Deceptions Everywhere ®

Insights on threat and cyber risk trends, use cases for deception technology
and strategies for combatting targeted attacks

Time for Spring Cleaning? LockerGoga Underscores the Need for Cyber Hygiene

Posted by Jason Silberman on Apr 9, 2019 7:14:35 PM

Spring is here, and with it comes news of a new and vicious ransomware attack, known as LockerGoga.

Read More


Rethinking Healthcare Cybersecurity: Focus on the Attacker, not the Attack

Posted by Ofer Israeli on Nov 12, 2018 11:30:50 AM

At a recent industry event, I got to chatting with the CISO of a major children’s hospital. Over a beer, he shared with me the challenges he faces daily. Our far-reaching conversation covered nation-state actors enticing students to exfiltrate clinical trial test results, to his search for a secure USB port cover for patient-facing devices. Maybe it was the beer, but as he described his tribulations, each to me worse than the next, his enthusiasm and energy grew. Every so often he stopped to shake his head in disbelief at his own story as if to say, “Even I can’t believe how bad this is…” 

Read More


Stop Cyberattackers by Stopping the Spread of Credentials

Posted by Gil Shulman on Apr 10, 2018 10:56:38 AM

With cyber risk an executive- and board-level concern, it's not enough to try to prevent attackers from gaining entry to your network. Advanced, persistent attackers can still get through even the most advanced defenses. Once they're in, they have the arduous task of moving from their initial point of entry to their ultimate target. This is the time when attackers are most vulnerable—and where we, as defenders, have an opportunity to tip the balance in our favor.

Read More


Our View on US CERT TA18-074A: A Critical, Missing Capability to Protect Critical Infrastructure from Targeted Attacks

Posted by Ofer Israeli on Mar 22, 2018 11:03:39 AM

On March 15, 2018, US CERT (U.S. Computer Emergency Readiness Team) issued a Technical Alert about “Russian government cyber actors” conducting a concerted cyberattack campaign against energy companies. Specifically, they gained access through small organizations connected to the target companies and then “conducted network reconnaissance, moved laterally, and collected information pertaining to Industrial Control Systems (ICS).”

Read More


MoneyTaker: A Simple Step to Avoid Being the Next APT Target

Posted by Matan Kubovsky on Dec 13, 2017 3:16:22 PM

The threat news of the week is about MoneyTaker – a cybercrime group apparently responsible for theft of over $10M from 18 banks in the US and Russia. If you’ve read any of the online accounts, it’s easy to be overwhelmed by the details and the growing sophistication of cybercrime groups. While it’s important not to downplay their fierceness and the growing risks associated with advanced persistent threats, it’s also important to focus on the relatively simple capability organizations can embrace to combat them.

Read More


By Detecting Lateral Movements, Banks Can Get Ahead of Fraud and APTs

Posted by Matan Kubovsky on Aug 21, 2017 11:08:09 AM

In 2016, the wire transfer fraud attack on Bangladesh Bank commanded huge headlines and resulted in cyber criminals stealing a whopping $81 million. It could have been worse; the massive “take” was interrupted not by IT security technologies, but by human vigilance. A watchful employee saw a spelling error in a transfer message and alerted an investigation team.

Read More


Stay up to date!