Should you fight back against hackers?

Meet the companies offering retaliation services against cyber criminals

Hacking on keyboard

Companies can fight back against cyber attacks, according to Kaspersky Labs, whose researchers took it upon themselves to find out what kind of services firms offer those who have been hacked.

Security deception firms such as Cymmetria, Illusive Networks and Attivo Networks have won millions of pounds in investment recently, but exactly what "deception" services they offer is not easy to discern, noted Kaspersky researchers Vicente Diaz and Dani Creus, speaking in a session at the company's Security Analyst Summit in Tenerife. 

Advertisement - Article continues below

The pair decided to investigate exactly what counter-intelligence companies offer their customers, suspecting it would range from active defense and response to reducing attackers' return on investment.

While some companies were happy to discuss selected tactics with the researchers, others were not as forthcoming. So the duo tried some social engineering, creating a fake company and contacting the firms as though they were potential customers. 

Creus said at first the idea seemed doomed to be an embarrassing failure. "You are telling us to lie to counterintelligence professionals, most of which have a military background?" he said.

But it worked, and the pair have revealed some of the services under offer but not all the services, because in their guise as a customer, they were required to sign a non-disclosure agreement regarding some tactics. 

Advertisement - Article continues below

Spectrum of deception 

Diaz said the tactics run a spectrum from less aggressive to more aggressive "you can do nothing, you can just monitor, you can hack back", he said. 

Advertisement - Article continues below

That spectrum begins with active defense, which is anything that makes it harder for a company to hack even in the middle of an attack. "The idea is very simple," Diaz said. "It is to decrease the attackers' return on investment, to spend more time on their internet attack [than] on us." 

Moving along the spectrum, firms can also set up honeypots to attract and trap hackers with false but tempting data or access points, as well as fake applications, servers and credentials. "That's nothing new from the technological perspective, but there's some really cool implementations," said Creus. 

However, the pair of researchers said they have some doubts "about the effectiveness of this approach", saying such tactics are best at tracking hackers moving throughout your infrastructure, but will not trap a targeted attack on a CEO, for example. 

Plus, any effort in one area may take the focus away from basic security measures. The security experts discussed an attack on a Middle Eastern bank where hackers worked their way through the internal infrastructure, eventually finding a plain text file of login credentials. Had that been fake, the use of the dodgy logins would have set off alarms, which suggests that planting false data could work in some instances.

Advertisement - Article continues below

"In this case, it would have been super-effective," said Diaz. "But to start with, why do you have a plain text file with user names? You can do more first."

A step further 

The last round of countermeasures were not fully detailed, but Kaspersky suggested it includes more serious efforts such as hacking back against attackers. Any company should consider two challenges aside from legal ones before undergoing such measures, the researchers said. 

First, make sure the attack has been attributed properly. "[It will go badly] if you don't know who your attacker is and you try to play tricks on them," said Creus, noting that the counter intelligence firms in question do not all offer attribution capabilities. "This is surprising as it is key if you want to respond to your attacker effective response depends on our knowledge of the adversary." 

Secondly, counter intelligence is difficult. "There is no software that can do counter intelligence for you, you can't automate it, you need deep internal knowledge," said Diaz. 

"These kinds of technologies will not be of general adoption anytime soon as you need to be very mature in your security to apply them effectively," added Creus.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now



INKY announces $20M Series B funding round

4 Jun 2020

Microsoft issues warning about new PonyFinal ransomware attacks

3 Jun 2020
data breaches

Amtrak Guest Reward suffers a data breach

3 Jun 2020
cyber security

Brand-impersonation and form-based attacks are rising

3 Jun 2020

Most Popular


Apple confirms serious bugs in iOS 13.5

4 Jun 2020

The UK looks to Japan and South Korea for 5G equipment

4 Jun 2020

Tycoon ransomware discovered using Java image files to target software firms

5 Jun 2020