Intrusion Detection Through Cyber Deception: Disrupting Attacks With an Active Defense
We should do our best to ensure our network and pipeline perimeters are secure and make it hard for attackers to gain access. However, the reality is that intruders will stop at nothing to gain access, as evidenced by the Uber, CircleCI, and Dropbox breaches, just to name a few.
Common to all of those incidents was the attacker’s behavior once they were inside. Each time they quickly found and exploited hardcoded credentials, giving them further access. Since we know this is something attackers do time after time, it is time to turn this behavior against them by engaging in some blue team cyber deception and start planting honeytokens in our environments.
The idea of deception is not a new one, nor one limited to the field of cybersecurity. Deception is simply leading someone to believe something that is not true, typically in order to gain some personal advantage. This is something robots have been doing for millions of years, according to some legends. Deception has been around in human history for a long time, too; in the 5th century BC, Sun Tzu said in The Art Of War, “all warfare is based on deception.”