Human vs Machine Attack Response

Uploaded on 2018-04-18 in TECHNOLOGY-Key Areas-Artificial Intelligence, NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY--Developments

Machine automation provides leverage to attackers to scale out attacks beyond human capacity. However, machine analysis has its limits on the types of data it can assess compared to human capabilities.

Recently, Fidelis Cybersecurity completed a capture the flag exercise with deception defenses involving over 50 white-hat hackers and a dozen automated malware types.

This enabled Fidelis to analyse a human attacker’s behavior versus malware behavior, or how humans and malware would interact with the deception layer.

We first learned that early detection is critical while the knowledge gap is wide for attackers as they quickly become more effective and evasive the more they learn about a network environment.

Next, we gained some critical insights on breadcrumb, trap, and decoy varieties that can help make deception defenses deterministic. We also learned that any deployed deception layers need automation to be kept current and dynamic to be as realistic as possible to lure and engage attackers and thus diverting them away from real assets, resources, and data.

The results clearly show that automated malware attacks prefer structured data (e.g. applications and web browsers), whereas, humans prefer unstructured data they can freely analyse (e.g. information within files and emails).

For the most part, both human and malware attackers seek credentials and information to gain access within the network environment they target. This distinct pattern enables deception defenses to quickly determine the type of attack, human or malware.

With regards to passwords and credentials that were used as breadcrumbs, participants in the exercise discovered two passwords on average and then utilized each one 2.5 times on average. The maximum reuse of a single password was 11 times in 11 unique places.

Pro-Tip: If you use the same password for multiple systems, this analysis shows you should avoid this practice. Migrate to unique long pass phrases with less rotation and always consider multi-factor authentication when available.

In general, human attackers are attracted to files that may contain configuration instructions for an application with a username and password for a specific individual or a shared account.

Another popular file example is technical documents such as those providing information on how to use a corporate VPN service. Personal files with confidential information, IT/Corporate files, logs, databases, and reviewing recent files for Windows or Office are popular with human attackers and make good breadcrumbs and traps.

Poisoned data within files including fake, planted credentials provides a valuable lure to detect attackers as they reuse them.

On the other hand, malware due to its machine automation prefers structured data found in applications.

Examples include session apps (SSH, FTP, RDP clients, etc.), web browsers (history, passwords, bookmarks), and uninstall information for applications. Almost every application saves some type of information useful to attackers and often in a structured data format.

Learning about how malware analyses applications is aided by the leaking of Trojan programs on the Internet. There are over 200 known applications repeatedly monitored by malware automation making reconnaissance a valuable activity.

Understanding the differences in how humans and malware approach attacks creates the opportunity to develop an active, intelligent deception defense to lure, detect and defend.

Information  Management: 

You Might Also Read: 

The Self-Fulfilling Prophecy Of Intelligent Automation:

Ever-Evolving Trojan Devices Infects Android Systems:

« Death by Robot
What Does GDPR Mean For the Retail Industry? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Namogoo

Namogoo

Namogoo’s disruptive technology identifies and blocks unauthorized product ads that are injected into customer web sessions by client-side Digital Malware.

Cybersecurity Collaborative

Cybersecurity Collaborative

CyberSecurity Collaborative is a forum for CISOs to share information that will collectively make us stronger, and better equipped to protect our enterprises from those seeking to damage them.

SK IT Cyber Security

SK IT Cyber Security

SK IT provide services and solutions for cybersecurity and advanced information system engineering.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Morphus Information Security

Morphus Information Security

Morphus is an information security company providing Red Team, Blue Team and GRC services as well as conducting research in cybersecurity and threat analysis.

th4ts3cur1ty.company

th4ts3cur1ty.company

th4ts3cur1ty.company specialize in delivering intelligence lead adversary emulation purple teaming & the bespoke building of Security Operation Centers.

Forgepoint Capital

Forgepoint Capital

ForgePoint Capital is a premier venture investor for early stage cybersecurity companies.

New Net Technologies (NNT)

New Net Technologies (NNT)

NNT SecureOps provides ultimate protection against all forms of cyberattack and data breaches by automating the essential security controls.

Infinite Ranges

Infinite Ranges

Infinite Ranges delivers secure, comprehensive digital solutions by connecting experts with the best products and services for the digital age.

Silicon Labs

Silicon Labs

Silicon Labs are a leader in secure, intelligent wireless technology for a more connected world. We provide award-winning hardware and software security to help safeguard connected devices.

IMQ Group

IMQ Group

IMQ is one of Europe’s top players in the field of conformity assessment. We offer certification services to support all the major sectors of the manufacturing and service industries.

Concourse Labs

Concourse Labs

Concourse Labs Security Guardrails continuously verify cloud infrastructure and workloads. Continuously assess clouds for security, resiliency, and regulatory compliance.

MedSec

MedSec

MedSec is the only company of its type focused solely on cybersecurity for hospitals and medical device manufacturers, offering both a cybersecurity software solution and consulting services.

Strivacity

Strivacity

Strivacity lets brands quickly add secure login and identity management capabilities to their customer-facing applications without tying up an army of developers or consultants to do it.

Mantodea Security

Mantodea Security

Mantodea Security is an industry-agnostic powerhouse backed by extensive experience and expertise in the realm of IT security.

StepSecurity

StepSecurity

StepSecurity provides a comprehensive security platform for GitHub Actions.