Deceptions Everywhere ®

Insights on threat and cyber risk trends, use cases for deception technology
and strategies for combatting targeted attacks

What Do Attackers Really Want? Answer: Your Credentials!

Posted by Ofer Israeli on Jun 27, 2019 11:40:37 AM

You're vulnerable. And cyber attackers know it.

Read More


A Deception Technologist's View of Cloud Security

Posted by Beth Ruck on May 22, 2019 2:47:12 PM

As I sat down to write this post, I couldn’t help amusing myself with yet another corny “cloud” analogy: The potential for lateral movement between different parts of the extended corporate ecosystem is a bit like all the different types of lightening there are. If, besides being a tech geek, you are also a weather geek, you can read about lighting here. Among other things, this site explains that “Anvil Crawlers are horizontal tree-like, in-cloud lightning discharges whose leader propagation is slow enough… that a human observer… can see its rapid motion across the sky.” Where cloud security is concerned, Illusive’s aim is to make malicious lateral movement to, from, and between clouds slow and visible to the human eye—so that security teams can stop cyberattacks before a successful strike.

Read More


How Cyberattackers Use Privileged Credentials to Establish Domain Persistence?

Posted by Beth Ruck on Mar 21, 2019 5:22:27 PM

The top risk cyberattackers face is the risk of getting caught. But executing an attack is typically a labor-intensive process. Attackers also worry that the access they’ve worked so hard to establish might suddenly get cut off if a password gets changed or an account they’re using is retired or removed from the domain.

Read More


Automated Cybercrime Highlights Need to Automate Cyber Defenses

Posted by Marc Goodman on Dec 18, 2018 4:18:14 PM

The epic and exponential rise in cybercrime is a subject of near-daily discussion in the national and local news. Whether it’s from ransomware, identity theft, digital corporate espionage, information warfare, compromised election systems or hacked critical infrastructures—increasingly all of our information systems are under attack. While the media is quick to report on the “what” of each data breach (for example, company X was hacked so change your password to that account), they rarely delve into the why and the how. How are these attacks taking place, and why are they growing at a pace so much quicker than all other forms of criminal activity? Without understanding the “why and how” of cybercrime, we are doomed to fail in our battle against cyberattacks. 

Read More


4 Quick Thoughts On The Massive Marriott Breach

Posted by Ofer Israeli on Nov 30, 2018 2:28:58 PM

My phone’s been ringing this morning from people wanting to talk about the massive Marriott breach — the revelation that private data associated with up to 500 million people may have been compromised. I’m sure there’s a lot more to learn from the details, but in the meantime, I’ll take a quick minute to jot down some initial thoughts:

Read More


Anticipating Cyber Monday: Meet and Exceed PCI-DSS Compliance

Posted by Guy Rosenthal on Nov 20, 2018 11:37:16 AM

In 2004, the Payment Card Industry Data Security Standard (PCI DSS) became a fact of life for organizations that accept payment via credit or debit cards. In that year, the leading card issuers rolled out the first iteration of its security standard, designed to improve protection of payment systems as credit card data became a prime target for cyberattackers. Today, even as organizations have entire teams dedicated to PCI compliance, one consumer business after another—including Macy’s, Adidas, Panera Bread and Chili’s—have been breached, resulting in exposure of cardholder data.

Read More


Stay up to date!