Decoy system diverts hackers from critical infrastructure
Scientists at the Pacific Northwest National Laboratory have created a cybersecurity technology designed to stop hackers from damaging critical infrastructure networks by luring them instead into an artificial world and feeding them false signals of success.
Shadow Figment is based on honeypots, which attract hackers by providing what appears to be an easy target so cybersecurity researchers can study the attackers’ methods.
PNNL’s technology uses a machine learning enhanced honeypot that learns from observing the real-world operational-technology system where it is installed. It responds to an attack by sending signals that indicate that the system under attack is responding in plausible ways. This “model-driven dynamic deception” is much more realistic than a static decoy, PNNL officials said in a recent release.
The strategy is to keep attackers engaged, “giving our defenders extra time to respond,” said Thomas Edgar, a PNNL cybersecurity researcher who led the development of the technology.
In cyber-physical systems supporting critical infrastructure, the number of potential targets — such as valves, controls, pumps, sensors, chillers and so on — is practically limitless. Hackers inserting false data into a single system could trigger safety procedures that shut down power and water distribution.
Shadow Figment creates interactive clones of operational technology systems that behave just as experienced operators and cyber criminals would expect. If a hacker turns off a fan in a server room in the artificial world, PNNL officials said, the program would respond realistically by signaling that air movement has slowed and the temperature is rising. The ruse would hopefully keep bad actors engaged with the mirror system where they can do no harm.
“Even a few minutes is sometimes all you need to stop an attack,” Edgar said. “But Shadow Figment needs to be one piece of a broader program of cybersecurity defense. There is no one solution that is a magic bullet.”
“This cybersecurity tool has far-reaching applications in government and private sectors—from city municipalities, to utilities, to banking institutions, manufacturing, and even health providers.” said Kannan Krishnaswami, a commercialization manager at PNNL.
Read the original article on GCN.
Free Active Directory Assessment
Get Visibility Into Privilege And Service Account Exposure
For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.
Try Our Endpoint Detection Net (EDN) for Free
FAST AND EASY
Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.
ADSecure 90-Day Free Trial
GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY
- Hide and deny access to AD objects
- Get alerted on unauthorized queries
- Attack details easily viewable in dashboard
- Your data remains on-premise