Ebserh (Brazilian Company of Hospital Services) is now part of a collaborative project to detect cyber threats thanks to an unprecedented partnership created by CAIS (Security Incident Assistance Center) of RNP with CEDIA (Ecuadorian Corporation for the Development of Research and Academy), responsible for the National Research and Education Network of Ecuador, and The Shadow Server Foundation, non-profit organization that promotes cybersecurity worldwide.
The Sensores.lat project, of which Ebserh became a collaborator, is used to identify malicious activity through a network of sensors installed in institutions in Latin America and the Caribbean. The equipment collects information about cyber attacks on the continent using honeypots distributed across countries.
The 'honey pot' to trick hackers
As the name implies, the technology acts as a 'trap' for digital criminals. “The honeypot is a vulnerable configured system. It tricks malicious users into thinking it is a real target, when in fact it is not. When malicious users enter the system, it is possible to understand the behavior of these users, and this information can be used to make our environments safer”, says Rodrigo Facio, an RNP employee who coordinated the project's implementation. “All the activities of malicious users, how they act, what commands were executed, their source IP, generate inputs so that we can understand their steps and thus better protect our networks”, adds Facio.
The Sensores.lat project is coordinated by CEDIA, in cooperation with The Shadow Server, and uses honeypots and is distributed across countries and is mainly focused on the Internet of Things (IoT). In this way, the identification and mapping of malicious activity are shared with 109 security teams - security incident response centers (CSIRT) and more than 5,000 organizations (network owners) around the world, at least 50 sensors will be installed in 15 countries.
Low cost of operation and high return to the security ecosystem
RNP, which has been supporting the structure of Ebserh's Network Incident Handling Team, has implemented the sensors in two locations in Brasília and intends to expand in the future. The initiative promises to improve the cybersecurity ecosystem of the hospital network.
“It is a very interesting project for everyone, because it demands a low cost of operation and implementation. In addition, the security teams gain through the exchange of information and visibility of malicious activities in each country”, emphasizes Facio.
Thus, honeypot sensors can make a decisive contribution to overcoming one of the main challenges in today's fight against cybercrime: identifying the origin and modes of action of malicious users. The tool is particularly relevant in an increasingly digitized environment for the provision of public services, in which the dimension of cybersecurity is essential for the functioning of these services.
Linked to the Ministry of Education, Ebserh's purpose is to provide free medical-hospital assistance, outpatient services and diagnostic and therapeutic support to the community, as well as providing support to federal public educational institutions for research and extension, teaching-learning and training people in the field of public health.