New Tool Debuts for Hacking Back at Hackers in Your Network

  /     /     /  
Publicated : 22/11/2024   Category : security


New Tool Debuts for Hacking Back at Hackers in Your Network


Deception technology firm Cymmetria offers a new offense option for defenders.



Call it hacking back, call it next-generation incident response, but dont call it illegal: thats how security firm Cymmetria frames a new security platform it rolled out today.
Cymmetrias newest deception technology platform, called MazeHunter, lets organizations engage with attackers that infiltrated their network and are operating on their machines. The company calls this legal hackback, and along with the new tool also published a framework for organizations to determine what types of actions they can perform legally against the attacker in their network, as well as within their risk profile.
The idea for kicking deception and incident response up a notch with legal hack-back came via two of Cymmetrias customers, a Fortune 500 telecommunications firm and a major financial services firm, which separately approached Cymmetria about their interest in hacking back at attackers that had taken over machines in their networks. They wanted to connect to the computer inside [their] network and steal their toolsets or perform more proactive incident response tasks, says Gadi Evron, founder and CEO of Cymmetria.
Hacking back has long been a controversial topic in security circles. The act of attacking an attacker head-on outside your network is a high-risk practice that most experts do not recommend because it can quickly backfire or escalate an attack. Not only is it potentially dangerous, its also illegal in the US under the Computer Fraud and Abuse Act (CFAA) to purposely access a computer without proper authorization. (However, a movement to legalize some form of hacking back was most recently introduced last week by Reps. Kyrsten Sinema, D-Ariz,. and Tom Graves, R-Ga. Their bill,
H.R. 4036, the Active Cyber Defense Certainty Act
, would amend CFAA.)  
I dont think hacking back is a good thing. I also dont think its a productive thing to engage with attackers, says Itzik Kotler, CTO and co-founder of SafeBreach, of hacking hackers outside your network. Attackers can hide behind layers of IP addresses, and abusing others systems or networks, for instance, can lead to collateral damage in a hack-back situation, he points out.
But Cymmetria says its new legal hackback
MazeHunter
 passes CFAA muster because it only allows organizations to attack their own machines within their own network. They can interface live with the attacker camped on their machine, allowing them to feed phony data via deception technology, for example, or access the attackers tools to thwart further attacks.
Cymmetrias automated Hack Back allows us to take the fight directly to the enemy, battling them on our own terms, said a senior executive from a telecommunications customer that requested the feature from Cymmetria. Theyre on our turf, and we use that to our advantage.
The difference between this form of hacking back and pure incident response, according to Cymmetria, is that MazeHunter lets the victim organization run any payload on the infected machine to engage with the attacker, live. You dont have to wait for forensics, after the fact. It extends the capabilities of incident response … so you can collect on their toolset, instead of [wondering] what are they doing to us? Evron explains. It also provides an automated way to contain or mitigate the attack.
Joe Stewart, a security researcher with Cymmetria, says its also not a manual process like traditional incident response. In the past, it was lets find that machine and send someone over to physically take it down, do forensics or use a tool we can launch, he says. By then, the attacker is gone and youve lost an opportunity to gain more information or even thwart the attackers spread, he says.
Why not just instantly launch our response right then and there … Get on that machine really quickly, get the payloads they have before they delete it and forensics is built in, he adds. They can launch PowerShell, Metasploit, or other payloads on the attacker in their machine to fight back and thwart the attack, he says.
And unlike hacking back outside the network, the target is known. They can be more aggressive in their response because they are 100% confident that the machine has a bad actor on it because theyve been employing deception technology and watching the attacker take the bait, for example, he says.
Deception Not Mainstream
But deception technology such as Cymmetrias remains a rarity, adopted mainly by the usual early adopters: government, financial services, and telecommunications providers. The concept isnt new: honeypot lures have been around in the research field for years. But a wave of deception technology startups such as Cymmetria, Illusive Networks, and TrapX, as well as veteran security firms, offer commercial products that allow organizations to be a bit more aggressive in their defenses with phony devices or fake data to lure and catch attackers in action.
[Hear INGuardians John Sawyer discuss Using Offensive Tools to Improve Enterprise Cyber Defense at the INSecurity conference at National Harbor, Md., on Wed., Nov. 29. Register 
here
.]
The so-called legal hack-back approach now offered by Cymmetria takes deception and incident response to the next level. Even so, most organizations are still mainly concerned with minimizing the damage and getting back to business after an attack.
John Sawyer, senior managing researcher with INGuardians, says in most incident response cases, victims are all about returning to normalcy: The primary goal is to make sure data didnt get stolen and equipment is back online. Its not about attribution; thats a little harder, he says, although some organizations would like to know who was behind their security incident. 
Related Content:
Deceit As A Defense Against Cyberattacks
Deception: A Convincing New Approach to Cyber Defense
7 SIEM Situations That Can Sack Security Teams
10 Time-Consuming Tasks Security People Hate
Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity
agenda here
.

Last News

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
New Tool Debuts for Hacking Back at Hackers in Your Network