A Hell of Honeypots for Cybercriminals, A Hypothetical Cybersecurity Strategy securing BIoT (Blockchain-IoT) Systems.

I read earlier about the developmental procedures currently being used to secure IoT systems against external cyberattacks. These methods as you can guess very well include the utilization of technology such as Blockchain, Artificial Intelligence, and Machine learning. ?In 2020, malware attacks increased by 358% compared to 2019. It then increased by 125% in 2021, threatening businesses and individuals throughout 2022. Many experimental procedures could be used to mitigate this but are not allowed or authorized by law. It appears being offensive to attackers is considered an offense under cybercrime laws, but to what extent this law is practical is unknown as of the time of writing this article.

By law, even though its interpretation is sometimes subject to the jurisdiction, the use of lethal force in self-defense is often a last resort and may be justified only if there is an immediate threat of death or serious injury to the defender or someone else. Even then, the use of lethal force may be subject to certain conditions and limitations, such as the requirement to retreat if it is safe to do so, or the duty to use non-lethal force if it is reasonable and practical. In some cases, a defender who uses lethal force in self-defense may be charged with a crime such as a manslaughter or murder, and the defender would have to prove that their use of lethal force was justified under the circumstances. This is not as clear or reasonable as a cybercrime law.

A typical process for reverse cyberattacks would be to first identify the source of the attack by reviewing log files and analyzing network traffic among others. This is followed by attempts to contain the attack by isolating infected systems or disabling network services. Once done successfully, the best next step is to analyze, remediate and improve the security systems to prevent further attacks. These are of course done manually and, in several steps, as listed by the cybersecurity experts. This is or was the ethical way of doing things, and while it can still be very useful in preventing further attacks, a lot can still be done to even the playing field.

If I were developing a blockchain-based solution combining IoT systems, I would prioritize the security of the system, even if it requires being both offensive and defensive. Ever heard of fighting fire with fire transparently? Transparency is made possible using blockchain technology ?? An ideal scenario I would deploy would simply be to attack the attackers and transparently release their details on a private-public domain all automated. The process is deceptive in nature, luring attackers into traps, or automatically using malware to disrupt an attacker's activities.

That said, let us look into the theoretical approach I would employ in deploying this fire-for-fire security system.

A simple explanation will be to have implementation for the following designs.

1.??????A data masking and advanced encryption level with multifaceted layers of protection. Consider using AES (Advanced Encryption Standard), RSA (Rivest-Shamir-Adleman), ECC (Elliptic Curve Cryptography), Diffie-Hellman, or TLS (Transport Layer Security. ?This is perhaps standard, but what comes next is the unique implementation more like mines in a field to either fend off or delete invaders.

2.??????Automated specialized software tools for reverse hacking built and enhanced as such:

a.??????Decoy data silos masked as the original intended IoT information/data with tier 1 encryption level infused with botnets and isolated from the production environment, controlled by central commands and a control server preconfigured to deliver basically a DDoS attack and malware distribution. This is somewhat like how high-interaction honeypots work: a decoy system or network designed to attract and trap cyber attackers to study the attackers in a defensive manner.

b.??????Data folders with simple installations tagged with commonly wanted information, such as “private keys”, “wallets”, “IDs”, “Payments” etc. This will encourage and allow fast delivery.

c.??????The data silos are equipped with a simple lightweight malware with a payload coded to download more malware once successfully delivered. These comprised of basically RATs designed to launch a wide range of cyber-attacks, including stealing sensitive data, hijacking devices, and disrupting the attacker’s computer systems. Consider building strong malware! The downloaded malware should include both ransomware to encrypt the attacker’s file and locks him/her out of the system in exchange for turning himself/herself in ?? (hopefully there are a lot of valuables to encourage such), trojans to gain unauthorized access and siphon attacker’s personal data to be uploaded on the private chain distributed server, and worms to do irreparable damage to the system and connected networks which can be instrumental in revealing the attacker and the close collaborators.

d.??????Deliver, infect, exploit, and persist by remaining in the system to further leak the exploited data.

e.??????Broadcast the exploited data to the decentralized private network and publish it on secured domains. This will allow organizations to know the data to filter and the security agencies to further the cause in apprehending the perpetrators.

In this scenario, the DDoS attack being automated would flood the attacker’s network with traffic from many dedicated distributed servers, overwhelming the attacker’s server and making it inaccessible and unable to further his treacherous act for a long period.

Note: This may be considered a challenge that creates an unwanted risk of escalating the situation, as attackers may respond with further attacks or retaliation. There is also a risk of attackers discovering and using the system to their own advantage, such as by launching attacks from within the decoy or by using the honeypot as a staging ground for attacks on other systems. Under no circumstance should they be connected to the production environment as it should remain isolated once deployed.

Systems can be enhanced with techniques such as network segmentation, intrusion detection, and prevention systems. They can also use machine learning and other AI tools to monitor network traffic and identify suspicious patterns and anomalies. However, it is important to note that AI is not a silver bullet for cybersecurity, and can also be used by defenders to identify and respond to attacks. Ultimately, the best defense against cyber-attacks is a combination of technology, process, and human expertise, backed by a strong culture of security and awareness.