From childhood, we were taught never to lie. Deception is bad and cheaters never win.
But what happens when your opponent is blatantly using deception to tip the odds in their favor? At what point must you adapt to level the playing field and have a fighting chance at beating your opponent? Barton Whaley once wrote that “In combat, deception can strengthen the weaker side. Moreover, when all other factors are equal, the more deceptive player or team will always win.” This situation is the epitome of reality when applied in the world of cyber warfare.
Cybercriminals use deception to trick users into clicking on phishing emails, accidentally downloading malware, and inadvertently sharing login credentials. They also use tactics to keep their presence hidden below the noise level so that they can continue to quietly escalate their attacks. On the other hand, cyber defenders have tried to win the game by pursuing these adversaries by looking at behaviors and logs to assess anomalous behavior. Essentially, they are reacting to actions taken, learning from them, and then pursuing their opponent with the intelligence and forensic evidence they can gather. It is a time-intensive process that also requires the security team to have to cull through and correlate attack information, which in many cases can also be infused with false-positive data.
Read the full article in Cyber Security Magazine.