Human vs Machine Attack Response

Machine automation provides leverage to attackers to scale out attacks beyond human capacity. However, machine analysis has its limits on the types of data it can assess compared to human capabilities.

Recently, Fidelis Cybersecurity completed a capture the flag exercise with deception defenses involving over 50 white-hat hackers and a dozen automated malware types.

This enabled Fidelis to analyse a human attacker’s behavior versus malware behavior, or how humans and malware would interact with the deception layer.

We first learned that early detection is critical while the knowledge gap is wide for attackers as they quickly become more effective and evasive the more they learn about a network environment.

Next, we gained some critical insights on breadcrumb, trap, and decoy varieties that can help make deception defenses deterministic. We also learned that any deployed deception layers need automation to be kept current and dynamic to be as realistic as possible to lure and engage attackers and thus diverting them away from real assets, resources, and data.

The results clearly show that automated malware attacks prefer structured data (e.g. applications and web browsers), whereas, humans prefer unstructured data they can freely analyse (e.g. information within files and emails).

For the most part, both human and malware attackers seek credentials and information to gain access within the network environment they target. This distinct pattern enables deception defenses to quickly determine the type of attack, human or malware.

With regards to passwords and credentials that were used as breadcrumbs, participants in the exercise discovered two passwords on average and then utilized each one 2.5 times on average. The maximum reuse of a single password was 11 times in 11 unique places.

Pro-Tip: If you use the same password for multiple systems, this analysis shows you should avoid this practice. Migrate to unique long pass phrases with less rotation and always consider multi-factor authentication when available.

In general, human attackers are attracted to files that may contain configuration instructions for an application with a username and password for a specific individual or a shared account.

Another popular file example is technical documents such as those providing information on how to use a corporate VPN service. Personal files with confidential information, IT/Corporate files, logs, databases, and reviewing recent files for Windows or Office are popular with human attackers and make good breadcrumbs and traps.

Poisoned data within files including fake, planted credentials provides a valuable lure to detect attackers as they reuse them.

On the other hand, malware due to its machine automation prefers structured data found in applications.

Examples include session apps (SSH, FTP, RDP clients, etc.), web browsers (history, passwords, bookmarks), and uninstall information for applications. Almost every application saves some type of information useful to attackers and often in a structured data format.

Learning about how malware analyses applications is aided by the leaking of Trojan programs on the Internet. There are over 200 known applications repeatedly monitored by malware automation making reconnaissance a valuable activity.

Understanding the differences in how humans and malware approach attacks creates the opportunity to develop an active, intelligent deception defense to lure, detect and defend.

Information  Management: 

You Might Also Read: 

The Self-Fulfilling Prophecy Of Intelligent Automation:

Ever-Evolving Trojan Devices Infects Android Systems:

« Death by Robot
What Does GDPR Mean For the Retail Industry? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Maureen Data Systems (MDS)

Maureen Data Systems (MDS)

Our mission at Maureen Data Systems is to digitally transform business environments with the use of cloud infrastructure, security and privacy controls, data analytics, and managed services.

evoila

evoila

evoila GmbH is one of the leading providers in consulting, analysis, implementation and management of cloud infrastructure.

Cyberint

Cyberint

Cyberint, the Impactful Intelligence company, fuses open-deep-and darkweb Threat Intelligence with Attack Surface Management to deliver maximum protection from external threats.

CIRISK

CIRISK

CIRISK offers a wide range of services from consulting to audit or project management to help you develop your cyber security or information security strategy.

Red Alert Labs

Red Alert Labs

Red Alert Labs is an IoT security provider. We created an independent security lab with a disruptive business offer to solve the technical and commercial challenges in IoT.

CHT Security

CHT Security

CHT Security is a Managed Security Service Provider (MSSP) specialized in cyber security technologies enabling enterprises to defense against cyber threats to networks, gateways and endpoints.

Glilot Capital Partners

Glilot Capital Partners

Glilot Capital Partners is an Israeli seed and early-stage VC. We specialize in businesses which disrupt enterprise technology, mainly in the fields of AI, big data and cybersecurity.

Tehtris

Tehtris

TEHTRIS XDR Platform was developed to control and improve the IT security of private and public companies against advanced cyber threats such as cyber espionage or cyber sabotage activities.

ACET Solutions

ACET Solutions

ACET Solutions delivers a wide range of Automation, Cyber Security and Enterprise IT/OT Integration Solutions to industrial clients.

Binary Defense

Binary Defense

Binary Defense protect businesses of all sizes through advanced cybersecurity solutions including Managed Detection and Response, Security Information and Event Management and Counterintelligence.

neoEYED

neoEYED

neoEYED helps banks and fintech to detect and prevent frauds using a Behavioral AI that recognizes the users just by looking at “how” they interact with the applications.

Schweitzer Engineering Laboratories (SEL)

Schweitzer Engineering Laboratories (SEL)

SEL specializes in creating digital products and systems that protect, control, and automate power systems around the world.

boxxe

boxxe

boxxe create flexible IT infrastructures, collaborative global workspaces and data clarity, all underpinned by world-leading security.

Huntington Ingalls Industries (HII)

Huntington Ingalls Industries (HII)

Huntington Ingalls Industries is America’s largest military shipbuilding company and a provider of professional services to partners in government and industry.

Seigur

Seigur

Seigur is an IT consultancy business providing flexible legal and cyber security services for IT and data privacy programmes.

Capgemini

Capgemini

Capgemini is one of the world's foremost providers of consulting, technology and outsourcing services. Areas of expertise include Cybersecurity.

Strivacity

Strivacity

Strivacity lets brands quickly add secure login and identity management capabilities to their customer-facing applications without tying up an army of developers or consultants to do it.

Heritage Cyber World

Heritage Cyber World

Heritage Cyber World is a one stop solution for all your security needs that brings together a team of security experts and analysts to deliver high-class security services.