Deceptive Network Shares

Goal: Detect attempts to access sensitive or restricted network shares.

Approach: Creating and monitoring fake network shares.

Create fake network shares with enticing names or permissions that appear to contain valuable data. Monitor any access attempts to these shares to identify attackers and gather information about their activities.

Engage Goals: EGO0001 Expose

Engage Approach: EAP0002 Detect

Engage Actions: EAC0002 Network Monitoring, EAC0015 Information Manipulation

Name of Element: Deceptive Network Shares

Description of Element:

Goal: Detect attempts to access sensitive or restricted network shares.

Approach: Creating and monitoring fake network shares.

Create fake network shares with enticing names or permissions that appear to contain valuable data. Monitor any access attempts to these shares to identify attackers and gather information about their activities.

Technical Context:

These deceptive shares can be configured with honeypot files or folders, or they can be empty traps designed to trigger alerts upon access. This aligns with the MITRE ATT&CK technique T1083 (File and Directory Discovery).

Other:

Vary the types of files and folders within the deceptive shares to attract different types of attackers.

Leave a Reply