4 Technology

X4 Technology is a leader in finding the very best technology talent for some of the world’s most innovative start-ups and globally recognised brands.

Dice

Dice

Dice is a leading recruitment platform, helping technology professionals manage their careers and employers connect with highly skilled tech talent in specialist areas including cybersecurity.

IP2Location

IP2Location

IP2Location provide services to identify geolocation by IP address, and to detect IP addresses associated with anonymous proxy servers, which are often used for fraud and spamming purposes.

Qascom

Qascom

Qascom is an engineering company offering security solutions in satellite navigation and space cybersecurity. We are one of the European key players in GNSS authentication and security.

Cybrella

Cybrella

Cybrella offers professional cybersecurity services for small to medium sized businesses and to larger enterprises looking to expand their cybersecurity capabilities.

Fortify 24/7

Fortify 24/7

Fortify 24×7 provides a robust portfolio of managed cybersecurity solutions to help you identify and prevent attacks.

RKVST

RKVST

RKVST is a powerful tool that builds trust in multi-party processes when it’s critical to have high assurance in data for confident decisions.

Atlas VPN

Atlas VPN

Atlas VPN is a highly secure freemium VPN service with a goal to make safe and open internet accessible for everyone.

Quatrro Business Support Services (QBSS)

Quatrro Business Support Services (QBSS)

QBSS is a tech-enabled outsourcing firm that’s changing the way companies think about finance, accounting, human resources and technology services.

Qeros

Qeros

Qeros is a next-generation distributed system enables secure data and transaction processing at the velocity of thought.

Tsaaro Academy

Tsaaro Academy

Tsaaro Academy is a unique privacy certification training platform and here you earn a privacy certification CEH, CISM and DPO from India’s No.1 Privacy training platform.

White Knight Labs

White Knight Labs

White Knight Labs is a cyber security consultancy that specializes in cybersecurity training.

NewEvol

NewEvol

Don’t React, Evolve! Outsmart threats with real-time AI-powered dynamic defense capability of NewEvol all-in-one cybersecurity platform.

SalvageData Recovery Services

SalvageData Recovery Services

Since 2003, SalvageData has been providing high-quality data recovery with the certifications needed to work with any storage media manufacturer.

NeuroID

NeuroID

NeuroID combines the power of industry-leading behavioral analytics with advanced device and network intelligence to create your first line of defense against malicious bots, bad actors, and fraud.