Israeli cybersecurity firm Cymmetria specialises in what it calls “cyber deception,” and it should scare hackers everywhere.
That’s because the firm’s technology — which tracks a hacker should they make one wrong move — is steeped in the idea that deception on the battlefield can be used in the digital space.
“Looking at this from [the perspective of a military], this particular solution scares us,” Gadi Evron, the CEO of Cymmetria, told Tech Insider. “Because it’s the only time we can imagine an attacker actually fearing getting caught.”
Militaries use deception operations like faked radio transmissions or “stolen” documents that lead their enemies into thinking they have the upper hand.
“All warfare is based on deception,” the Chinese military strategist Sun Tzu wrote.
Similarly, Cymmetria puts decoy virtual machines on its clients’ networks with real software and real information on them. They also leave “digital breadcrumbs” in other places like passwords and documents that might lead the hacker there to its platform, which is called MazeRunner.
The clients know the decoy servers and how they normally behave, so when an attacker finds it and starts using it, they will know something is up. The same goes for any of the breadcrumbs left, which a normal user on the network would never access.
A military unit might set up an ambush to take out its deceived enemy, but hackers who find Cymmetria decoys are neutralized and taken off the network — along with whatever tools and techniques they want to use later.
“If they choose the wrong one at any point in time and they use it, I immediately see them on my decoy,” Evron said. “And I get an alert and all their toolset so I can immediately mitigate them and kick them out.”
Evron, a veteran of Unit 8200 — Israel’s equivalent of the NSA — speaks often of the threat from advanced persistent threat actors, or APTs, which are typically backed by nation-states or organised criminal enterprises.
“There is a cost to getting caught,” he said.
That cost could potentially hit Evron’s old military unit, the NSA, China’s Bureau 121, or others, which have increasingly sparred in cyberspace. The joint US-Israeli “Stuxnet” cyberattack against Iran, for example, cost millions and took years of coding.
But what would have happened had that code been compromised by hackers who were deceived while trying to launch it?
“Stuxnet had code in it that was 12 years old,” Evron said. “Imagine running operations … for 12 years based on a single piece of code, and that piece of code has now been compromised and it’s being detected by every single antivirus.”
Cymmetria has plenty of competition in Tel Aviv, where it is based. Other startups like Illusive Networks Ltd. and TrapX Security Inc. boast of similar technologies to deceive hackers, and have raised plenty of investment capital to see if they are right.
But even if there are a bunch of different companies tricking hackers into making the wrong move, that’s not really a bad thing for the companies who are trying to protect themselves. Especially when hackers are typically loitering in their networks for up to 200 days before being discovered.
“We assume now the attacker is already inside the network,” Evron said. “They only need to succeed once. But the defender has to protect everything of course, all the time.”