Monday, 26 October 2020 23:44

Using fake data to protect against cyberattacks

By Jim Cook Attivo Networks
Jim Cook, ANZ Regional Director Attivo Networks Jim Cook, ANZ Regional Director Attivo Networks

GUEST OPINION by Jim Cook, Attivo Networks:  Separating truth from fiction in these days of social media campaigns and so-called fake news can often be challenging. As a result, false data that appears valuable can influence people.

While such trends are a concern, deception can actually be a good thing for cybersecurity. Security teams are increasingly using fake data to deceive cybercriminals, thus helping the team protect IT infrastructures in new and innovative ways. 

The approach works because attackers usually don’t know the details of a network or have the privileges they need to steal or encrypt information. This lack of knowledge allows security teams to place false information in locations with the expectation that a criminal will access it, allowing the team to lure attackers away from critical assets and into the trap of a decoy.

By letting cybercriminals think they are getting what they’re looking for, defenders can lead them to a deception server that appears to contain the database, web server, application, or other assets that the adversaries were seeking.

Then, because the security teams have fooled the criminals into believing they have found the resources they want, they will continue their attack and hopefully reveal valuable details about themselves. The goal is to give attackers information that leads them to do what the security team wants them to do rather than what they are trying to achieve.

Making a ‘fake’ strategy work
Security teams need to take several steps to use fake information to lure and misdirect cybercriminals. The first is concealing the data, files, folders, and other assets that adversaries want so attackers can’t see them, but employees can readily access them. Along with the ability to deny access, this approach can be quite powerful. A cybercriminal cannot encrypt, erase, or steal that which they can’t find.

The second step involves strategically placing fake data that appears real within the network so that, as attackers attempt to access that data, the simulated data leads them into an environment where defenders can gather information on their tactics, techniques, and procedures.

Using fake data in this way, security teams can gather real data that will enable them to craft even more effective deceptions. Because they know more about the people attacking them, the team can better fortify their organisation’s security defences in the future.

One should remember that attackers often prioritise Active Directory assets in the hope of stealing administration-level credentials that can fascilitate their movement within an infrastructure. Placing a fake Active Directory server containing false credentials can lead to an attacker believing they have located what they were seeking. However, the moment they try to use those credentials, they generate an alert.

Simultaneously, if cybercriminals are looking for applications with known vulnerabilities to exploit, feeding them a fake application or web server when they scan the ports in question is likely to foil their plans. They may think they can utilise those vulnerabilities when, in reality, the security team is fooling them.

Adopting a strategy of planting fake data and resources within a network can be a powerful option for every size organisation. While it does not remove the need for perimeter protection, it adds a layer that can prevent cybercriminals from locating the assets they seek. Consider how you can use this strategy within your infrastructure. The result could be well worth the efforts.

Subscribe to ITWIRE UPDATE Newsletter here

Now’s the Time for 400G Migration

The optical fibre community is anxiously awaiting the benefits that 400G capacity per wavelength will bring to existing and future fibre optic networks.

Nearly every business wants to leverage the latest in digital offerings to remain competitive in their respective markets and to provide support for fast and ever-increasing demands for data capacity. 400G is the answer.

Initial challenges are associated with supporting such project and upgrades to fulfil the promise of higher-capacity transport.

The foundation of optical networking infrastructure includes coherent optical transceivers and digital signal processing (DSP), mux/demux, ROADM, and optical amplifiers, all of which must be able to support 400G capacity.

With today’s proprietary power-hungry and high cost transceivers and DSP, how is migration to 400G networks going to be a viable option?

PacketLight's next-generation standardised solutions may be the answer. Click below to read the full article.


WEBINAR PROMOTION ON ITWIRE: It's all about webinars

These days our customers Advertising & Marketing campaigns are mainly focussed on webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

We have a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you.


Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News