How to Use Canary Tokens for Threat Detection?

Advanced Persistent Threat What You Need to Know

2019 was a record year for cybercrime. Hackers exposed over 4 billion records for a total worldwide cost of $600 billion in damages. 2020 is not shaping up to be much better. In fact, in the chaos caused by COVID-19, more and not fewer cyber-attacks are happening.

To combat hackers, more people are turning to canary tokens. This guide covers everything you need to know about canary tokens, including when and how to use them to improve your security.

Threat Prevention vs Detection

Canary tokens are fantastic. They’re easy to use, and you can deploy them in countless effective ways. But they help to DETECT threats, not to PREVENT them.

Canary tokens work best as a part of a comprehensive cybersecurity plan. You also need to consider digital safety tools and practices like:

  • A VPN (a virtual private network) to protect your internet connection
  • File encryption tools
  • Secure file backups
  • Password managers to safeguard your login credentials
  • Automatic updates for software and your operating system
  • Antimalware and antivirus software
  • Browsers tools that block pop-ups, scripts, trackers, and other malicious web items

What Are Canary Tokens?

Canary tokens, also called honeytokens, have long been useful internet tools. You can place them on your website, in your email, on your device, and in other locations. Once touched, they trigger an alert.

You can use them in many scenarios, including:

  • Concealed in MS Word and Acrobat files
  • Embedded within applications to detect reverse-engineering attempts
  • Activating a token when an action occurs, such as opening a file, making changes, etc.
  • Deployment in cloud tools

How to Set Up a Canary Token

All you have to do is select the type of token you want to create. Here are four different examples of using canary tokens.

1. Adobe PDF Reader Document

You can generate an alert from the Canary Token platform for both Adobe PDFs and MS Word documents. Then you select an email or webhook URL.

You can choose where to deploy the Acrobat/Word file. Often, network admins place it on a server to detect unauthorized access. They might title it as something interesting to hackers, like “2019 employee tax information”, to draw them in.

Hackers might think they’re getting their hands on juicy personal data. But, once somebody opens the file, the token owner gets an alert. They can see valuable information about the intruder, including their IP address and approximate location. It helps to understand the nature of the threat better.

2. Windows Explorer Alert

Setting up a Windows Explorer alert lets you detect device-level intrusion. It’s a good option, especially for suspected threats on senior personnel devices.

You have options too. You can set the icon image, custom path, and more. You can get a notification not only whenever somebody tries to open the file but for unauthorized access to Windows Explorer.

3. Website Clone Notifications

Hackers often fake web pages and then target unsuspecting victims. These then enter their login credentials or payment information, believing it’s the real site.

All you do is add the canary token code to your website coding. If somebody clones your website, it includes JavaScript, which is essential for its functionality. Running it activates the token, triggering the alert.

4. View Private Message Behavior

It is less security-oriented but a fascinating display of what Canary tokens can do. You can set alerts for every time somebody checks a private chat.

When somebody logs into Slack, the platform generates a URL preview. If you deploy a Canary token in a Slack channel, you can see real-time updates when people open the chat box—even if they don’t open the link.

It also works on Skype, WhatsApp, Facebook, iMessage, and Wire. In these cases, you can use the canary link to make sure nobody is snooping on a conversation you want to keep private.

Canary Tokens: The Bottom Line

Canary tokens are a great way to detect unauthorized access. You can use them on system files, websites, messages, and documents, but there’s far more you can do with them.

But, once again, canary tokens only help with threat detection. They don’t protect your data in any way. Whether you use them or not, you still need security tools like VPNs, antivirus software, and more to stay safe online.


Leave a Comment


Welcome! Login in to your account

Remember me Lost your password?

Don't have account. Register

Lost Password