What is Shadow Figment and how does it work?

Researchers have created ‘Shadow Figment’, a cybersecurity decoy tech that lures attackers into a fake world

Scientists at the US Department of Energy’s Pacific Northwest National Laboratory have created a cybersecurity technology called Shadow Figment that is designed to lure hackers into an artificial world, then stop them from doing damage by feeding them imaginary bites of success. 

The aim is to seize bad actors by captivating them with an attractive, but imaginary, world. The technology is aimed at protecting physical targets, infrastructures such as buildings, the electric grid, water and sewage systems, and even pipelines.

How does it work?

The starting point for Shadow Figment is a technology called a honeypot, which is something attractive to lure an attacker, perhaps a desirable target with the appearance of easy access. The technology uses AI to deploy elaborate deception to keep attackers engaged in a pretend world that mirrors the real world. The decoy interacts with users in real-time, responding in realistic ways to commands.

Shadow Figment is a model-driven cyber defence designed specifically for control system environments. The technology utilises a distributed computational platform to define and deploy deceptive devices. Deployed decoys respond to protocol queries from an attacker with realistic, plausible return signals. As attackers interact with decoys, alerts are sent to defenders and incident responders to inform and educate them about active attacks.

“Our intention is to make interactions seem realistic, so that if someone is interacting with our decoy, we keep them involved, giving our defenders extra time to respond,” said Thomas Edgar, a PNNL cybersecurity researcher who led the development of Shadow Figment.

The system rewards hackers with false signals of success, keeping them occupied while defenders learn about the attackers’ methods and take actions to protect the real system.

“We’re buying time so the defenders can take action to stop bad things from happening,” Edgar said. “Even a few minutes is sometimes all you need to stop an attack. But Shadow Figment needs to be one piece of a broader programme of cybersecurity defence. There is no one solution that is a magic bullet.”

PNNL has applied for a patent on the technology, which has been licensed to Attivo Networks. Shadow Figment is one of five cybersecurity technologies created by PNNL and packaged together in a suite called PACiFiC.


Featured Articles

IT and OT security with Ilan Barda, CEO of Radiflow

Cyber Magazine speaks with Radiflow’s CEO, Ilan Barda, about converging IT and OT and how leaders can better protect businesses from cybersecurity threats

QR ‘Quishing’ scams: Do you know the risks?

QR code scams, or Quishing scams, are rising and pose a threat to both private users and businesses as cyberattacks move towards mobile devices

Zero Trust Segmentation with Illumio’s Raghu Nandakumara

Head of Industry Solutions at Illumio, Raghu Nandakumara, offers insight into the proposed ban on ransom payments and how businesses can utilise Zero Trust

Is the password dead? Legacy technology prevents the shift

Network Security

Fake Bard AI malware: Google seeks to uncover cybercriminals

Technology & AI

Gartner report highlights threat of supply chain attacks

Cyber Security