Wednesday, February 10, 2016

Deception: Shine Bright Like a Diamond


German Summary: Projektpläne, Designs, Kundendaten: Die Kronjuwelen eines jeden Unternehmens gehören vor Cyberkriminellen unter allen Umständen versteckt – oder? Werfen Sie den Ködern aus, denn jetzt täuschen die Guten! Deception („Täuschung“) lautet der neue Cyber-Security-Ansatz, der nach Schätzungen des renommierten Marktforschungsunternehmens Gartner bereits 2018 in rund 10 % aller Unternehmen zum Einsatz kommen wird. Virtuelle Fallen – täuschend echte Netzwerk-Kopien – ermöglichen es, böswillige Hacker auf Schritt und Tritt zu beobachten und sogar bis zu den Hintermännern auszuforschen. Gleich vorweg: Das wird ein großer Fang für Ihre Cyber-Security-Strategie. 


Project plans, designs, customer data: The crown jewels of every company must be hidden from cyber criminals – right? Lay out the bait, it is time to turn the tables and deceive! “Deception” is a new cyber security approach, which well-known market researcher Gartner estimates will be used by 10 percent of all companies by 2018. Let’s say this right away: This is going to be a big catch for your cyber security strategy.
The deception approach uses an old but still upright strategy when it comes to cyber criminality: deceiving. Well, not without a reason “Trojans” are called that way – an allusion to the Trojan horse. Of course, hackers don’t infiltrate it-systems with wooden horses (duh), but with phishing emails, man-in-the-middle attacks and many more. The worst part is: it works because the attacks become more professional every day. An expensive experience, the international aviation industry supplier FACC just made: More than 50 Million Euro were stolen trough a man-in-the-middle attack. The regular process: First, you enter the company network, then you keep track of the communication and finally you get in contact claiming to be one of the company partners, customers or employees. That is how the hackers were able to have FACC arrange money transfers to different foreign bank accounts.

But, what if the hackers were getting false information? When you decide, what an invader can see? Under such circumstances, FACC surely would have been able to prevent that attack (and the loss of a lot of money).

Deception: Fighting a Hacker with his own weapons

Lay out the bait – then we are not talking about passive firewalls and antivirus programs anymore. Deception solutions fight hackers actively with their own weapons. Many technologies, like the modern honeynet CyberTrap from SEC Consult, lure cyber criminals into a highly secured, isolated and controllable trap, disguised as a deceptively genuine looking network. This may sound like a traditional honeypot but it’s far more, the deception solution does everything automatically, so no need for cost-intensive manual creation and management of network copies. In addition, it detects and documents every attack instantly, so no loss of valuable time or important information.

So let’s pretend: Our hacker believes, that he successfully infiltrated our company network. He can literally see the treasure right in front of him - so he starts spreading in the network, leaving backdoors. Well, too bad for him it’s just a trap. But now the show can begin (getting a little bit dramatic over here). We can follow every step our hacker’s taking – till he’s tilting because there is no promised treasure to be found. But that’s not our goal, our goal is to keep the attacker in the trap as long as possible by providing him with small bits of non-relevant information. We not only distract him from his actual goal, but also get to know his behaviour, tools, goals and intentions. What are the motives, tools and goals? How did he get into the system? What kind of backdoors did he install? Who are the clients?  

Knowing those answers is our big catch, our treasure of valid data for a steady cyber security strategy. Thus, appropriate and sustainable security measurements can be installed to strengthen the network against future attacks. With this, companies set a high security-bar, making efforts of cyber criminals uneconomic. Therefore, deception solutions like CyberTrap are an ideal addition to the scope of a multi-layer-cyber protection.