Monday, 26 October 2020 23:44

Using fake data to protect against cyberattacks

By
Jim Cook, ANZ Regional Director Attivo Networks Jim Cook, ANZ Regional Director Attivo Networks

GUEST OPINION by Jim Cook, Attivo Networks:  Separating truth from fiction in these days of social media campaigns and so-called fake news can often be challenging. As a result, false data that appears valuable can influence people.

While such trends are a concern, deception can actually be a good thing for cybersecurity. Security teams are increasingly using fake data to deceive cybercriminals, thus helping the team protect IT infrastructures in new and innovative ways. 

The approach works because attackers usually don’t know the details of a network or have the privileges they need to steal or encrypt information. This lack of knowledge allows security teams to place false information in locations with the expectation that a criminal will access it, allowing the team to lure attackers away from critical assets and into the trap of a decoy.

By letting cybercriminals think they are getting what they’re looking for, defenders can lead them to a deception server that appears to contain the database, web server, application, or other assets that the adversaries were seeking.

Then, because the security teams have fooled the criminals into believing they have found the resources they want, they will continue their attack and hopefully reveal valuable details about themselves. The goal is to give attackers information that leads them to do what the security team wants them to do rather than what they are trying to achieve.

Making a ‘fake’ strategy work
Security teams need to take several steps to use fake information to lure and misdirect cybercriminals. The first is concealing the data, files, folders, and other assets that adversaries want so attackers can’t see them, but employees can readily access them. Along with the ability to deny access, this approach can be quite powerful. A cybercriminal cannot encrypt, erase, or steal that which they can’t find.

The second step involves strategically placing fake data that appears real within the network so that, as attackers attempt to access that data, the simulated data leads them into an environment where defenders can gather information on their tactics, techniques, and procedures.

Using fake data in this way, security teams can gather real data that will enable them to craft even more effective deceptions. Because they know more about the people attacking them, the team can better fortify their organisation’s security defences in the future.

One should remember that attackers often prioritise Active Directory assets in the hope of stealing administration-level credentials that can fascilitate their movement within an infrastructure. Placing a fake Active Directory server containing false credentials can lead to an attacker believing they have located what they were seeking. However, the moment they try to use those credentials, they generate an alert.

Simultaneously, if cybercriminals are looking for applications with known vulnerabilities to exploit, feeding them a fake application or web server when they scan the ports in question is likely to foil their plans. They may think they can utilise those vulnerabilities when, in reality, the security team is fooling them.

Adopting a strategy of planting fake data and resources within a network can be a powerful option for every size organisation. While it does not remove the need for perimeter protection, it adds a layer that can prevent cybercriminals from locating the assets they seek. Consider how you can use this strategy within your infrastructure. The result could be well worth the efforts.


Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments