How to Protect Files With Canary Tokens

We are living in a world where terms such as data breach, vulnerability and cyberattack have been headlines. The number of vulnerabilities doesn’t stop growing and we only have to look back at the year 2018 to see that.

According to CVE Details, a free CVE security vulnerability database/information source, 16,555 vulnerabilities were addressed in 2018. Last year established a new record — an indicator that should be kept in mind for 2019.

The number of problems are on the rise due to the fast growth of technology and the number of devices connected to the Internet. According to statista.com, 23.14 billion IoT devices were connected to the Internet in 2018.

This article provides some hints and tricks on keeping data away from hackers. However, we will not describe an approach to stop the exploitation of vulnerabilities and the leak of information. Instead, a method based on canary tokens can be used by developers and IT professionals to receive alerts when something strange happens in their infrastructures and applications.

What Are Canary Tokens?

Canary tokens, also known as honeytokens, are not new but can be useful as a source of information. They can be understood as unique identifiers that can be embedded in different places. If they are touched, an alert is triggered.

We can use canary tokens in different scenarios:

  • Embedded into applications to help in reverse-engineering detection
  • Detect when someone triggers the canary by activating the token (for example, via a “target file” especially dropped in a private folder. When this file is accessed by an unauthorized user, an alert is generated)

With this simple approach, it’s possible to create a track log on something. Based on the Canarytokens platform available at GitHub, we will perform four use cases below in order to demonstrate (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Pedro Tavares. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/GTkBX7HtyqM/