The worst of all deceptions is self-deception
Goal: Identify susceptible individuals and gather information about ongoing phishing campaigns.
Approach: Launching controlled phishing campaigns with deceptive lures.
Conduct internal phishing campaigns with fake but believable phishing emails. Track who clicks on links, downloads attachments, or provides sensitive information. This reveals vulnerable individuals and gathers intelligence about attacker tactics.
Goal: Disrupt attacker communications by manipulating C2 protocols or introducing unexpected behavior.
Approach: Modifying C2 protocols or introducing anomalies to confuse attackers.
Modify existing C2 protocols or introduce subtle anomalies in communication patterns to confuse attackers, disrupt their tools, or trigger alerts. This can involve changing data formats, introducing delays, or injecting unexpected commands.
Goal: Disrupt attacker attempts to exfiltrate sensitive data by masking or altering its content.
Approach: Modifying sensitive data in transit to render it useless to attackers.
Implement mechanisms that dynamically alter or mask sensitive data as it is being exfiltrated. This can involve encryption, obfuscation, or even replacing the data with decoy information, rendering it useless to the attacker.
Goal: Redirect attacker exfiltration attempts to controlled channels or disrupt their operations.
Approach: Creating fake data channels that appear to be valuable exfiltration routes.
Set up fake network channels, storage devices, or cloud services that appear to be ideal for data exfiltration. Redirect attacker traffic to these channels to capture exfiltrated data, analyze their methods, or disrupt their operations.
Goal: Identify attackers attempting to exfiltrate data and gather information about their targets.
Approach: Creating and monitoring honeyfiles with enticing but fake data.
Plant “honeyfiles” – files with seemingly sensitive information – in locations where attackers are likely to search for valuable data. These files contain fabricated data, tracking mechanisms, or even trigger alerts upon access.