Deception: what it is, how it works and why it is essential for cybersecurity
Estimated reading time: 6 minutes
Deception: what is it and what is it for?
Cyberdeception, also known as “decemption“, is an emerging cybersecurity technique that is increasingly popular among companies. In this article we will see in detail what it is, how it works and what advantages it offers for protection against advanced cyber threats.
What is deception?
Cyberdeception or “decemption” is the deliberate distribution of false information within a system to deceive a potential attacker. The goal is to confuse and distract the cybercriminal, making him waste precious time and hindering his activity.
It is a proactive cyber defense technique that allows you to trace and study the behavior of the intrusion, to then respond and neutralize the threat. The principle is to mislead the hacker, exploiting social engineering techniques in reverse.
Instead of protecting real information, deception creates fake resources – files, networks, services – that look real. The attacker ends up hitting decoys and traps that reveal his intentions and allow him to be stopped before he reaches critical assets.
How computer science works
The implementation of the deception takes place through specific tools and technologies that allow the distribution of false information within the IT infrastructure. These fake resources are monitored for any unauthorized access attempts.
Fake resources are created such as fake file servers, fake databases, fake web pages, fake directory services, fake login credentials. These traps attract the attention of the hacker who ends up wasting valuable time trying to access them.
Alarms and alerts
Each interaction with the fake resources immediately generates an alert that signals the intrusion in progress. Deception tools are able to classify the threat level and provide an automatic response.
Deceptive traps allow you to monitor the attacker’s behavior in real time, gathering valuable information on the techniques used and on the objectives.
Speed of response
Once a potential intrusion has been identified, the deception platform is able to respond immediately, for example by isolating the compromised system or the suspicious IP by blocking traffic.
What advantages does computer science offer?
The use of deception techniques has several advantages to raise the level of cybersecurity of an organization:
- Early detection of threats: Traps allow you to detect any attacks in progress early, before they reach your valuable assets.
- Proactive protection: deception allows you to switch from a reactive to a proactive posture, deceiving the attacker and hindering his activity.
- Analysis of attack techniques: by monitoring the traps it is possible to gather valuable information on the tactics, techniques and procedures (TTPs) of the cybercriminal.
- Better resource allocation: Rapid detection of the threat allows you to optimize the use of resources for the response, avoiding unnecessary “treasure hunts”.
- Effectiveness against advanced threats: the detection allows to detect and block even never seen before attacks, very sophisticated and without a signature.
- Integration with other defenses: Deception techniques can integrate seamlessly with firewalls, antivirus, intrusion detection systems (IDS), and more.
- Low costs: implementing deception requires a relatively low investment in economic terms, especially considering the benefits.
Use cases of deception
Deception can be effectively employed in several use cases, including:
Protection of critical assets
By creating deceptive traps around servers, databases, business critical applications, it is possible to immediately identify any targeted attacks and protect these assets.
Detection of internal attacks
Deception techniques allow you to quickly identify unauthorized access and anomalous activity by compromised internal users.
Securing OT and IoT environments
In industrial environments with industrial control systems (OT) and the Internet of Things (IoT) the decision adds an extra layer of security.
Response to advanced incidents
In the event of advanced breaches already underway, deception techniques can effectively support containment and response activities.
Cloud and virtualized environments
The dynamic and distributed nature of the cloud and virtual data centers makes security complex: deception can fill gaps and vulnerabilities.
Deception tools: Honeypot, Honeytoken, Honeyfile
Some specific tools are used to distribute false information and implement IT deception, including:
These are trap systems designed to attract attackers by making them believe that they are real resources of the information system. A honeypot simulates services and vulnerabilities to monitor and study attack techniques.
Fake information such as bogus credentials, invalid API keys, trap passwords. They are scattered throughout the system to be monitored and detect unauthorized access.
Inauthentic files placed as decoys to attract attackers and monitor their behavior. They can also contain malicious code to “infect” anyone who tries to use them without permission.
Deception: an insight into the techniques
To understand in more detail the functioning of IT deception, let’s analyze some of the main techniques used.
Creating fake services
Fake services, such as a fake FTP server or a fake LDAP directory service, can be deployed on the network to attract the attacker’s attention. These will try to interact with you by revealing their intentions.
Generating false errors
During the intrusion, false error messages can be generated to confuse the attacker and induce him to waste precious time. For example a fake “file not found” or “permission denied”.
