What are Canarytokens

You'll be familiar with web bugs, the transparent images which track when someone opens an email. They work by embedding a unique URL in a page's image tag, and monitoring incoming GET requests.

Imagine doing that, but for file reads, database queries, process executions or patterns in log files. Canarytokens does all this and more, letting you implant traps in your production systems rather than setting up separate honeypots.
#
Why should you use them

Network breaches happen. From mega-corps, to governments. From unsuspecting grandmas to well-known security pros. This is (kinda) excusable. What isn't excusable, is only finding out about it, months or years later.

Canarytokens are a free, quick, painless way to help defenders discover they've been breached (by having attackers announce themselves.)

China’s worsening economy and Biden’s ineptitude increase the likelihood of Xi playing the jingoistic card of war and invasion. //

But there’s a way out, one common to dictators: start a war to stoke nationalist fervor.

This option is often overlooked by Western observers, who feel comfortable in their mirror-imaging fallacies. Under this bias, they assume that foreign regimes act with the same rationale as the nations where they have lived, studied, vacationed, or worked.

But despite their increasing complexity, a great many initial intrusions that lead to data theft could be nipped in the bud if more organizations started looking for the telltale signs of newly-arrived cybercriminals behaving like network tourists, Cisco says.

“One of the most important things to talk about here is that in each of the cases we’ve seen, the threat actors are taking the type of ‘first steps’ that someone who wants to understand (and control) your environment would take,” Cisco’s Hazel Burton wrote. “Examples we have observed include threat actors performing a ‘show config,’ ‘show interface,’ ‘show route,’ ‘show arp table’ and a ‘show CDP neighbor.’ All these actions give the attackers a picture of a router’s perspective of the network, and an understanding of what foothold they have.” //

when those stolen resources first get used by would-be data thieves, almost invariably the attackers will run a series of basic commands asking the local system to confirm exactly who and where they are on the victim’s network.

This fundamental reality about modern cyberattacks — that cybercriminals almost always orient themselves by “looking up” who and where they are upon entering a foreign network for the first time — forms the business model of an innovative security company called Thinkst, which gives away easy-to-use tripwires or “canaries” that can fire off an alert whenever all sorts of suspicious activity is witnessed.

“Many people have pointed out that there are a handful of commands that are overwhelmingly run by attackers on compromised hosts (and seldom ever by regular users/usage),” the Thinkst website explains. “Reliably alerting when a user on your code-sign server runs whoami.exe can mean the difference between catching a compromise in week-1 (before the attackers dig in) and learning about the attack on CNN.”

These canaries — or “canary tokens” — are meant to be embedded inside regular files, acting much like a web beacon or web bug that tracks when someone opens an email. //

Thinkst operates alongside a burgeoning industry offering so-called “deception” or “honeypot” services — those designed to confuse, disrupt and entangle network intruders. But in an interview with KrebsOnSecurity, Thinkst founder and CEO Haroon Meer said most deception techniques involve some degree of hubris. //

One nice thing about canary tokens is that Thinkst gives them away for free. Head over to canarytokens.org, and choose from a drop-down menu of available tokens

Use this worksheet to plug in values for all variables that will impact your systems' performance. It will automatically calculate your total link loss and tell you if your system falls within Corning’s recommended guidelines.

The US Department of Energy has reversed former President Trump’s ban on the import of certain electrical equipment from China.

Niagara Power Transformer offers a complete range of liquid-filled power transformers. Our power transformers are designed and manufactured with availability and longevity at the forefront.

The mysterious ’disappearance’ of China’s top diplomat is the latest proof that Xi is a ruthless dictator.  //

A dictator who is cruel to his own people doesn’t care about our people’s well-being. He will not hesitate to harm America and our allies’ interests. The sooner the Biden administration recognizes the true nature of Xi and his regime and develops appropriate policy responses, the better we can protect ourselves and our allies.