Cutting-Edge Deception Strategy: The Role of Deception Technology in the Evolving Threat Landscape

Joint session with Paramount on Cutting-Edge Deception Strategy at Fal.Con 2024

Threat actors are continuing to gain sophistication and stealth, with 2024 seeing an escalation in the magnitude and impact of breaches. Recent research from the CrowdStrike Threat Hunting Report 2024 highlights the increase in living off the land exploits, insider threats, identity compromise, and cloud-specific threats as modern adversaries evolve to bypass traditional security solutions.

At Fal.Con 2024, from September 16-19 in Las Vegas, Arsen Darakdjian, Senior Vice President of Global Cybersecurity from Paramount, will join me in a breakout session to discuss how technological innovations in deception technology are defending against these evolving threats.

Evolving threat landscape:

Adversaries have refined their attack techniques to skillfully bypass traditional security measures, exploiting specific gaps in our defenses. Here’s a breakdown of how they’re achieving success:

• Identity Compromise: Attackers are using stealthy methods to infiltrate networks through legitimate access points. Techniques include exploiting cached credentials, targeting service accounts like Kerberoasting, and launching attacks against third-party synchronization agents. This allows them to perform lateral movements undetected within an organization.
• Living Off the Land: Instead of deploying external malware, adversaries are turning to built-in tools within operating systems for their malicious activities. By abusing administrative tools meant for server and workstation management, they can blend in with normal system operations, making their detection significantly more challenging.
• Targeting Unmanaged Endpoints: Over 25% of attacks now originate from devices that are not regularly monitored by IT security, such as printers, cameras, legacy equipment, and medical devices. The absence of adequate security measures on these endpoints makes them especially vulnerable to exploitation.
• Insider Threats: There is a noticeable increase in insider threats, where adversaries incentivize insiders to facilitate network breaches, often through financial rewards. The FAMOUS CHOLLIMA threat group, for example, targeted over 100 companies in 2024 by exploiting insiders who had legitimate access to critical enterprise resources, as highlighted in the recent CrowdStrike Threat Hunting Report.
• Cloud-Conscious Threats: Cloud environments have become a significant target, with a 75% increase in cloud intrusions observed in 2024. Many cloud-native workloads cannot be adequately protected by traditional agent-based security solutions, complicating the detection of such threats. Adversaries are leveraging capabilities unique to cloud environments (such as the abuse of Cloud IAM accounts) to gain unauthorized access to cloud resources.

Defensive Strategies:

Adopting a defense-in-depth approach is essential, combining preventive measures with layered detection to mitigate various threats effectively.

The Role of Cyber Deception:

Cyber deception is a strategic measure that proves highly effective in detecting threats early within the kill chain. This approach is fundamentally agnostic to attacker Tactics, Techniques, and Procedures (TTPs), ensuring visibility into threats that typically bypass traditional detection layers. By integrating deception technology with existing security solutions, defense teams can enhance their awareness and response to a broad spectrum of threats.

The advancement of AI and cloud computing technologies has revolutionized deception platforms, streamlining their usability and scalability. Acalvio’s cutting-edge innovations in deception technology leverage these advancements, allowing for seamless integration with CrowdStrike. This integration simplifies the deployment and management of deception tactics, making it easier for CrowdStrike customers to adopt these advanced defensive measures. Acalvio’s solutions provide a robust framework that significantly boosts the detection capabilities within an organization’s security posture, ensuring early and accurate threat identification.

Joint Session at Fal.Con 2024:

I invite you to join Arsen and me at the Fal.Con session on September 19^th to learn more about the role of cyber deception and the use cases that are driving value at Paramount and other large enterprises.