Services Industries Cloud Cybersecurity Digital EngineeringNXT HOLMES Geographies

Service Offerings

Data, Analytics & AI
Applications
Digital Operations and Platforms
Consulting
Infrastructure Services

Client Themes

As a Service
Big Data
Blockchain
Cyber Security & Enterprise Risk
DevOps
Enterprise Ops Transformation
Industry 4.0
Open Source
Product Lifecycle Management
Software Defined Everything

Service Offerings

Data, Analytics & AI
Applications
Digital Operations and Platforms
Consulting
Infrastructure Services

Client Themes

As a Service
Big Data
Blockchain
Cyber Security & Enterprise Risk
DevOps
Enterprise Ops Transformation
Industry 4.0
Open Source
Product Lifecycle Management
Software Defined Everything
Aerospace & Defense
Automotive
Banking
Capital Markets
Communications
Consumer Electronics
Consumer Packaged Goods
Education
Engineering, Construction & Operations
Healthcare
Insurance
Medical Devices
Natural Resources
New Age Markets
New Age & Media
Network & Edge Providers
Oil & Gas
Pharmaceutical & Life Sciences
Platforms & Software Products
Industrial & Process Manufacturing
Professional Services
Public Sector
Retail
Semiconductors
Travel & Transportation
Utilities
Aerospace & Defense
Automotive
Banking
Capital Markets
Communications
Consumer Electronics
Consumer Packaged Goods
Education
Engineering, Construction & Operations
Healthcare
Insurance
Medical Devices
Natural Resources
New Age Markets
New Age & Media
Network & Edge Providers
Oil & Gas
Pharmaceutical & Life Sciences
Platforms & Software Products
Industrial & Process Manufacturing
Professional Services
Public Sector
Retail
Semiconductors
Travel & Transportation
Utilities
Case Study
Latest Thinking
Solutions
Segments
Offerings
videos
Form
Case Study
Latest Thinking
Solutions
Segments
Offerings
videos
Form
Case study
Latest Thinking
Offerings
Solutions
Form
videos
Case study
Latest Thinking
Offerings
Solutions
Form
videos
Case Study
Latest Thinking
Our Partners
News
Events
Join our Team
Get in Touch
Digital
Case Study
Latest Thinking
Our Partners
News
Events
Join our Team
Get in Touch
Digital
Latest Thinking
Case Study
Offerings
Segments
Solutions
videos
Form
Latest Thinking
Case Study
Offerings
Segments
Solutions
videos
Form
HOLMES™ and Automation Ecosystem
Latest Thinking
Case study
Solutions
Awards, Recognitions & Media
What makes us Different
What?
Why?
How?
Form
videos
Business
IT
Automation Advisory
Representative Applied AI use cases of HOLMES with ecosystem
Business resilience with Wipro HOLMES™ solutions for pandemic assistance
HOLMES™ and Automation Ecosystem
Latest Thinking
Case study
Solutions
Awards, Recognitions & Media
What makes us Different
What?
Why?
How?
Form
videos
Business
IT
Automation Advisory
Representative Applied AI use cases of HOLMES with ecosystem
Business resilience with Wipro HOLMES™ solutions for pandemic assistance

Our Global Presence

Our Showcase Pages Continental Europe View office locations Benelux Nordic Dach France
Our Showcase Pages India & Middle East View office locations India Middle East
Our Showcase Pages India View office locations India English
Our Showcase Pages Asia - Pacific View office locations Asean Korea China Australia Japan (English    Japanese) Taiwan
Our Showcase Pages Africa View office locations Africa
Our Showcase Pages United Kingdom & Ireland View office locations United Kingdom & Ireland
Our Showcase Pages Canada View office locations Canada
Our Showcase Pages United States View office locations United States
Our Showcase Pages Latin America View office locations Brazil (English    Portuguese) Latam > Mexico (English    Spanish)

Our Global Presence

geographies-map.png

Our Showcase Pages

Asean- English
China- English
India- English
Middle East- English
Korea- English
Australia- English
Japan- English
Japan- Japanese
Benelux- English
DACH- English
France- English
Nordic Region- English
United Kingdom & Ireland- English
Brazil- English
Brazil- Portuguese
LATAM- English
Mexico- English
Mexico- Spanish
Africa- English
United States- English
Canada- English
< Nitin Gopinathan

Deception - Could it have helped contain WannaCry?

