Militaries have been using deception for millennia. Cybercriminals use it every day. But cybersecurity vendors are fighting back. Robert Scammell talks to Attivo Networks CTO Tony Cole to find out how military-inspired traps are snaring cyber threats before they get a chance to attack.
During World War II, a ghost army fooled Adolf Hitler. A travelling roadshow of inflatable tanks, cannons and airplanes, largely manned by actors and artists, impersonated the Allied Army near the front line. Doing this drew attention away from the US troops, spreading the German forces thin and giving the Allies a tactical advantage.
History is full of such military deceptions: from Genghis Khan’s trick formation against the Romans, to King Harald Hardrada hiding inside a coffin to gain entry to an enemy castle.In the present day, scores of cyber criminals use deception every day to steal, disrupt and damage.According to the FBI’s internet crime division, deceptive email-based social engineering attacks are the most prominent form of cybercrime.
They have even claimed the Trojan Horse – the most famous example of military deception that probably never happened – as their own to describe malware that fools you into granting access.
But increasingly, the art of deception is being deployed against them, redressing the balance on the cyber battleground.
“Deception has worked in physical battles for many millennia for militaries,” says Tony Cole, CTO at Attivo Networks, a US cybersecurity firm offering deceptive technologies to lure cybercriminals.
“Some of the most successful battles were won through the use of deception. Sports teams use deception on a daily basis to try and win games.”
“We are doing the exact same thing. We are creating many of these alluring pieces inside of the [company’s digital] environment so that it looks interesting to an adversary.”