The UK's National Cyber Security Centre (NCSC) is calling for industry comment on the use of cyber deception in cyber defense.
The center said it recognizes the potential value of using cyber deception technologies and techniques to support cyber defense in certain situations. And as a result, it's aiming to establish an evidence base for use cases on a national scale, in support of its Active Cyber Defence 2.0 initiative.
As a starting point, the NCSC sees two main use cases. The first is low-interaction solutions such as digital tripwires and honeytokens to alert organizations of all types to unauthorized access.
The second is both low-interaction and high-interaction honeypots to collect threat intelligence both at a large scale and as one-off instances, which it sees being deployed by organizations with mature security capabilities, as well as managed cyber security service providers.
"During discussions, it became clear that ‘deception’ has connotations which can be uncomfortable for some," the NCSC explained.
"It is important to acknowledge this, and although there are wider definitions of cyber deception in military and other contexts, they differ to the technology we are referring to here."
By tripwires, it means components and systems designed to detect a threat actor by interacting with them to disclose their unauthorized presence in an environment which include honeytokens.
Honeypots, meanwhile, it defines as "components and systems designed to allow a threat actor to interact with them, allowing observation of their techniques, tactics, and procedures (TTPs), as well as the capability and infrastructure they use – with the aim of collecting cyber threat intelligence".
Finally, breadcrumbs are described as digital artifacts distributed in a system that entice a threat actor to interact with a tripwire and/or honeypot.
The NCSC wants to see more honeypots and deception techniques
RELATED WHITEPAPER
The NCSC said it plans to collect existing evidence, but also to encourage the use of these techniques across the UK, including in government security operations and critical national infrastructure.
It's aiming for 5,000 instances on the UK internet of low and high interaction solutions across IPv4 and IPv6, 20,000 instances within internal networks of low interaction solutions, 200,000 assets within cloud environments of low interaction solutions and 2,000,000 tokens deployed.
There are three core research questions it aims to examine:
- How effective are deployments at supporting the discovery of latent compromises within organization estates
- How effective are deployments at supporting the enduring discovery of new compromises by threat actors
- Does knowledge of the presence of such technologies at a national level actually affect the behavior of threat actors?
Honeypots are already being deployed across the UK, allowing organizations to detect where cybercriminals are coming from, the level of threat, their preferred tactics, and the data or applications they're interested in - as well as how well existing cybersecurity measures are working.
Last year, for example, the National Grid said it was looking to award a £1 million contract for honeypot technology, and it's widely used by law enforcement.
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Five Eyes cyber agencies issue guidance on edge device vulnerabilitiesNews Cybersecurity agencies including the NCSC and CISA have issued fresh guidance on edge device security.
-
"Thinly spread": Questions raised over UK government’s latest cyber funding schemeThe funding will go towards bolstering cyber skills, though some industry experts have questioned the size of the price tag
-
State-sponsored cyber crime is officially out of controlNews North Korea is the most prolific attacker, but Russia and China account for the most disruptive and tightly-targeted campaigns
-
Modern enterprise cybersecuritywhitepaper Cultivating resilience with reduced detection and response times
-
IDC InfoBrief: How CIOs can achieve the promised benefits of sustainabilitywhitepaper CIOs are facing two conflicting strategic imperatives
-
The NCSC and FBI just issued a major alert over a state-backed hacker group – here’s what you need to knowNews State-affiliated attackers are targeting individuals via spear-phishing techniques, according to the NCSC
-
UK's data protection watchdog deepens cooperation with National Crime AgencyNews The two bodies want to improve the support given to organizations experiencing cyber attacks and ransomware recovery
-
NCSC Active Cyber Defence 2.0 refresh looks to tailor services to the security market and threat landscapeNews The NCSC plans to update its Active Cyber Defence program, introducing a refresh to keep the initiative up to date with the current threat landscape
