deception technology Piergiorgio Venuti

Deception: Tricking Hackers to Secure Your Network

Estimated reading time: 4 minutes

Deception: Comparison with Hackers on Their Ground

“We pay hackers their own coin by using the same defenses and techniques that malware uses against computer systems by modeling the attackers’ decision-making process.”

Introduction to Deception

Deception is a proactive cybersecurity approach that uses traps or decoys to trick attackers into revealing their presence. By transforming the computer system into a minefield of digital traps, Deception disrupts the decision-making process of attackers, exposing their tactics, techniques and procedures.

One of the leading Deception service providers is Secure Online Desktop. This company offers an Active Defense Deception solution that provides a highly interactive deception network designed to deceive and detect attackers.

The Secure Online Desktop Active Defense Deception Service

Secure Online Desktop’s Active Defense Deception service creates a simulated network environment that tricks attackers into thinking they have compromised a system. This environment consists of a variety of digital “decoys” or “decoys” that simulate real computer systems.

The Secure Online Desktop solution also uses advanced deception techniques such as the use of fake credentials to lure attackers into traps. In addition, the service continuously monitors the network environment for any suspicious or abnormal activity. When an attack is detected, the system sends a real-time alert, providing details about the attacker and his tactics.

Deception in the Killchain: An Approach Based on the MITER Framework

Deception can be integrated into any stage of the killchain, as described in the MITER ATT&CK Framework.

First, in the “Reconnaissance” phase, Deception traps can feed false information to attackers, confusing their preliminary research. Later, during the “Weaponization” and “Delivery” phases, traps can simulate apparent vulnerabilities to attract attackers.

In the “Exploitation” and “Installation” phase, the attacker, thinking he has been successful, may try to install malware or perform other malicious actions, further revealing his intentions and tactics. Finally, during the “Command & Control” and “Actions on Objectives” phases, the deceiver can continue to monitor the attacker’s activity, providing valuable information to prevent future attacks.

Practical Cases of Success of Deception

Deception has proven to be effective in various real-world scenarios. Here are some examples:

  1. TrapX Security ↗: TrapX used Deception to stop a hospital ransomware attack. The attackers had been fooled by digital traps, allowing the security team to isolate and neutralize the threat.
  2. Illusive Networks ↗: Illusive used Deception to help a banking organization prevent a data theft. The attackers had attempted to access fake credentials, revealing their presence and allowing the security team to block the attack.
  3. Acalvio ↗: Acalvio ha utilizzato la Deception per bloccare un attacco di spear phishing in un’organizzazione di energia. The digital traps fooled the attackers, allowing the security team to identify and stop the attack.

The Integration of Deception with SOC Services

The Active Defense Detection service of the Secure Online Desktop can be combined with the services of a Security Operations Center (SOC) to further increase network security. A SOC provides a team of security experts who constantly monitor the network to detect and respond to any threats.

Integrating Deception with a SOC allows information gleaned from digital traps to be combined with other sources of security data to provide a more complete view of network activity. Additionally, the information collected by the Deception can be used to improve the detection and response capabilities of the SOC.

For example, if a trap detects an attack, the SOC can quickly isolate the affected part of the network and take steps to neutralize the threat. At the same time, the information about the attack can be used to update the SOC’s detection signatures and improve its ability to detect similar attacks in the future.

Conclusion

Deception represents a step forward in the fight against cyber attacks. With its ability to deceive attackers, monitor their actions, and provide valuable insight into their tactics, deception can be a key element of an effective cyber defense strategy.

Using Secure Online Desktop’s Active Defense Detection service, combined with a SOC, can provide an unprecedented level of security, protecting your network from increasingly sophisticated cyber-attacks.

Useful links:

Share


RSS

More Articles…

Categories …

Tags

RSS darkreading

RSS Full Disclosure

  • SEC Consult SA-20240220-0 :: Multiple Stored Cross-Site Scripting Vulnerabilities in OpenOLAT (Frentix GmbH) February 21, 2024
    Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Feb 20SEC Consult Vulnerability Lab Security Advisory < 20240220-0 > ======================================================================= title: Multiple Stored Cross-Site Scripting Vulnerabilities product: OpenOLAT (Frentix GmbH) vulnerable version:
  • Re: Buffer Overflow in graphviz via via a crafted config6a file February 21, 2024
    Posted by Matthew Fernandez on Feb 20The fix for this ended up landing in Graphviz 10.0.1, available at https://graphviz.org/download/. Details of this CVE (CVE-2023-46045) are now published, but the CPEs are incomplete. For those who track such things, the affected range is [2.36.0, 10.0.1).
  • CVE-2024-24681: Insecure AES key in Yealink Configuration Encrypt Tool February 21, 2024
    Posted by Jeroen J.A.W. Hermans via Fulldisclosure on Feb 20CloudAware Security Advisory CVE-2024-24681: Insecure AES key in Yealink Configuration Encrypt Tool ======================================================================== Summary ======================================================================== A single, vendorwide, hardcoded AES key in the configuration tool used to encrypt provisioning documents was leaked leading to a compromise of confidentiality of provisioning documents....
  • Microsoft Windows Defender / Backdoor:JS/Relvelshe.A / Detection Mitigation Bypass February 21, 2024
    Posted by hyp3rlinx on Feb 20[+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: https://hyp3rlinx.altervista.org/advisories/Windows_Defender_Backdoor_JS.Relvelshe.A_Detection_Mitigation_Bypass.txt [+] twitter.com/hyp3rlinx [+] ISR: ApparitionSec [Vendor] www.microsoft.com [Product] Windows Defender [Vulnerability Type] Detection Mitigation Bypass Backdoor:JS/Relvelshe.A [CVE Reference] N/A [Security Issue] Back in 2022 I released a...
  • Microsoft Windows Defender / VBScript Detection Bypass February 21, 2024
    Posted by hyp3rlinx on Feb 20[+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: https://hyp3rlinx.altervista.org/advisories/MICROSOFT_WINDOWS_DEFENDER_VBSCRIPT_TROJAN_MITIGATION_BYPASS.txt [+] twitter.com/hyp3rlinx [+] ISR: ApparitionSec [Vendor] www.microsoft.com [Product] Windows Defender [Vulnerability Type] Windows Defender VBScript Detection Mitigation Bypass TrojanWin32Powessere.G [CVE Reference] N/A [Security Issue]...
  • Microsoft Windows Defender / Trojan.Win32/Powessere.G / Detection Mitigation Bypass Part 3 February 21, 2024
    Posted by hyp3rlinx on Feb 20[+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: https://hyp3rlinx.altervista.org/advisories/MICROSOFT_WINDOWS_DEFENDER_TROJAN.WIN32.POWESSERE.G_MITIGATION_BYPASS_PART_3.txt [+] twitter.com/hyp3rlinx [+] ISR: ApparitionSec [Vendor] www.microsoft.com [Product] Windows Defender [Vulnerability Type] Windows Defender Detection Mitigation Bypass TrojanWin32Powessere.G [CVE Reference] N/A [Security Issue]...
  • 44CON 2024 September 18th - 20th CFP February 15, 2024
    Posted by Florent Daigniere via Fulldisclosure on Feb 1544CON is the UK&apos;s largest combined annual Security Conference and Training event. Taking place 18,19,20 of September at the Novotel London West near Hammersmith, London. We will have a fully dedicated conference facility, including catering, private bar, amazing coffee and a daily Gin O’Clock break.         _  […]
  • SEC Consult SA-20240212-0 :: Multiple Stored Cross-Site Scripting vulnerabilities in Statamic CMS February 14, 2024
    Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Feb 13SEC Consult Vulnerability Lab Security Advisory < 20240212-0 > ======================================================================= title: Multiple Stored Cross-Site Scripting vulnerabilities product: Statamic CMS vulnerable version: =3.4.17 CVE number: CVE-2024-24570 impact: high homepage: https://statamic.com/...
  • Stored XSS and RCE - adaptcmsv3.0.3 February 14, 2024
    Posted by Andrey Stoykov on Feb 13# Exploit Title: Stored XSS and RCE - adaptcmsv3.0.3 # Date: 02/2024 # Exploit Author: Andrey Stoykov # Version: 3.0.3 # Tested on: Ubuntu 22.04 # Blog: http://msecureltd.blogspot.com *Description* - It was found that adaptcms v3.0.3 was vulnerable to stored cross site scripting - Also the application allowed the […]
  • OXAS-ADV-2023-0007: OX App Suite Security Advisory February 14, 2024
    Posted by Martin Heiland via Fulldisclosure on Feb 13Dear subscribers, We&apos;re sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs for OX App Suite, Dovecot and PowerDNS at YesWeHack. This advisory has also been published at https://documentation.open-xchange.com/appsuite/security/advisories/html/2023/oxas-adv-2023-0007.html. […]

Customers

Newsletter

{subscription_form_1}