Services
Industries
Cloud
Cybersecurity
Digital
EngineeringNXT
HOLMES
Geographies
Contact Us
About Wipro
Careers
Locations
Leadership
Investors
Innovation
News & Events
Blogs
Analyst Speak
Products & Platforms
Partner Ecosystem
Sustainability

May | 2017

In the highly regarded military treatise "The Art of War" written in 5th century BC, Chinese military strategist Sun Tzu proclaimed - "All war is based on deception". It is surprising then, how in the ever present and ever escalating cyber-war, deception techniques have still not gained prominence. Security technologies have over time evolved from being reactionary in nature to being proactive in its approach to detection and response. However, the industry is still far from being in a position where it can outwit adversaries at their own game, leading to a situation where playing "catch-up" is the norm.

Early implementations of deception technologies include the use of internal Honeypots to detect potential intrusion attempts. The concept of a honeypot is simple - decoy hardware is strategically planted on a network in such a way that any activity on it alludes to the presence of a malicious actor on the network. Over time, the concept has evolved further and has been adopted for use at various levels in the technology stack, from hardware and middleware solutions to applications that can directly interact with users. Decoys implemented completely in software are used by researchers worldwide to trap malware and spam emails, while organizations make use of "honeywords" or "honey hashes" in their databases to identify password and data leaks.

At DEFCON last year, we happened to be in a certain closed room discussion focusing on the behavior of various automated malware analysis systems. One of the focus points was various evasion techniques employed by malware to evade analysis by automated sandboxes . There are a number of well-known checks that malware can perform to determine whether it is under observation, including querying a few environment variables, enumerating system hardware, or looking for the presence of a particular tool on the system.

A seemingly innocuous question came out of this discussion - "Can you prevent malware from executing on a system by simply installing tools that it actively tries to evade?" In fact, it is not necessarily the tool itself, but a footprint of the tool that needs to exist on the system (registry entries created by the tool for example).

"Endpoint Deception"

The recent outbreak of WannaCry ransomware globally was covered extensively by the media not only for the damage that it caused, but also for the timely actions of an independent security researcher that potentially prevented thousands of systems from being infected. A kill-switch in the form of a domain name was hard coded into the malware, causing it to terminate without causing any damage if a successful connection to the domain could be made. Come to think of it, modern malware is embedded with multiple "kill-switches" that allow them to evade detection and analysis.

It would be interesting to explore if in addition to using hardware decoys, certain decoy indicators could be planted on endpoints to throw malware off-track. Malware variants trying to actively evade detection and analysis would terminate without causing any damage, if they have sufficient reason to believe that they are either being executed in a sandbox or being analyzed using common analysis tools. Not unlike indicators of compromise (IOC's) that are used to detect malicious activity, indicators of evasion (IOE's) could potentially be used to thwart execution and detect the presence of malware on systems. Additionally, EDR solutions could be leveraged to detect any attempts by such malware to enumerate known IOE's, giving incident responders a head start in their investigations.

With the expected convergence of End Point Protection and EDR technologies, headway into the endpoint deception space would afford organizations some additional protection against unknown unknowns.

Future Outlook

Of late, deception technologies that go way beyond their traditional call of duty have come into prominence. Systems that can emulate everything from web-applications and database systems to human beings are now a reality. Some of these solutions do not require any hardware to be deployed, instead relying on software based decoys to trap intruders and eliminating the potential attack surface introduced by traditional hardware decoys.

The market for deception technology is currently estimated to be at US$50 - US$100 million dollars, with the number expected to hit US$200 million next year. This is in stark contrast to the end point protection technology market, which stood at US$11 Billion in 2015 and is expected to cross US$17 Billion by 2020. It is therefore safe to say that as far as deception technologies go, we are only scratching the proverbial surface.

About the Author

Nitin Gopinathan has close to 7 years of experience in Information Security focusing on Threat and Vulnerability Management, Threat Intelligence, System Integration, Automation, and Security Analytics. He has previously worked in roles such as Service Manager and Product Manager - Threat Intelligence, and is currently working as a Technical Lead in the Cybersecurity and Risk Services practice within Wipro.

 

© 2020 Wipro Limited
Privacy Statement Disclaimer RSS Feed
© 2020 Wipro Limited
X