Hunting Cybercriminals with AWS Honey Tokens
Researchers at Black Hat Asia demonstrated how they used AWS honey tokens to detect security breaches at scale. BLACK HAT ASIA - Singapore - Security analysts here today demonstrated how to detect security breaches by using Amazon Web Services (AWS) keys as honey tokens to lure cybercriminals. In their presentation, Grzelak and Dan Bourke, senior security analyst at Atlassian, showed how AWS keys can be configured as honey tokens at scale. "If an attacker finds an access key, there's no other way to find if it's useful other than to use the access key," Grzelak said. If AWS keys are configured as honey tokens, a security team can know when, exactly, someone tried to use a specific token to log in. To generate this many tokens, the researchers built Project Spacecrab, which let users create, annotate, and alert on AWS keys, which don't provide access to anything, at mass scale.