Introducing caffeine deception

Introducing caffeine deception

What is the most valuable asset in your organization?

Code? Information? Servers?

All of these are artifactsjust some cattle to herd.

 

Think harder.

What were the recent years’ wars all about? Not one of the above, that’s for sure.

Countries fight over fueloil or gas. Whatever floats your boat. In your organization, the fuel you need to fight for is the substance that runs your most beautiful minds. Caffeine.

 

A quick Google search of “code protection”, “information protection”, or “server protection” produces a lot of articles and products. “Caffeine protection”? Nothing relevant.

 

The horror of this scenario can collapse your empire in minutes. What tools do you have in your arsenal for defense against this? The truth is that there are none.

 

But truth is yesterday’s technology. The new medicine is about placebo, the new journalism is about fake news, the business of product management is about mockups, and bool(0.0001) is True. The new cyber? That’s cyber deception.

 

Today, for the first time in history, and exactly 20 years after the famous Hyper Text Coffee Pot Control Protocol was specified in RFC-2324, cyber deception presents a new player in the game: CoffeePotBlockChainBigDataCyberX_new2®.

 

The revolutionary RFC-2324 translated the millennia-aged coffeepot and teapot language into a simple, efficient HTTP protocol. Two decades have passed and nobody talks with coffeepots anymore.

Here at Cymmetria, the CoffeeX team carefully implemented these protocols to behave just like your production coffee machine. The new coffeepot and teapot machines will feed your attackers with their favorite flavors and won’t raise any suspicionbut for every action the attackers carry out, a detailed alert will appear in MazeRunner.

 

Here is our teapot. Unless I told you, you wouldn’t be able to tell that it’s not a real teapot, would you?

It runs on a Raspberry Pi, and its IP is 192.168.3.14.

Here you can see the teapot decoy on the MazeRunner Campaign screen.

The teapot decoy is active, waiting like a predator for the attacker to ask for a cup of tea.

As soon as the attacker sends a request, they will receive an appropriate response, like a real coffeepot or teapot would provide. But behind the scenes, your sysadmin will be notified with detailed alerts about your attacker’s moves and their favorite drink.

Good intelligence is the prerequisite for effective action.

The code is available here.

MazeRunner allows you to create reliable stories with a large variety of services like Windows machines, MySQL, OpenVPN, SSH, SMB, and many more.

Starting today, coffeepots and teapots are no longer prey, but predators.

You are safe now.