Excerpted from the ebook “Deception and Counter Deception: Moving Target Attacks vs. Moving Target Defense” by Mordechai Guri, Chief Science Officer at Morphisec. Download the full eBook here.
In the arms race between cyber attackers and cyber defense technologies, attackers currently claim control. They employ sophisticated deception techniques designed to evade traditional and even “next generation” defense mechanisms, for example by hiding malicious behavior and disguising it as benign or unknown behavior. We outlined these techniques, collectively known as Moving Target Attacks (MTA), in our previous blog post. But there is a cyber defense strategy that breaks the attack-patch cycle. Moving Target Defense (MTD) uses counter-deception techniques that constantly change the target surface, so that attackers can’t get a foothold.
There are three main categories of MTD:
- Network level MTD: Changing the network topology, including IP-hopping, random port numbers, extra open or closed ports, fake listening hosts, and obfuscated port traffic as well as fake information about the host and OS type and version.
- Host level MTD: Changing the host and OS level resources, naming and configuration.
- Application level MTD: Changing the application environment. This includes randomly arranging memory layout, changing application type and versioning and routing them through different hosts, or changing setting and programming languages to compile the source code, altering the source code at every compilation.
All of these techniques are intended to morph the target, making it unfamiliar to the attacker. MTD forces the attacker to learn the target over and over again, increasing the likelihood of discovery and making attacks costly and unfeasible.
By using deception and MTA, attackers had the upper hand by camouflaging their next moves. The new MTD paradigm turns the tables by making the attacker operate in an uncertain and unpredictable environment. MTD at the OS and Application levels holds particular promise, as a successful attack depends on accurate information about the targeted operating system and application.
The new ebook Deception and Counter Deception: Moving Target Attacks vs. Moving Target Defense, Morphisec's Chief Science Officer Mordechai Guri analyzes how the latest MTA attack techniques evade current defense mechanisms and explores Moving Target Defense (MTD) countermeasures. Guri also explores the advantages of this new paradigm in regaining the upper hand in the struggle against cyberattacks. To learn more, download the full eBook here.