Surely we all know what deception is and how it works; I’m simply going to take a different look at it today and how it relates to cyber security using deception principles. Illustrating examples of how to perplex or deceive.
Although we think we are in control of our attention, it is quite easy to lose it. Criminals and con artists are also aware of this, and they exploit it. The act of deceiving someone is defined as the act of fooling them, but it is much more complicated than that. Some prominent principles and their application include the following.
Masking
The goal here is to make the data invisible to the system, just as a well-hidden soldier is invisible to the eye in a thicket. While the data exists, it cannot be seen. Steganography, for example, can be used to hide extra data in a digital image. An image may contain an embedded file. In most cases, the underlying data remains hidden. Many computer viruses are capable of blending into the system and going undetected. The virus can hide its data within other data and go undetected.
Repackaging
An act of concealing the purpose of software to perform different tasks by repackaging it. Trojan horses are a good example. This can also be viewed from a different perspective. This is related to ‘creation,’ but instead of creating a new reality, the idea is to dress up an existing one. In cybersecurity, this new packaging is frequently undesirable, leading to malicious activities (Trojan Malware).
Dazzling
In order for this method to function, the type or quantity of facts provided must startle the target. Encryption can cause ‘confusion’ because no attacker will be able to access securely encrypted data. An attacker can also scramble data belonging to the target, making it unreadable. Data-bombarding a target could cause confusion and cause a Denial of Service. Sending signals until the victim’s system is saturated and paralyzed is effective.
A common example is email ‘bombing,’ however, more innovative cases include falsely ordering goods that are known to be in short supply and oversupplying products.
Mimicking
The mimicking effect can be used to portray the target in a specific way. One of the hackers’ favorite methods is ‘social engineering,’ in which they simulate real system users or technical employees over the phone to get system data such as login identities. Social Engineering techniques like Phishing are a great example of this. On the other hand, Viruses often imitate other programs.
Decoying: Using a decoy allows effort diversion.
A very good example of this is Phishing. It all still revolves around social engineering.
Read more about Social Engineering here.
Consider the domains thecyberverdict.com and thecyberverbict.com. These domains look very similar but in fact, are different, one is legit and the other is a false representation. Even take a look at the website micros0ft.com. The purpose of decoying data or presentations is to persuade the target to exert effort in a way that benefits the attacker and/or harms the victim.
These are only a few examples of deception principles and how they might be used within cybersecurity. It is critical for internet users to understand the notion of deception and its use in Cybersecurity in order to successfully dodge attacker techniques. An attacker’s primary goal is to deceive others in order to gain an advantage. In cybersecurity, an attack is never clear; we are fortunate to have enhanced tools that can read between the lines of any advances of a malicious exploit in our enterprises these days. Malware and viruses aim to hide their content and function when active in a host, and attackers do a good job of deceiving unsuspecting victims via social engineering techniques. It is critical for internet users to be aware of these strategies. To catch a thief, it is believed that you must think like one. How good are you at deception? How good are you at spotting a deception? This necessitates a constant awareness of attacker patterns and deception methods. Individuals and organizations must protect themselves now that they are aware of all of this.
- Bet9ja Hack: The Future of Cyber Security Attacks in Nigeria - August 17, 2022
- Deception a large part of Cybersecurity. - July 4, 2022
- How To Protect Yourself From USSD Fraud - April 18, 2022
