Deception + Black Holes = Cleanliness

After my last post talking about how the time has come to put deception technology (previously known as honey pots) to active use in our regular cybersecurity arsenal, I had a lot of questions about use cases. In other words: "Just because we can, doesn't mean we should. So, WHY?"

First, let me start my applauding that skepticism, far too many tools are in play today, with far too many consoles and alarms. I am NOT a fan of buying the latest toy for the sake of the toy. So, WHY. What practical problem does deception address? Let's take a look at what happened with a customer's experience with ransomware.

So, a developer was troubleshooting a problem with their application. As a troubleshooting step, they disabled the security controls on the test machine. That didn't fix the problem, but instead of restoring the controls, they proceeded to download a utility to inspect the program. Said utility contained a Trojan (VoidCrypt - which was missed because of the previously described disabled controls). Needless to say, the malware wasted no time looking to spread. Because the deception decoys are promiscuous network members, they are quickly discovered by ransomware - this case being no different. When the malware hit the decoy, the decoy warmly welcomed the malware, and passed the fingerprint (pronounced SHA-256 hash) to the EDR platform, which then prevented its execution anywhere it was running and its removal everywhere, thereby thwarting the ransomware. The beauty of this whole thing is that the customer only heard about this during their quarterly security review.

This is how security SHOULD work. Instead, over 5,000 companies were impacted by ransomware in 2023 - thats over 13 companies every single day!! Clearly, something new is needed to address this pervasive threat. I humbly suggest it is time to look into deception technologies.