URLTrap

http-url
A URLTrap is a unique URL that is attractive to cyber-criminals and would-be wrong doers. With the intention of luring them into clicking the URL, the URLTrap is given an enticing name such as passwords.xlsx or companyfinancials.docx. Whenever these URLs are resolved, such as by clicking on them, an alert is triggered.

Here’s an example of a unique URL

http://tryit.watchpointdata.com/tags/ndali4xta7jv8gcquol0yefue/post.jsp

This URL is just an example, the end of the URL can be whatever you choose, as long as you include your unique token ndali4xta7jv8gcquol0yefue. Here are some more examples:

http://tryit.watchpointdata.com/tags/ndali4xta7jv8gcquol0yefue/secret.html
http://tryit.watchpointdata.com/tags/ndali4xta7jv8gcquol0yefue/passwords.xlsx
http://tryit.watchpointdata.com/tags/ndali4xta7jv8gcquol0yefue/companyfinancials.docx

Once you have generated your own HackTrap, you can use it wherever you’d like. The URLTrap gets triggered whenever someone requests the URL.

For extra sneakiness, create a CNAME on your internal and external DNS servers, that resolves to the URL. For example, here is a URLTrap that I generated, http://ht.watchpointdata.net/about/p89lgikwljf89341whaoe4htr/post.jsp. I then created a CNAME of trapserver.acme.com which resolves to http://ht.watchpointdata.net. My new URLTrap now looks like this, http://trapserver.acme.com/about/p89lgikwljf89341whaoe4htr/post.jsp. That way you can use your own domain name and it will still trigger an alert!

Ideas for use:

Email

Create an email with an interesting subject line like “Company Login Credentials” and append that to the end of the URL with an accurate file extension like .xlsx, .docx or .pdf.

For example, take the unique URL given and change it to: http://tryit.watchpointdata.com/tags/ndali4xta7jv8gcquol0yefue/CompanyLoginCredentials.xlsx. Cybercriminals monitoring my email would see this tempting subject line, open the email, and click the URL. Once the URL is resolved, an alert is generated.

Embedded in Documents

Create any number of files, again with appealing names, and use them as bait to attract cybercriminals into opening the document. Place the URLTrap into the document and once the URL is selected, an alert is generated.

Web Pages

Insert the URL into a web-page that would only be found through brute-force attack, such as with automated software. Cyber-criminals use a technique called “scraping” to extract and save the data from your webpages to their local machines. Not only can they then copy your website, they can also look for security weaknesses, personal information, and other mis-configurations. A URLTrap will notify you of the suspicious behavior when the cyber-criminal inspects the URL.

For additional recommended reading, please visit our Need to Know page.