How to Use Canary Tokens for Threat Detection?
2019 was a record year for cybercrime. Hackers exposed over 4 billion records for a total worldwide cost of $600 billion in damages. 2020 is not shaping up to be much better. In fact, in the chaos caused by COVID-19, more and not fewer cyber-attacks are happening.
To combat hackers, more people are turning to canary tokens. This guide covers everything you need to know about canary tokens, including when and how to use them to improve your security.
Threat Prevention vs. Detection
Canary tokens are fantastic. They’re somewhat easy to use, and you can deploy them in countless effective ways. But they help to DETECT threats, not to PREVENT them.
Canary tokens work best as a part of a comprehensive cybersecurity plan. You also need to consider digital safety tools and practices like:
- A VPN (a virtual private network) to protect your internet connection
- File encryption tools
- Secure file backups
- Password managers to safeguard your login credentials
- Automatic updates for software and your operating system
- Antimalware and antivirus software
- Browsers tools that block pop-ups, scripts, trackers, and other malicious web items
What Are Canary Tokens?
Canary tokens, also called honeytokens, have long been a useful internet tool. You can place them on your website, in your email, on your device, and in other locations. Once touched, they trigger an alert.
You can use them in many scenarios, including:
- Concealed in MS Word and Acrobat files
- Embedded within applications to detect reverse-engineering attempts
- Activating a token when an action occurs, such as opening a file, making changes, etc.
- Deployment in cloud tools
How to Set Up a Canary Token
All you have to do is select the type of token you want to create. Here are four different examples of using canary tokens.
1. Adobe PDF Reader Document
From the Canary Token platform, you can generate an alert for both Adobe PDFs and MS Word documents. Then you select an email or webhook URL.
You can choose where to deploy the Acrobat/Word file. Often, network admins place it on a server to detect unauthorized access. They might title it as something interesting to hackers like “2019 employee tax information” to draw them in.
Hackers might think they’re getting their hands on juicy personal data. But, once somebody opens the file, the owner of the token gets an alert. They can see valuable information about the intruder, including their IP address and approximate location. It helps to understand the nature of the threat better.
2. Windows Explorer Alert
Setting up a Windows Explorer alert lets you detect device-level intrusion. It’s a good option, especially for suspected threats on senior personnel devices.
You have options too. You can set the icon image, set a custom path, and more. The result is, you can get a notification not only any time somebody tries to open the file but for all kinds of unauthorized access to Windows Explorer.
3. Website Clone Notifications
Hackers often fake web pages and then target unsuspecting victims. These then enter their login credentials or payment information, believing it’s the real site.
4. View Private Message Behavior
It is a little less security-oriented, but a fascinating display of what Canary tokens can do. You can set alerts for every time somebody checks a private chat.
When somebody logs into Slack, the platform generates a URL preview. If you deploy a Canary token in a Slack channel, you can see real-time updates when people open the chat box—even if they don’t open the link.
It also works on Skype, WhatsApp, Facebook, iMessage, and Wire. In these cases, you can use the canary link to make sure nobody is snooping on a conversation you want to keep private.
Canary Tokens: The Bottom Line
Canary tokens are a great way to detect unauthorized access. You can use them on system files, websites, messages, and documents, but there’s far more you can do with them.
But, once again, canary tokens only help with threat detection. They don’t protect your data in any way. Whether you use them or not, you still need security tools like VPNs, antivirus software, and more to stay safe online.
Rebecca James: Enthusiastic Cybersecurity Journalist, A creative team leader, editor of PrivacyCrypts. Follow her on twitter.