Lead Machine Pink 160x1200

Lead Machine Pink 160x1200

iTWire TV 705x108

Monday, 26 October 2020 23:44

Using fake data to protect against cyberattacks

Jim Cook, ANZ Regional Director Attivo Networks Jim Cook, ANZ Regional Director Attivo Networks

GUEST OPINION by Jim Cook, Attivo Networks:  Separating truth from fiction in these days of social media campaigns and so-called fake news can often be challenging. As a result, false data that appears valuable can influence people.

While such trends are a concern, deception can actually be a good thing for cybersecurity. Security teams are increasingly using fake data to deceive cybercriminals, thus helping the team protect IT infrastructures in new and innovative ways. 

The approach works because attackers usually don’t know the details of a network or have the privileges they need to steal or encrypt information. This lack of knowledge allows security teams to place false information in locations with the expectation that a criminal will access it, allowing the team to lure attackers away from critical assets and into the trap of a decoy.

By letting cybercriminals think they are getting what they’re looking for, defenders can lead them to a deception server that appears to contain the database, web server, application, or other assets that the adversaries were seeking.

Then, because the security teams have fooled the criminals into believing they have found the resources they want, they will continue their attack and hopefully reveal valuable details about themselves. The goal is to give attackers information that leads them to do what the security team wants them to do rather than what they are trying to achieve.

Making a ‘fake’ strategy work
Security teams need to take several steps to use fake information to lure and misdirect cybercriminals. The first is concealing the data, files, folders, and other assets that adversaries want so attackers can’t see them, but employees can readily access them. Along with the ability to deny access, this approach can be quite powerful. A cybercriminal cannot encrypt, erase, or steal that which they can’t find.

The second step involves strategically placing fake data that appears real within the network so that, as attackers attempt to access that data, the simulated data leads them into an environment where defenders can gather information on their tactics, techniques, and procedures.

Using fake data in this way, security teams can gather real data that will enable them to craft even more effective deceptions. Because they know more about the people attacking them, the team can better fortify their organisation’s security defences in the future.

One should remember that attackers often prioritise Active Directory assets in the hope of stealing administration-level credentials that can fascilitate their movement within an infrastructure. Placing a fake Active Directory server containing false credentials can lead to an attacker believing they have located what they were seeking. However, the moment they try to use those credentials, they generate an alert.

Simultaneously, if cybercriminals are looking for applications with known vulnerabilities to exploit, feeding them a fake application or web server when they scan the ports in question is likely to foil their plans. They may think they can utilise those vulnerabilities when, in reality, the security team is fooling them.

Adopting a strategy of planting fake data and resources within a network can be a powerful option for every size organisation. While it does not remove the need for perimeter protection, it adds a layer that can prevent cybercriminals from locating the assets they seek. Consider how you can use this strategy within your infrastructure. The result could be well worth the efforts.

Read 2283 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


The past year has seen a meteoric rise in ransomware incidents worldwide.

Over the past 12 months, SonicWall Capture Labs threat researchers have diligently tracked the meteoric rise in cyberattacks, as well as trends and activity across all threat vectors, including:

Encrypted threats
IoT malware
Zero-day attacks and more

These exclusive findings are now available via the 2022 SonicWall Cyber Threat Report, which ensures SMBs, government agencies, enterprises and other organizations have the actionable threat intelligence needed to combat the rising tide of cybercrime.

Click the button below to get the report.



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


Staff Writers

Our Staff Writers and Guest Writers contribute content to iTWire each day and they are available asset to the team. If you want to be a staff writer please contact us.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News