Deception as Defense - Turning the Tables on the Hackers

Written by

In the cat and mouse game between cyber-criminals and organizations, for years it has seemed that the balance of power has been firmly on the side of the criminals. This is an era in which organizations accept that cyber-attacks are unavoidable and that the determined criminal can, and will, get inside their networks. It is the cyber-attackers who are in the driving seat, deciding when, where and how they launch their attacks. Using a variety of tools and techniques based on subterfuge to deceive their targets, and bypass perimeter and endpoint security defenses, they can stay undetected for longer and quickly change their strategies to achieve their goal. 

However, these battle lines are shifting. New approaches are emerging in which organizations can turn the tables on the attackers. These allow them to regain control by introducing deception techniques into their own armory of tools to protect against attacks. In this way, the strategy of deception can be a powerful ally to organizations seeking not only to detect attacks more swiftly but also to gather important information about the activities of cyber-criminals. The means are now available for CISOs to close in on cyber-criminals by using deception to their own advantage. 

Distraction, Diversion and Deception
Deception is an age-old tactic used by cyber-criminals to out-manoeuvre their target: attackers are constantly using techniques to hide their identity, remain undetected or conceal their activities and find the weak spots in their target’s network which can be exploited.

Think of the most prolific forms of attacks today: these will often use social engineering or other stealthy techniques to bait victims into revealing personal information, or to click on links that purport to look like legitimate websites. This is now a particular challenge for organizations, given that phishing is one of the most common delivery methods for ransomware. DDoS attacks are a smokescreen using distraction to deceive the IT Team so that data can be exfiltrated via a back door. 

With more defenses in place, cyber-criminals have to plan their actions carefully to get past the network undetected. However, the traditional security controls and defenses that are in place, from AV to firewalls, are transparent and visible, which ultimately favor the cyber-criminals. They can stay undetected for longer and, once they have bypassed perimeter defenses, they can start reconnaissance and move laterally across the network. 

Setting Off the Traps
Given that traditional defense methods are no longer enough, organizations need to re-think their game plan when it comes to detecting and preventing attacks. As deception can be used in attacks – why can’t the same tactics be applied in cybersecurity?

Deception as a defense mechanism has long been used in kinetic warfare to throw the enemy off their tracks: think of the use of fake signals or fake intelligence. Advanced deception technology is the cyber equivalent of leaving a trail of breadcrumbs leading intruders down a false path, enabling organizations to detect the early phase, reconnaissance stage of an attack. It draws an attacker into an environment where resources that may appear to be attractive, are not what they seem to be. 

By emulating genuine IT assets, hackers can be lured into a trap which triggers a warning that an attacker is present. Traps can emulate devices, systems or assets, such as medical devices, point of sale terminals or financial networks. To the would-be attacker inside the network, these are indistinguishable from a genuine IT asset. These new techniques are a long way from the traditional ‘honeypots’ which are deployed one at a time: new approaches can be scaled far more easily and don’t require manual administration. 

Deception is also helping organizations to gain valuable information about cybercriminals’ tactics and procedures, such as, which systems they’re targeting, if they’re attempting to steal data or if they’re attempting to deploy ransomware. Armed with this knowledge, they can make more informed decisions about security policies or refine where resources need to be allocated. 

As in any defense strategy, we need to deploy a range of tactics to keep the adversary at bay. Deception is giving organizations a new way of dealing with intruders which means that rather than waiting for the ‘hit’, they can play the criminals at their own game – and defeat them. 

What’s hot on Infosecurity Magazine?