Deception has been used in war, law, sports, and gambling for millennia to create uncertainty and confusion in the adversary’s mind, which will delay and manipulate their efforts, and will influence and misdirect their perceptions and decision processes.
Military deception by definition “is intended to deter hostile actions, increase the success of friendly defensive actions, or to improve the success of any potential friendly offensive action.”
Cyber deception aligns with this definition and is based on planned, deliberate, and controlled actions designed to obfuscate the network. In turn, this influences the attacker to make a mistake, spend more time distinguishing real from fake, and makes the economics of the attack undesirable, thereby forcing the attacker to take actions that are beneficial to the defender’s security posture.
Cyber deception works by creating decoys that appear as production assets and are designed to be attractive to the adversary. This is paired with deception bait or lures that display as enticing credentials, applications, or data and will lead the attacker into engaging with the deception environment. The use of deception efficiently leads the attacker through the network, revealing motives, techniques, and intentions, which can be used for collecting adversary intelligence, generating actionable alerts, and accelerating incident response.
As with physical warfare, by using deceptive techniques, a cyber defender can mislead and/or confuse attackers, thus enhancing their defensive capabilities over time. The ability to deceive, direct, and guide the adversary away from critical assets, denies the attacker the ability to achieve his goals and reveals how he is able to move through the network. It also holds the benefit of increasing the attacker’s cost as they must now decipher what is real from fake and often have to restart their attacks over.