Business, Security

Leave decoys in your system to lure out threat actors

Brendyn Lotz

3rd July 2023

Attackers can spend 11 days and longer hidden in a network.
One way to catch them is to build traps into your systems that alert you to an attacker’s presence.
These traps can take the form of canaries, honey pots and other tools that may trick a hacker into revealing themselves.

Cybercriminals will often spend days and even weeks hiding inside a network, waiting for the moment to strike. Last year Sophos found that attackers dwell in a network for a median of 11 days.

During this time an attacker could gain deep insight into a company’s network and operations. This allows an attacker to perform further attacks by encrypting data and even extorting businesses by threatening to release sensitive information to the public.

One mitigation tactic that is under-utilised is cyber deception.

“Cyber deception uses decoys throughout system infrastructure to lure threat actors, detect suspicious activity and enable organisations to better understand their attack vectors. It enables organisations to not only proactively detect attackers, but also to learn about their actions before a system is actually compromised. This enables swift and decisive action to be taken to prevent a breach,” explains senior director for Commvault Africa, Kate Mollett.

In a white paper Commvault sponsored [PDF], it was discovered that nearly half of organisations it spoke to took two to seven days to fully recover from a successful ransomware attack. This means a loss in productivity, revenue and potential harm to your business.

By dropping lures in your network and sending attackers on a wild goose chase, damage could be mitigated. However, as with most infosec topics, skills are scarce when it comes to cyber deception.

“Currently, cyber deception is a vastly under-utilised tool in the fight against cybercrime, with less than a quarter (22%) of respondents in the Computing whitepaper indicating that their organisation had carried out cyber deception. One of the reasons for this is that the skills and expertise required to carry it out can be scarce,” explains Mollett.

Types of cyber deception used by some companies include fake phishing emails, honey pots and canary services in a bid to tempt attackers into making a move. Canary services such as Thinkst are wonderfully slick solutions that allow IT teams to drop “canaries” in the system that will trigger an alert when certain actions take place

This proactive approach can be useful but it requires careful planning and thought as a misstep could lead an attacker down a path you don’t want them on.

Very few companies are making use of deception but it could be a viable way to mitigate the damage caused during an attack. It may be worth chatting with your IT team and service provider to see if cyber deception is a viable solution for your business.

[Image – michael casanova from Pixabay]

About Author

Brendyn Lotz

Brendyn Lotz writes news, reviews, and opinion pieces for Hypertext. His interests include SMEs, innovation on the African continent, cybersecurity, blockchain, games, geek culture and YouTube.