The cyber threat landscape is vast and unstable. One of the top threats in the present moment is ransomware, which is constantly spreading in prevalence. To protect organisations’ cyber operating environment, ability to perceive elements relating to this threat is crucial. At the same time, many security controls face challenges in terms of fidelity of the security events. In this paper, honeypot technology is studied to support situation awareness in case of a ransomware attack. Especially detection capabilities of the honeypots are considered from the perspective of technical characteristic of ransomware. As a conclusion, we propose a construction model for enhancing cyber situation awareness using honeypots during various stages of a ransomware attack. Additionally, the analysed results are explained with identified future research topics.
Authors
Jouni Ihanus, Tero Kokkonen, Timo Hämäläinen
Cite as
Ihanus, J., Kokkonen, T., Hämäläinen, T. (2024). Refining Cyber Situation Awareness with Honeypots in Case of a Ransomware Attack. In: Rocha, Á., Adeli, H., Dzemyda, G., Moreira, F., Poniszewska-Marańda, A. (eds) Good Practices and New Perspectives in Information Systems and Technologies. WorldCIST 2024. Lecture Notes in Networks and Systems, vol 985. Springer, Cham. https://doi.org/10.1007/978-3-031-60215-3_10
