Why CISOs should consider honeypots: Another player in the AI honeypot space is Deutsche Telekom (DT). The firm is both a user and purveyor of AI-powered honeypots through its free, open-source platform ‘T-Pot.’ The most obvious advantage to their use, explains Marco Ochse, DT’s lead for threat analytics and mitigation, lies in how little these traps cost to set up and run compared to their antecedents. “In practical terms, AI changes the economics of deception,” says Ochse. “It allows [the organization] to scale believable interaction without [the usual] cost and complexity.”That doesn’t come at the expense of complexity, adds DT’s chief security officer, Thomas Tschersich. As far as the engineer behind the honeypot is concerned, the difference between the classical and the AI-powered variety is similar to filming a movie scene using complex wooden sets constructed on a back lot or CGI: both are facades, but the latter is much less expensive while remaining nigh-on indistinguishable from a fake city street painstakingly constructed out of plywood. Even better, the AI-powered honeypot can adapt to the requests of the hacker in real time, making it more likely they’ll stay in the trap for longer periods without realizing they’re in one in the first place. In the end, says Tschersich, you can raise the authenticity of interactions with threat actors without this being associated with high investments.That’s become more important amid a spike in attacks on organizations that begin with threat actors having already obtained valid credentials to access systems. In these scenarios, says Candela, defenders “are blind once an attacker is inside” the network. By keeping threat actors occupied at traditional attack points for longer and deploying AI-powered honeypots in less traditional locations, such as APIs and within AI agents, says Candela, organizations can steal a march on their opponents.What, then, are we all learning from the deployment of this larger, AI-powered net? The big development, explains Candela, is the use of AI by the cybercriminals themselves. It is “democratizing attacks” with threat actors now using coding assistants to not only rapidly generate and deploy exploit code at scale but also use AI to probe vulnerabilities in target systems automatically. “Open-source AI red-team tools mean autonomous agents can now scan, exploit and adapt without human input,” says Candela.There are risks to this paradigm. LLM outputs are, after all, essentially the product of very high-level pattern recognition. Cede cybersecurity to this kind of AI, says Canbaz, and you risk leaving the attack surface wide open to exploitation by cybercriminals mounting unorthodox and, therefore, unexpected campaigns. In this future, he continues, “there’s no clear definition of an attacker.”
How attackers may counter the honeypot trap: Candela shares these concerns, envisioning the emergence of ‘deception detection-as-a-service’ providers meeting demand from cybercriminal organizations to root out AI-powered honeypots in companies ahead of breach attempts. Additionally, “sophisticated actors might try to poison honeypot data or manipulate the deception layer,” says Candela, a key reason why Beelzebub’s own deception environment is isolated.The speed of cyberattacks may also increase as hackers, unaware if they’re interacting with a honeypot or not, aim to conduct their nefarious business as quickly and efficiently as possible just in case they’re being watched. “This actually makes deception more valuable, not less,” says Candela, “because speed-focused attackers are more likely to interact with well-placed honeypots during rapid lateral movement.”Time, then, to say goodbye to the classic honeypot? Not necessarily, argues Tschersich. “Static honeypot deployments such as low-, medium- or high-interaction sensors will not be replaced but complemented by AI-powered honeypots in response to a highly automated and AI-driven threat landscape,” he says. Even so the cybersecurity landscape is changing rapidly, with responsibility for attack and defense increasingly shouldered by machines. The AI-powered honeypot, perhaps, is a bridge to that future for good and ill.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4140945/why-cisos-should-embrace-ai-honeypots.html
