Putting on a Big Show: Defending by Attacking Attacker Incentives

Presented at ShmooCon 2023, Jan. 21, 2023, noon (60 minutes)

In a perfect world, defenders would prevent attackers from even trying to go after their environments. By understanding why attackers would go after their networks and using overt deception—advertising to attackers that they will be deceived, defenders can reduce attackers’ incentives and drive them elsewhere. This talk covers two open-source technical tools to showcase this approach: honeypot credit card data and fake database user records that each drive down the value of the organization’s data without impacting business operations. By understanding the incentives that drive your organization’s would-be attackers, defenders can advertise their deception deployments to cast doubt on the value of that data–even if they have done nothing (deception about deception)!

Presenters:

• Jacob Torrey
  Jacob Torrey is the Head of Labs at Thinkst Applied Research. Prior to that, he managed two security teams at AWS and was a Program Manager at DARPA’s Information Innovation Office (I2O). At DARPA he managed a cyber security R&D portfolio including the Configuration Security, Transparent Computing, and Cyber Fault-tolerant Attack Recovery programs. Starting his career at Assured Information Security, he led the Computer Architectures group performing bespoke research into low-level systems security and programming languages. Jacob has been a speaker and keynote speaker at conferences around the world, from BlackHat USA, to SysCan, to TROOPERS, and many more.

Similar Presentations:

• Black Hat USA 2014 / The Devil Does Not Exist - The Role of Deception in Cyber
• ShmooCon XI (2015) / Deception for the Cyber Defender: To Err is Human; to Deceive, Divine
• NolaCon 2017 / Easy Indicators of Compromise: Creating a Deception Infrastructure