The digital world can be a scary place. Hackers are crawling over the web to steal your data,
launch DDoS attacks, lock down your files with ransomware, and a lot more. Don't you wish
there were a way to fight back?
There is, and it's honey tokens! Honey tokens have been gaining in popularity as a tactic for
business and other types of organizations to fight hackers proactively rather than waiting for a
data disaster to happen.
What are honey tokens? And what are some of the different ways to use them? Find out
everything you need to know below.
What are Honey Tokens?
You've probably heard of honeypots in the real world. These are traps set up for criminals that law enforcement agencies use. The same concept applies in the digital world.
Honey tokens are IT resources created explicitly to attract cybercriminal's attention. They can be various things, including specific applications, servers, data sets, or even small components of files. They must be placed somewhere accessible, like through an open network connection or unencrypted server, so hackers can access them.
On the surface, honey tokens are valuable like a data cache full of sensitive information, but in reality, they're worthless. Once they fall into the trap, network admins and other IT team members can monitor what hackers do with them and often get enough evidence for theft.
Here are a few of the ways honey tokens can be used.
1) Fake Email Addresses
This is one of the simplest forms of honey tokens. Email scams are among the most common attack vectors that hackers use to send out a computer virus. This turns that on its head. You can set up bogus accounts and leave them inactive on your organization's mail server.
If these addresses start getting filled with spam, you can know that somebody managed to access an internal server and start following the tracks.
2) Executable Files
This is a step up and much more complicated. In these fake files, it's possible to set up switches that, when executed, will notify network admins. You'll often be able to get things like the hacker's IP address, names, and follow the trail back to whoever hacked you.
This is definitely a more extreme approach, so be cautious you don't violate any cybersecurity laws yourself when using them.
3) Canary Tokens
Canarytokens (think like a canary) help reveal a ton of information about people who download. They effectively put a tracer onto different kinds of files, including MS Word and PDFs, so you can see who's trying to hack you.
Canarytokens are pretty easy to set up. They require almost no tech skills at all. You can download them directly, then configure, and deploy them in just a few minutes.
4) Amazon Web Services Keys
You probably know the Amazon Web Services (AWS) is one of the most popular cloud platforms. AWS uses digital keys to unlock access to its infrastructure.
They are often a target for cybercriminals because they can directly break into an organization's key assets or reveal vital sensitive information.
So, when hackers see one, they get excited. You can create fake keys, and once hackers test them to see the kind of access they have, you can monitor who is using them and how they're being used without being detected yourself.
Should You Start Using Honey Tokens?
Honey tokens are very powerful tools. But if you're new to them, you should definitely use caution. You don't want to do anything that would put you at risk.
Try them out in smaller places and work together with your IT and Security Professionals. Because once you do master them, they are one of the best defenses out there against cybercriminals.