A honeypot or cybertrap is a computer or computer system intended to mimic likely targets of cyberattacks to lure cybercriminals. In general, a honeypot contains data that appears to be valuable for hackers. Honeypots are set-up to appear to be vulnerable in order to lure these hackers in. If a hacker attacks a honeypot, by using for example viruses, malware or ransomware, the impact and the ways in which the malicious code operates can be monitored. Also, the source of the threat can be collected. Honeypots therefore provide the opportunity for new software development as a form of countermeasure. Also, the threat level can be determined and the effectiveness of countermeasures can be tested.
A difference can be made between two types of honeypots, server- and client honeypots. Server honeypots host a vulnerable application, such as a website, and wait for attacks to happen. Normally, this application is monitored and contained in a separated part of the website. On the other hand, client honeypots use applications, such as a web browser or an email program, to actively seek for viruses to attack the system. Honeytokens are files on connected computersystems that are attractive for hackers that already gained access to a system. The files (or access token, e-mailadres, URL, fake account) are monitored by a detection system.
Related keywords: cybercriminal modus operandi, deflect cyber-attack, sacrificial computer system, decoy, e-mail trap, decoy database, deception technology, spider honeypot