Deceptions Everywhere ®

Insights on threat and cyber risk trends, use cases for deception technology
and strategies for combatting targeted attacks

Rethinking Healthcare Cybersecurity: Focus on the Attacker, not the Attack

Posted by Ofer Israeli on Nov 12, 2018 11:30:50 AM

At a recent industry event, I got to chatting with the CISO of a major children’s hospital. Over a beer, he shared with me the challenges he faces daily. Our far-reaching conversation covered nation-state actors enticing students to exfiltrate clinical trial test results, to his search for a secure USB port cover for patient-facing devices. Maybe it was the beer, but as he described his tribulations, each to me worse than the next, his enthusiasm and energy grew. Every so often he stopped to shake his head in disbelief at his own story as if to say, “Even I can’t believe how bad this is…” 

Read More


Stop Cyberattackers by Stopping the Spread of Credentials

Posted by Gil Shulman on Apr 10, 2018 10:56:38 AM

With cyber risk an executive- and board-level concern, it's not enough to try to prevent attackers from gaining entry to your network. Advanced, persistent attackers can still get through even the most advanced defenses. Once they're in, they have the arduous task of moving from their initial point of entry to their ultimate target. This is the time when attackers are most vulnerable—and where we, as defenders, have an opportunity to tip the balance in our favor.

Read More


Our View on US CERT TA18-074A: A Critical, Missing Capability to Protect Critical Infrastructure from Targeted Attacks

Posted by Ofer Israeli on Mar 22, 2018 11:03:39 AM

On March 15, 2018, US CERT (U.S. Computer Emergency Readiness Team) issued a Technical Alert about “Russian government cyber actors” conducting a concerted cyberattack campaign against energy companies. Specifically, they gained access through small organizations connected to the target companies and then “conducted network reconnaissance, moved laterally, and collected information pertaining to Industrial Control Systems (ICS).”

Read More


MoneyTaker: A Simple Step to Avoid Being the Next APT Target

Posted by Matan Kubovsky on Dec 13, 2017 3:16:22 PM

The threat news of the week is about MoneyTaker – a cybercrime group apparently responsible for theft of over $10M from 18 banks in the US and Russia. If you’ve read any of the online accounts, it’s easy to be overwhelmed by the details and the growing sophistication of cybercrime groups. While it’s important not to downplay their fierceness and the growing risks associated with advanced persistent threats, it’s also important to focus on the relatively simple capability organizations can embrace to combat them.

Read More


By Detecting Lateral Movements, Banks Can Get Ahead of Fraud and APTs

Posted by Matan Kubovsky on Aug 21, 2017 11:08:09 AM

In 2016, the wire transfer fraud attack on Bangladesh Bank commanded huge headlines and resulted in cyber criminals stealing a whopping $81 million. It could have been worse; the massive “take” was interrupted not by IT security technologies, but by human vigilance. A watchful employee saw a spelling error in a transfer message and alerted an investigation team.

Read More


Capture the Flag: Put Us to the Test Against an Advanced Persistent Threat

Posted by Nir Greenberg on Jul 13, 2017 5:25:36 AM

Cybersecurity is in the headlines as never before, commanding greater executive attention. As the need for cybersecurity solutions has grown, record numbers of new technologies have emerged to fill the demand. But despite growing cyber spending, budgets for most organizations are finite—and so are the human resources to support and maintain the vast range of security tools they already own. It’s therefore essential to carefully scrutinize vendor offerings before signing on the dotted line.

Read More


Stay up to date!