Established forms of defense tend to focus on firewalls, encryption methods, secure code, complex passwords and safe practices, two-factor authentication (2FA), login permissions. In this first of a 2 part article we look at Deception Technology which is a new and growing field within Cyber Security focusing on additional forms of defense.
What is Deception Technology?
Deception Technology is a collection of methods and tools which aim to deceive online attackers of websites, computer systems and networks with a combination of decoys and traps.
There are a number of objectives which systems utilizing Deception Technologies aim to achieve:
- Detection – use threat detection mechanisms to alert system administrators of an intrusion.
- Deception – deceive an attacker from obtaining or damaging real assets. This is achieved by providing more easily accessible decoys that imitate genuine assets.
- Delaying – delay an intruder from causing harm in order to gain time to evict the perpetrator and fix the vulnerability exploited.
- Identification – to help expose the true identity of the unauthorized access. This is in order to prevent further violations and ideally gather evidence to pursue a potential prosecution.
Whilst the best line of defense is to stop attacks prior to gaining entry, Deception Technologies can help provide a second line of defense as form of damage mitigation.
Typical problems faced
There are many forms of cyber attacks originating from a wide range of sources, aimed at a variety of targets, and with varied intentions.
Cyber attackers can include criminal enterprises, government bodies, competing companies, activists, ‘script kiddies’, or lone operators.
Hacking activities can be targeted at many types of entities:
- government bodies including military and intelligence
- businesses from all market sectors
- utility and infrastructure companies
- non-profit organizations and charities
- education and research establishments
- everyday members of the public
The types of systems impacted by these attacks, where Deception Technology is relevant for deployment, tend to be enterprise level rather than home or small business. These are typically made up of a combination of one or more technologies such as:
- network management systems
- file servers
- cloud technologies
- process or equipment control systems
- financial or trading systems
- ordering or warehousing systems
The intentions and purposes of attacks can be varied and usually depend on who is initiating the attack and nature of the target itself. These attacks can be with the aim of:
- disrupting systems
- inflicting financial damage
- reaping financial gains
- stealing personal or company data
- causing physical damage to equipment e.g. control systems
- espionage to obtain company or government secrets
- propaganda purposes e.g. defacing websites
- creating a backdoor for exploiting at a later date
Tactics & related terminology
Below are some of the tactics used within Deception Technology-based systems and associated terminology:
- Decoy or Trap – this usually emulates a system or physical device e.g. operating system service, database, application, file server, network router or switch, medical device, PoS (Point of Sales register), ATMs (Automated Teller Machine).
- Endpoint Detection and Response (EDR) – this is the continual monitoring of cyber threats and responding in order to mitigate them.
- GDPR – this is the General Data Protection Regulation that covers data protection and privacy within the European Union (EU).
- HIPAA – this is the Health Insurance Portability and Accountability Act which covers how healthcare information, and other personally identifiable information, is handled and maintained by the healthcare sector within the United States.
- Indicator of Compromise (IoC) – this is an artifact observed on a network or operating system indicating an intrusion.
- Honey Pot – these are put in place to deceive attackers by appearing to be an unprotected information resource. The main aims are to delay or hold up an attack and try identify them.
- PCI – PCI DSS is the Payment Card Industry Data Security Standard for organizations that handle credit cards from the major card schemes. There are 4 levels of compliance depending on the number of transactions processed annually.
In part 2 of this article we will look at solutions that use deception technologies to help defend against cyber attacks.
Do you have experience with Deception Technologies? Are there any techniques which work better than others? Please comment below to share your thoughts.