Computer viruses and malware are an unfortunate fact of life in today’s digital world – for individuals and companies alike. Threats of this type often present a consistent behavior that is repurposed for attacking individuals and companies. Any personal or business computer connected to the internet, whether directly or through a connected network, is in harm’s way and presents an entry point for malicious code and those looking to exploit vulnerabilities.
Combating this form of attack is challenging enough, but there are even more dangerous threats facing large companies and organizations. Called Advanced Persistent Threats (APTs), this article will explain what they are and how cyber security experts are using “deception technology” to defend against them.
What is an Advanced Persistent Threat?
An APT is an attack where an unauthorized user gains access to a computer or network, avoids detection and remains there for an extended period of time. The term was originally coined by the U.S. Air Force back in 2006. APTs are targeted and specifically designed to infiltrate one group or organization. The attackers study the target’s systems and security measures in order to gain access and are typically after sensitive data. They do not intend to damage the system directly, preferring to fly under the radar in order to steal as much information as they can over the longest period of time.
Typical steps of an Advanced Persistent Threat:
- Select a target company or organization
- Gather intelligence about the target, their systems and security measures
- Initiate the attack and gain access to the system
- Avoid detection
- Inject malware to allow remote command and control
- Escalate access credentials and privileges
- Explore the internal network computers and servers
- Find and identify valuable or sensitive data
- Gather and extricate the data
- Remove all traces of the attack or create “backdoors” allowing continued access to the system
Attackers often gain access using stolen credentials of employees or business partners obtained through phishing attacks and other illicit means. Sometimes a simple click by an unsuspecting email recipient is all it takes. Once behind the firewall the attacker’s intent is to explore, identify and avoid detection using sophisticated techniques. Encrypted malware communication, undetectable by common security filtering systems, is injected allowing remote access and control to the hacker. More sophisticated forms even monitor host activity to warn of possible detection.
The majority of current perimeter security systems are vulnerable to APT’s and this has led to a relatively new type of cyber defense known as “Deception Technology”.
What is Deception Technology?
Effective security and firewalls are a critical first line of defense, but IT departments understand that hackers can, and eventually will, find their way in. A technique known as Deception Technology is being refined to fight off targeted, malicious software attacks. Although the concept is not new, old methods are easily recognizable to cyber criminals and more advanced deception methods are now being employed.
If an attacker manages to invade a computer or system, the network will appear to contain real data. The idea is to lead hackers to what appears to be important corporate information and away from the company’s “real” assets. These camouflaged malware traps (often referred to as “honeypots”) are inserted into an organization’s systems or databases. The concept is simple. Since there is no reason for a legitimate user to make contact or communicate with the alternate reality of decoy traps, the security system will identify any attempt to engage them by an attacker. Once an attacker engages the decoy, the activity is immediately trapped for reporting and the prevention system is alerted of the infection.
Decoy malware traps are sophisticated enough to spot complex lateral-movement threats and halt them before the infection can spread. They do this by luring and diverting attacks as the traps look identical to a system’s real IT assets. The hacker will move around in the network while the defense system tracks every move. The attack is identified and halted via forensic analysis and the threat removed.
There are numerous deception technology products on the market and many companies use them to augment their standard perimeter security systems. By providing analysis and forensics of attacks that occur, these products also help defend against future attacks. The programs capture, catalogue, and analyze actionable information regarding the anatomy, type and time of an attack.
Deception Technology Enables Corporations to fight fire with fire
There are many benefits to this new and evolving methodology. Deception technology allows corporations to study the techniques of attackers and share important information with others. IT security teams gain knowledge about what they should prepare for and deception technology companies are able to introduce better security tools for specific types of threats. In some defense programs, false data is interspersed with real information and the attackers can’t be sure which elements are real.
Cyber security experts realize that advanced defensive programs need to evolve since attackers are using new tactics and tools every day. Fortunately, hackers aren’t perfect either and they’re vulnerable to state-of-the-art deception technology. While an attacker may be able to infiltrate a computer system by evading anti-virus controls and firewalls, it doesn’t mean an attack can be successfully accomplished.
If an attacker is faced with imaginary or false resources and system responses, the person may believe to have come across valuable information. In reality, they have been drawn away from the data they are seeking. When searching for an effective deception program it’s important that the system can gain actionable intelligence and insight by gathering information that defines and describes the attackers’ actions, methods, tendencies, and trends. This will allow you to effectively adjust your deception strategy to fight off a potential attacker.
The Benefits of Deception Technology – A Moving Target is Harder to Attack
A computer network’s infrastructure is harder to attack if it’s a moving target. Security professionals achieve this by changing infrastructure topologies, available resources and system addresses on a regular basis. Valuable data can be concealed in innocuous-looking files which divert attackers, trip security alarms and lead them to false intellectual data. Attackers are thrown off since they won’t see the same infrastructure more than once and they can be diverted and confused by false information. A good deception-technology program makes it more time-consuming, cost-prohibitive, and difficult for hackers to succeed.
Common features and benefits of Deception Technology techniques:
- Real time alerts when attacks are discovered
- Immediate detection of malware
- Deceives, detects and defends against complex threats
- Complete computer system analysis
- Identifies hackers’ techniques
- Tracks every move of an attack
- Seamlessly integrates into an existing computer network
- Reduced risk of economic and data loss as well as business interruption
- Fights fire with fire
Using Deception Technology – Takeaway
If an organization’s data is currently at risk to a cyber-attack it may be interested in installing a deception based security system to reduce this risk. A good program must be carefully designed for the company it is intended to protect and must evolve with ever-changing threats. It must be implemented with precision so the detection methods don’t damage or affect legitimate users of the computer system. It’s difficult to stop cyber criminals from breaching perimeters, but deception techniques can be effective in identifying, frustrating, misdirecting and eliminating attackers.
Share this Post