Creation of honeyfiles
As mentioned, honeyfiles are trap files designed to lure in attackers. They can be named catchy, like “password.txt” or “credit card data.xlsx”. Logging in reveals the intrusion.
The deception platform can replicate and mirror real network traffic to confuse the attacker as to which resources are genuine.
By subtly altering data such as usernames, IP addresses, domain names, it is possible to trick the hacker into making revealing mistakes.
Honeytokens in technology stacks
Honeytokens can be introduced into various layers of the technology stack: fake user accounts, fake API keys, invalid cloud credentials.
Decoy document injection
It consists of introducing decoys into systems in the form of false documents containing malicious code. Running the code helps detect and track the intrusion.
Deception techniques can be applied dynamically by continuously changing the attack surface to confuse the opponent.
Conclusion: why deception is critical today
In a constantly evolving threat landscape, with increasingly sophisticated attacks, perimeter protection alone is no longer enough. Cyber awareness represents a new indispensable level of defense.
By proactively deceiving adversaries, intrusions can be detected early and responded to quickly, before damage occurs. Deception tools allow you to acquire superior threat intelligence on the enemy to adapt your defenses.
The Active Defense Deception service of the Secure Online Desktop, integrating deception techniques with threat hunting and threat intelligence, can significantly raise the level of security of a company against the most advanced threats.
- CIS Controls and Vulnerability Assessment: practical guide to adopting best practices
- Kerberoasting: a threat to cybersecurity and how to mitigate it with Security Posture analysis
- Protect Your Business: Antivirus vs. SOC Service with EDR and Next Generation Antivirus (NGA)
- CSIRT and SOC: Differences between incident management and security monitoring
- Security posture analysis: Complete guide to strengthening cybersecurity
- Deception vs EDR: What’s the Best Threat Defense Strategy?
- Deception: Tricking Hackers to Secure Your Network
- Active Defense Deception: cybersecurity that beats hackers with their own weapons
- Backup as a Service (17)
- Cloud Conference (3)
- Cloud CRM (1)
- Cloud Server/VPS (22)
- Conferenza Cloud (4)
- ICT Monitoring (5)
- Log Management (2)
- News (21)
- ownCloud (4)
- Privacy (7)
- Secure Online Desktop (14)
- Security (189)
- Web Hosting (15)
- When It Comes to Email Security, The Cloud You Pick Matters September 25, 2023While cloud-based email offers more security than on-premises, insurance firms say it matters whether you use Microsoft 365 or Google Workspace.
- Xenomorph Android Malware Targets Customers of 30 US Banks September 25, 2023The Trojan had mainly been infecting banks in Europe since it first surfaced more than one year ago.
- MOVEit Flaw Leads to 900 University Data Breaches September 25, 2023National Student Clearinghouse, a nonprofit serving thousands of universities with enrollment services, exposes more than 900 schools within its MOVEit environment.
- UAE-Linked 'Stealth Falcon' APT Mimics Microsoft in Homoglyph Attack September 25, 2023The cyberattackers are using the "Deadglyph" custom spyware, whose full capabilities have not yet been uncovered.
- The Hot Seat: CISO Accountability in a New Era of SEC Regulation September 25, 2023Updated cybersecurity regulations herald a new era of transparency and accountability in the face of escalating industry vulnerabilities.
- Cyber Hygiene: A First Line of Defense Against Evolving Cyberattacks September 25, 2023Back to basics is a good start, but too often security teams don't handle their deployment correctly. Here's how to avoid the common pitfalls.
- Don't Get Burned by CAPTCHAs: A Recipe for Accurate Bot Protection September 25, 2023Traditional CAPTCHAs, such as reCAPTCHA, no longer protect online businesses adequately. Real users hate them. Bots bypass them. It's time to upgrade.
- ASPM Is Good, but It's Not a Cure-All for App Security September 23, 2023What application security posture management does, it does well. But you'll still need to fill in some holes, especially concerning API security.
