The UK’s leading cybersecurity agency has called on the country’s organizations to deploy cyber-deception technologies at scale to assess their efficacy.
National Cyber Security Centre (NCSC) CTO Ollie Whitehouse said in a blog post this week that the aim is to “establish an evidence base for use cases” of cyber-deception at a national scale to see how the technology might be adopted as part of its Active Cyber Defence 2.0 initiative.
He claimed two prominent use cases currently stand out:
The plan is an ambitious one. It aims to deploy a minimum of 5000 low- and high-interaction solutions on the UK internet, across IPv4 and IPv6, plus 20,000 low-interaction solutions inside internal networks.
In addition, Whitehouse wants to deploy 200,000 low-interaction solutions in cloud environments and two million honeytokens – fake IT resources designed to detect criminal activity.
He said the research aims to answer several key questions: how good are cyber-deception technologies at helping to detect latent and new compromises, and does knowledge of the presence of such technologies change threat actor behavior?
“We recognize the potential value of using cyber-deception technologies and techniques to support cyber defence in certain situations,” said Whitehouse. “We are keen to work with UK public and private sector organizations who have deployed solutions as described above. If this is you, we want you to get in touch.”
The initiative follows a “first-of-its-kind” conference of international and UK government partners and industry representatives at the NCSC’s headquarters.
The NCSC set out its plans for Active Cyber Defence 2.0 earlier this month, claiming it will usher in a new generation of cybersecurity tools and services to fill gaps in the commercial market.
The aim is for government departments or private sector organizations to take over these services in time.
Read more on cyber deception: Insurer’s UK Honeypots Attacked 17 Million Times Per Day.
- #CyberMonth: Software Updates, A Double-Edged Sword for Cybersecurity Professionals
Software updates are critical in protecting systems from cyber threats and providing new and improved functionality to software products. They are necessary to patch vulnerabilities that can be exploited by malicious actors, ensuring that systems remain secure. Software updates are one of the four pillars of the 2024 International Cybersecurity Awareness Month campaign. As part … - Universal Music Group Admits Data Breach
Universal Music Group (UMG), one of the world’s largest music corporations, disclosed a data breach in mid-July 2024. According to a filing with the Maine Attorney General’s Office, the breach may have exposed the personal information of 680 US residents. In the filing, UMG said it detected unauthorized activity in one of its internal applications on July 15, … - Sellafield Fined for Cybersecurity Failures at Nuclear Site
Sellafield Ltd. has been fined £332,500 ($437,440) for cybersecurity failures at the Sellafield nuclear facility in Cumbria, North-West England. Westminster Magistrates Court issued the fine following a prosecution brought by the Office for Nuclear Regulation (ONR), the UK’s independent nuclear regulator. Sellafield Ltd has also been ordered to pay prosecution costs of £53,253.20 ($70,060). The offences … - Ransomware Attack Forces UMC to Divert Emergency Patients
The University Medical Center (UMC) Health System in Lubbock, Texas, has confirmed a ransomware attack that disrupted its IT infrastructure last week, forcing the diversion of emergency and non-emergency patients. UMC, the only level 1 trauma centre within 400 miles, faced significant operational challenges, with phone systems down and the patient portal inaccessible. Despite this, … - British Hacker Charged in the US For $3.75m Insider Trading Scheme
A British hacker accused of orchestrating a $3.75m insider trading scheme has been charged in the US. Robert Westbrook, 39, allegedly gained unauthorized access to corporate executives’ email accounts to profit from confidential financial information. US authorities arrested Westbrook last week in London, and he is awaiting extradition to face multiple charges, including securities fraud …
