For many this may be their first foray in to what deception technology is though it has a rich history in many domains of conflict. When dealing with sentient attackers who operate in a territory (especially one you exert control over), there is ample opportunity to deceive and misdirect them, including tricking them in to betraying their presence or true intent.
One of the oldest examples of deception technology is from military campaigns that employed mixes of misinformation and misdirection, but especially visual deception. Using camoflauge, lures, or decoys to mislead your enemies has been documented back to Sun Tzu’s ‘The Art of War’. More recently in World War II , Operation Bodyguard deceived the Nazis as to the time and place of the allies invasion of North West Europe (i.e. Normandy). More recently one could even think of the Edward Snowden revelations about NSA tools such as Quantum Insert as a form of deception technology at scale, where man-in-the-middle attacks were used to deceive target browsers with spoofed TCP streams and payload serving content (though in times of peace one is hard pushed to call this a form of active defense rather than just unilateralism).
Today, deception technology is even more far reaching and poignant due to how our information rich and networked society operates. Organisations vie for mindshare and there’s a fine line between advertising and pyschological warfare. We are all succeptible to certain forms of honeytrap as we can be emotionally manipulated or deceived in to believing untruths or fiction due to our innate desires and cognitive vulnerabilities. In certain countries, law enforcement use honeytraps or sting operations to try to lure and deceive a person or group in to demonstrating their true intent. In a policing context it’s a tricky topic that walks the line between ethics and entrapment (depending upon aspects of coercion) but a tactic that is par for the course in a theatre of war, for espionage, or when digitally defending your home turf.
In this digital world one thing is guaranteed; code contains bugs, systems have weaknesses, and humans are fallible. Either individually or in combination these vulnerabilities are what attackers seek to exploit when moving through their attack phases. During reconaissance they will not pass up on subsequent utilisation of low hanging fruit such as misconfigurations and mislaid credentials (as they need to escalate their privilieges across a network domain). By feigning internal weaknesses in your digital systems (rather than your external ones) it is possible to deceive an attacker in to divulging their presence in minutes rather than months.
Whether it’s cloud based systems or on-premises devices, an attacker must engage with their targets in some manner be it by reading, writing, or executing some data across a channel. For them to continue to map and move they also need to resolve hostnames. To assume roles, understand access privileges, or leverage new vectors of attack they need to test the credentials they find, or exploit. Each of these steps lends themselves to using deception technology to uncovering an attacker sooner rather than later. By feigning weakness and leaving false logins, neutered API keys, and hostname lures in strategic locations, you can detect, direct, and even control an attackers next steps. Now they only need to trip up and fail once, not you! This effectively turns the tables on an attacker and raises their bar to remain undetected. In this post-breach world, compromise is inevitable yet data, financial, and reputation loss is not.
By integrating low cost deception technology in to your systems or code deployment pipeline, you empower your digital defense teams to respond in minutes, not months. Try some free honeytoken deploys on your CI/CD pipeline for deterministic Incident Response triggers?How Deception Benefits