- Recast Software Acquires Liquit, Consolidating the Endpoint and Application Management Markets September 22, 2023
- ClassLink Provides Cybersecurity Training Course to Help Schools Protect Public Directory Data September 22, 2023
- [tool] WatchGuard Firebox Web Update Unpacker September 25, 2023Posted by retset on Sep 25A small utility for extracting file system images from "sysa-dl" update files. https://github.com/ret5et/Watchguard_WebUI_Unpacker
- APPLE-SA-2023-09-21-6 macOS Ventura 13.6 September 23, 2023Posted by Apple Product Security via Fulldisclosure on Sep 22APPLE-SA-2023-09-21-6 macOS Ventura 13.6 macOS Ventura 13.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT213931. Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. Additional CVE entries coming soon. Kernel Available for: macOS […]
- APPLE-SA-2023-09-21-7 macOS Monterey 12.7 September 23, 2023Posted by Apple Product Security via Fulldisclosure on Sep 22APPLE-SA-2023-09-21-7 macOS Monterey 12.7 macOS Monterey 12.7 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT213932. Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. Additional CVE entries coming soon. Kernel Available for: macOS […]
- APPLE-SA-2023-09-21-5 watchOS 9.6.3 September 23, 2023Posted by Apple Product Security via Fulldisclosure on Sep 22APPLE-SA-2023-09-21-5 watchOS 9.6.3 watchOS 9.6.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT213929. Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. Kernel Available for: Apple Watch Series 4 and later Impact: A […]
- APPLE-SA-2023-09-21-4 watchOS 10.0.1 September 23, 2023Posted by Apple Product Security via Fulldisclosure on Sep 22APPLE-SA-2023-09-21-4 watchOS 10.0.1 watchOS 10.0.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT213928. Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. Kernel Available for: Apple Watch Series 4 and later Impact: A […]
- APPLE-SA-2023-09-21-3 iOS 16.7 and iPadOS 16.7 September 23, 2023Posted by Apple Product Security via Fulldisclosure on Sep 22APPLE-SA-2023-09-21-3 iOS 16.7 and iPadOS 16.7 iOS 16.7 and iPadOS 16.7 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT213927. Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. Additional CVE entries coming soon. […]
- APPLE-SA-2023-09-21-2 iOS 17.0.1 and iPadOS 17.0.1 September 23, 2023Posted by Apple Product Security via Fulldisclosure on Sep 22APPLE-SA-2023-09-21-2 iOS 17.0.1 and iPadOS 17.0.1 iOS 17.0.1 and iPadOS 17.0.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT213926. Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. Kernel Available for: iPhone XS […]
- APPLE-SA-2023-09-21-1 Safari 16.6.1 September 23, 2023Posted by Apple Product Security via Fulldisclosure on Sep 22APPLE-SA-2023-09-21-1 Safari 16.6.1 Safari 16.6.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/kb/HT213930. Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent software updates with security advisories. WebKit Available for: macOS Big Sur and Monterey Impact: Processing web […]
- Advisory X41-2023-001: Two Vulnerabilities in OPNsense September 23, 2023Posted by X41 D-Sec GmbH Advisories via Fulldisclosure on Sep 22Advisory X41-2023-001: Two Vulnerabilities in OPNsense =========================================================== Highest Severity Rating: High Confirmed Affected Versions: 23.1.11_1, 23.7.3, 23.7.4 Confirmed Patched Versions: Commit 484753b2abe3fd0fcdb73d8bf00c3fc3709eb8b7 Vendor: Deciso B.V. / OPNsense Vendor URL: https://opnsense.org Credit: X41 D-Sec GmbH, Yasar Klawohn and JM Status: Public Advisory-URL:...
- SEC Consult SA-20230918-0 :: Authenticated Remote Code Execution and Missing Authentication in Atos Unify OpenScape September 18, 2023Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Sep 18SEC Consult Vulnerability Lab Security Advisory < 20230918-0 > ======================================================================= title: Authenticated Remote Code Execution and Missing Authentication product: Atos Unify OpenScape Session Border Controller Atos Unify OpenScape Branch Atos Unify OpenScape BCF vulnerable version: OpenScape SBC...
Estimated reading time: 6 minutes L'impatto crescente delle minacce informatiche, su sistemi operativi privati op… https://t.co/FimxTS4o9G
Estimated reading time: 6 minutes The growing impact of cyber threats, on private or corporate operating systems… https://t.co/y6G6RYA9n1
Tempo di lettura stimato: 6 minuti Today we are talking about the CTI update of our services. Data security is… https://t.co/YAZkn7iFqa
Estimated reading time: 6 minutes Il tema della sicurezza delle informazioni è di grande attualità in questo peri… https://t.co/tfve5Kzr09
Estimated reading time: 6 minutes The issue of information security is very topical in this historical period ch… https://t.co/TP8gvdRcrF