Ever heard of a honeypot? (Outside of stories involving Winnie the Pooh.)
It’s something Microsoft is using to continually hone and refine its digital security products and capabilities. In today’s post we’ll explain what Microsoft is doing to help keep users safe, plus what that does and doesn’t mean for your business.
Honeypots, Explained
“Honeypot” is a term for any kind of scheme or setup that uses bait (honey) to lure people into a trap. You might hear it in your favorite show about government agencies or law enforcement or fictitious spies. The good guys set a trap, maybe involving a cache of (fake) diamonds or an Old Masters painting that looks just easy enough for the bad guys to try and steal. But it’s a trap, of course, and the good guys invariably catch the bad guys. (Seems like it always goes that way in Hollywood, huh?)
Honeypots work in reverse, too: real-world bad guys often use nothing more than the promise of money to lure unsuspecting law-abiding citizens into their scams and schemes.
Honeypots exist in the digital realm, too. In the hacking and cybersecurity worlds, a honeypot is a trap of sorts — a digital bounty that looks attractive to hackers and digital criminals. But whatever has been set out to attract these bad guys isn’t what it seems to be. Instead, when the bad guys take the digital bait, they end up revealing information about who they are and how they operate.
How Microsoft Is Using Honeypots
Earlier this year, Microsoft set up a bunch of fake tenants that look like either actual computers or virtual machines. These instances looked like normal tenants with access to Azure (Microsoft’s cloud platform).
They’re the sort of thing that bad guys go after: if they can get into one of these tenants, then they can get into at least some of whatever Azure environment those tenants are connected to.
Separately, Microsoft already monitors tons of phishing sites (around 25k) — this is another part of how it keeps users safe.
Here’s the plan so far:
1. Create fake attractive tenants (devices/accounts)
2. Monitor what’s happening on thousands of phishing sites
3. Leak credentials to many of those sites
Step 3 is the devious one: Microsoft then “leaked” credentials for those honeypot systems onto around 20% of those phishing sites.
In other words, Microsoft acted like users got tricked by phishing schemes into giving away their login credentials. Only those login credentials were linked to tenants that weren’t exactly real.
Can you guess what happened from there?
Microsoft sat back and watched as bad guys tried using those credentials to log into these tenants. They watched how the threat actors operated, what their techniques were, and so on.
Then they took the information they learned and built defense mechanisms for those techniques and tactics.
Phishing the Phishers
In essence, what Microsoft is doing here is scamming the scammers, or phishing the phishers. They’re beating the bad guys at their own game, then strengthening their defenses with the information they learned.
How This Matters for You
So, how does this impact you and your business?
Hopefully by reducing the overall risk of being victimized by a phishing attack. Microsoft is strengthening its defenses so that fewer scam emails make it through to your inbox — and so fewer scam sites are successful at stealing your stuff.
But it doesn’t change the basics: you still need to keep your team alert about cyber threats and phishing attempts. And you can still do even more to protect yourself by implementing 2FA or MFA wherever possible. That change is relatively simple, and it exponentially increases your safety level.
Got questions about how to keep your business safe? We can help. Reach out anytime.