BreachExchange mailing list archives
Federal study shows security banners can trick hackers into doing nothing
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Tue, 1 Sep 2015 09:04:48 -0600
http://www.fiercegovernmentit.com/story/federal-study-shows-security-banners-can-trick-hackers-doing-nothing/2015-08-31 New research finds that there are some simple, non-invasive steps that IT administrators can implement to discourage cyber attackers from carrying out damaging commands. The National Consortium for the Study of Terrorism and Responses to Terrorism, or START, placed warning banners on compromised systems to better understand how a hacker responds to such a message. The study found that the banners reduced commands from hackers by 8 percent. START, a Homeland Security Department-funded program through the University of Maryland, examined a type of cyber defense called restrictive deterrence. Such defenses use warnings or suggestions to compel attackers toward a certain action. With this study (pdf), the banners popped up when an attacker targeted in on the relevant system, and read, "This system is under continuous surveillance. All user activity is being monitored and recorded." A group of almost 700 compromised systems was randomly assigned whether to display the message or not, then the researchers let the hackers freely snoop. The banner did not help prevent attacks in the first place, but the researchers did find that actions taken after a breach were significantly altered by the appearance of a warning. "An intruder cannot damage or pilfer a system without entering computer commands into that system," read a research brief. "While the employed surveillance banner did not reduce the total number of trespassing incidents, it did affect the likelihood of an intruder escalating their offending by typing into the system on the first and second trespassing incidents." Though the methods were fairly rudimentary in the study, it does show the psychology of an attacker, which could help create more complex defenses in he future. For government systems, a breach is never really an acceptable outcome. However, knowing that some deterrence can have an effect on an intruder could be helpful in mitigating attacks.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Federal study shows security banners can trick hackers into doing nothing Audrey McNeil (Sep 01)