Scientists at the U.S. Department of Energy’s Pacific Northwest National Laboratory (PNNL) have created a cybersecurity technology designed to lure them instead into an artificial world and feeding them false signals of success. The technology aims to protect critical infrastructure networks such as buildings, the electric grid, water and sewage systems, and even pipelines.
The cyber tech is based on honeypots, which attract hackers by providing what appears to be an easy target so cybersecurity researchers can study the attackers’ methods. While most honeypots are used to lure attackers and study their methods, this cyber tech instead uses artificial intelligence to deploy elaborate deception to keep attackers engaged in a pretend world that mirrors the real world. The decoy interacts with users in real-time, responding in realistic ways to commands.
PNNL researchers wanted the interactions to seem realistic, so that if someone is interacting with their decoy, they keep them involved, giving their defenders extra time to respond. The system rewards hackers with false signals of success, keeping them occupied while defenders learn about the attackers’ methods and take actions to protect the real system.
The credibility of the deception relies on a machine learning program that learns from observing the real-world system where it is installed. The program responds to an attack by sending signals that illustrate that the system under attack is responding in plausible ways. This “model-driven dynamic deception” is much more realistic than a static decoy, a more common tool that is quickly recognised by experienced cyberattackers.
Cyber tech spans two worlds that years ago were independent but are now intertwined: the cyber world and the physical world, with elaborate structures that rely on complex industrial control systems. Such systems are more often in the crosshairs of hackers than ever before.
Physical systems are so complex and immense that the number of potential targets is boundless such as valves, controls, pumps, sensors, chillers. Thousands of devices work in concert to bring us uninterrupted electricity, clean water and comfortable working conditions. False readings fed into a system maliciously could cause electricity to shut down. They could drive up the temperature in a building to uncomfortable or unsafe levels, or change the concentration of chemicals added to a water supply.
This cyber tech creates interactive clones of such system in all their complexity, in ways that experienced operators and cybercriminals would expect. For example, if a hacker turns off a fan in a server room in the artificial world, Shadow Figment responds by signalling that air movement has slowed and the temperature is rising. If a hacker changes a setting to a water boiler, the system adjusts the water flow rate accordingly.
The development of this technology is another example of how PNNL scientists are focused on protecting the nation’s critical assets and infrastructure. This cybersecurity tool has far-reaching applications in government and private sectors—from city municipalities to utilities, to banking institutions, manufacturing, and even health providers.
Cyberattackers often target critical infrastructure such as ransomware attack on the largest pipeline in the U.S. As reported by OpenGov Asia, the Department of Justice (DOJ) announced that it has seized 63.7 bitcoins currently valued at approximately $2.3 million from a bitcoin wallet that ransomware actors used to collect a cyber ransom payment from a victim. The DOJ says following the money remains one of the most basic, yet powerful tools they have.
Ransom payments are the fuel that propels the digital extortion engine. The announcement demonstrates that the U.S. will use all available tools to make these attacks more costly and less profitable for criminal enterprises.
The DOJ will continue to target the entire ransomware ecosystem to disrupt and deter these attacks. This announcement also demonstrates the value of early notification to law enforcement as the pipeline company quickly notified the Federal Bureau of Investigation (FBI) about the ransomware attack. FBI will continue to use all of its available resources and leverage their domestic and international partnerships to disrupt ransomware attacks and protect private sector partners and the American public.