Effective cyber deception must create an air of plausibility and present a diversity of information, according to a security researcher, but the technique is far from a fail-safe approach to protecting valuable data.
“Like in war, deception works,” Matan Hart, the CEO of security startup Cymptom, told Fifth Domain during the Black Hat conference in Las Vegas.
Examples of cyber deception technologies include honey pots, creating fake administrator accounts, and placing fake information into real data lists.
Roughly 10 percent of enterprises use some form of deception technology, Hart said, but most governments and military contractors do not purchase commercial deception technologies because the methods can be easily reverse engineered. Instead, these firms simply create their own spoofing methods in house. Notably, however, during French leader Emmanuel Macron’s presidential campaign in 2017, his technology team created fake email accounts and documents in anticipation they would be hacked.
Hart said effective cyber deception technology must balance risk with authenticity.
He described how to spot fake administrator accounts by closely inspecting the administration’s privileges, allowing an attacker to identify the fake account.
Current deception technologies can also lead to fake LinkedIn pages of network administrations if hackers try and use open-source methods to confirm the data. Many deception technology firms hire hackers themselves to strengthen their product. But he warned that deception technologies are not foolproof.
"Deception cannot really deflect the best attackers,” Hart said. “The most sophisticated nation states and the huge groups with large budgets will take the time and find the bait.”