Should you fight back against hackers?

Meet the companies offering retaliation services against cyber criminals

Hacking on keyboard

Companies can fight back against cyber attacks, according to Kaspersky Labs, whose researchers took it upon themselves to find out what kind of services firms offer those who have been hacked.

Security deception firms such as Cymmetria, Illusive Networks and Attivo Networks have won millions of pounds in investment recently, but exactly what "deception" services they offer is not easy to discern, noted Kaspersky researchers Vicente Diaz and Dani Creus, speaking in a session at the company's Security Analyst Summit in Tenerife. 

The pair decided to investigate exactly what counter-intelligence companies offer their customers, suspecting it would range from active defense and response to reducing attackers' return on investment.

While some companies were happy to discuss selected tactics with the researchers, others were not as forthcoming. So the duo tried some social engineering, creating a fake company and contacting the firms as though they were potential customers. 

Creus said at first the idea seemed doomed to be an embarrassing failure. "You are telling us to lie to counterintelligence professionals, most of which have a military background?" he said.

But it worked, and the pair have revealed some of the services under offer but not all the services, because in their guise as a customer, they were required to sign a non-disclosure agreement regarding some tactics. 

Spectrum of deception 

Diaz said the tactics run a spectrum from less aggressive to more aggressive "you can do nothing, you can just monitor, you can hack back", he said. 

That spectrum begins with active defense, which is anything that makes it harder for a company to hack even in the middle of an attack. "The idea is very simple," Diaz said. "It is to decrease the attackers' return on investment, to spend more time on their internet attack [than] on us." 

Moving along the spectrum, firms can also set up honeypots to attract and trap hackers with false but tempting data or access points, as well as fake applications, servers and credentials. "That's nothing new from the technological perspective, but there's some really cool implementations," said Creus. 

However, the pair of researchers said they have some doubts "about the effectiveness of this approach", saying such tactics are best at tracking hackers moving throughout your infrastructure, but will not trap a targeted attack on a CEO, for example. 

Plus, any effort in one area may take the focus away from basic security measures. The security experts discussed an attack on a Middle Eastern bank where hackers worked their way through the internal infrastructure, eventually finding a plain text file of login credentials. Had that been fake, the use of the dodgy logins would have set off alarms, which suggests that planting false data could work in some instances.

"In this case, it would have been super-effective," said Diaz. "But to start with, why do you have a plain text file with user names? You can do more first."

A step further 

The last round of countermeasures were not fully detailed, but Kaspersky suggested it includes more serious efforts such as hacking back against attackers. Any company should consider two challenges aside from legal ones before undergoing such measures, the researchers said. 

First, make sure the attack has been attributed properly. "[It will go badly] if you don't know who your attacker is and you try to play tricks on them," said Creus, noting that the counter intelligence firms in question do not all offer attribution capabilities. "This is surprising as it is key if you want to respond to your attacker effective response depends on our knowledge of the adversary." 

Secondly, counter intelligence is difficult. "There is no software that can do counter intelligence for you, you can't automate it, you need deep internal knowledge," said Diaz. 

"These kinds of technologies will not be of general adoption anytime soon as you need to be very mature in your security to apply them effectively," added Creus.

Featured Resources

Four cyber security essentials that your board of directors wants to know

The insights to help you deliver what they need

Download now

Data: A resource much too valuable to leave unprotected

Protect your data to protect your company

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

Recommended

Phishing attacks surge ahead of Black Friday and Cyber Monday
Security

Phishing attacks surge ahead of Black Friday and Cyber Monday

17 Nov 2020
Wisconsin Republican Party allegedly loses $2.3 million to hackers
hacking

Wisconsin Republican Party allegedly loses $2.3 million to hackers

30 Oct 2020
What is hacktivism?
hacking

What is hacktivism?

13 Oct 2020
Microsoft: Iranian hackers are exploiting ZeroLogon flaw
Security

Microsoft: Iranian hackers are exploiting ZeroLogon flaw

6 Oct 2020

Most Popular

80% of cyber professionals say the Computer Misuse Act is working against them
Security

80% of cyber professionals say the Computer Misuse Act is working against them

20 Nov 2020
Cisco acquires container security startup Banzai Cloud
Security

Cisco acquires container security startup Banzai Cloud

18 Nov 2020
46 million Animal Jam accounts leaked after comms software breach
Security

46 million Animal Jam accounts leaked after comms software breach

13 Nov 2020