Fake Cron Jobs

Goal: To identify and gather information about attackers attempting to brute force SSH credentials.

Approach: Monitoring connections to the deceptive SSH server and analyzing attacker behavior.

This element involves creating fake cron jobs that mimic legitimate tasks but trigger alerts or execute harmless commands.

Attackers who attempt to modify or utilize cron jobs for malicious purposes will trigger alerts, revealing their presence and intentions.

Engage Goals: EGO0001 Expose, EGO0003 Elicit

Engage Approach: EAP0001 Collect, EAP0002 Detect

Engage Actions: EAC0015 Information Manipulation, EAC0018 Security Controls

Name of Element: Fake Cron Jobs

Description of Element:

Goal: To identify and gather information about attackers attempting to brute force SSH credentials.

Approach: Monitoring connections to the deceptive SSH server and analyzing attacker behavior.

This element involves creating fake cron jobs that mimic legitimate tasks but trigger alerts or execute harmless commands.

Attackers who attempt to modify or utilize cron jobs for malicious purposes will trigger alerts, revealing their presence and intentions.

Technical Context:

This element can be combined with other deceptive elements, such as deceptive configuration files or fake system logs, to enhance its effectiveness. It aligns with the MITRE ATT&CK technique T1053.005 (Scheduled Task/Job: Cron).

Other:

This element requires careful planning and execution to avoid interfering with legitimate scheduled tasks.

Leave a Reply