Hackers usually make their way into a network by gaining control of a single computer. From there they work their way into other areas of a network, looking mostly for higher-level access credentials or data to steal. To avoid being detected, hackers tend to use their first point of entry –the initial infected computer –in a way similar to how it is used, connecting only with computers with which it normally communicates, for example. A history of the computer’s regular activities can easily be located by searching its registry.
December 2015 revealed a widespread hacker attack that managed to hit several key defense computers around the world. Common to all infected computers is that they all belonged to the military or government officials in various countries in South East Asia. The hacker mislead them by using a commercial name MazeRunner. The company concerned with this popular game has released a free tool to the counter this menace.
The modus operandi is to use virtual technology to lure the hacker into a simulated environment. The technology is fully customizable and integrates seamlessly with existing security tools; enabling users to implement the dynamic tool to counter malware used by the hackers, in a flexible manner with existing enterprise systems and does not require manual activation.
Market research firm Gartner expects that by 2018, 10% of all enterprises will use deception tools and tactics, and actively participate in deception operations against attackers. Cymmetria Inc., an Israeli start-up whose software lures hackers into cyber traps within organizations’ networks has raised around $9 million, the latest sign that investors are flocking to one of cyber-security’s hottest trends: deceiving hackers and catching them red handed.
Another interesting aspect is the way in which Cymmetria used its deception tools. The overall idea of deception is not exactly new, but it has seen a renaissance in the last couple of years. In the past, “Honeypots” were mostly used by researchers to learn more about commodity attacks.
The Tel Aviv-based cyber-security firm makes decoy servers that simulate an organization’s real networks without jeopardizing operations or giving away real data. Cymmetria’s system, which can be installed on-site or used over the cloud, leverages this behaviour by leaving a false trail of “digital breadcrumbs” of day-to-day activities, like which servers are contacted and when. Once hackers follow those breadcrumbs, they get into a decoy server, where they are monitored effectively.
Mr. Gadi Evron, Cymmetria’s founder and CEO a veteran of Unit 8200, previously worked as vice president of cyber-security strategy at Moscow-based antivirus company Kaspersky Labs. Founded in 2014, Cymmetria currently employs 16 people in offices in Tel-Aviv and San Francisco.
With excerpts from WSJ
For More Information, Please contact: