Refining Cyber Situation Awareness with Honeypots in Case of a Ransomware Attack
Ihanus, Jouni; Kokkonen, Tero; Hämäläinen, Timo (2024)
Avaa tiedosto
avautuu julkiseksi: 11.05.2025
Ihanus, Jouni
Kokkonen, Tero
Hämäläinen, Timo
Editoija
Rocha, Álvaro
Adeli, Hojjat
Dzemyda, Gintautas
Moreira, Fernando
Poniszewska-Marańda, Aneta
Springer
2024
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi-fe2024061955544
https://urn.fi/URN:NBN:fi-fe2024061955544
Tiivistelmä
The cyber threat landscape is vast and unstable. One of the top threats in the present moment is ransomware, which is constantly spreading in prevalence. To protect organisations’ cyber operating environment, ability to perceive elements relating to this threat is crucial. At the same time, many security controls face challenges in terms of fidelity of the security events. In this paper, honeypot technology is studied to support situation awareness in case of a ransomware attack. Especially detection capabilities of the honeypots are considered from the perspective of technical characteristic of ransomware. As a conclusion, we propose a construction model for enhancing cyber situation awareness using honeypots during various stages of a ransomware attack. Additionally, the analysed results are explained with identified future research topics.