The worst of all deceptions is self-deception
Goal: Gather information about attacker activity by planting fake system logs.
Approach: Creating and placing misleading system logs to attract attacker attention.
Create fake system logs that indicate suspicious activity, failed login attempts, or successful privilege escalations. Place these logs in locations where attackers are likely to search for evidence of compromise.
Goal: Identify attackers attempting to exfiltrate data and gather information about their targets.
Approach: Creating and monitoring honeyfiles with enticing but fake data.
Plant “honeyfiles” – files with seemingly sensitive information – in locations where attackers are likely to search for valuable data. These files contain fabricated data, tracking mechanisms, or even trigger alerts upon access.
Goal: Gather information about attacker activity by embedding deceptive metadata in multimedia files.
Approach: Hiding misleading or enticing information within metadata fields.
Embed deceptive metadata within multimedia files, such as images, videos, or audio recordings. This metadata can contain false information, misleading clues, or even links to honeypots or decoy websites.
Goal: Track the dissemination of sensitive documents and identify potential leaks.
Approach: Embedding hidden watermarks in documents to track their movement.
Embed hidden watermarks within documents that reveal themselves only under specific conditions or when accessed by unauthorized parties. These watermarks can contain tracking information, decoy data, or even trigger alerts upon discovery.
Goal: To detect and mitigate insider threats using deceptive techniques.
Approach: Detecting malicious activities by insiders using deception.
This element involves deploying deception assets and techniques to detect and deter malicious insiders. It may include creating fake files, documents, or credentials that are designed to attract insider attention.