What is Shadow Figment and how does it work?

Researchers have created ‘Shadow Figment’, a cybersecurity decoy tech that lures attackers into a fake world

Scientists at the US Department of Energy’s Pacific Northwest National Laboratory have created a cybersecurity technology called Shadow Figment that is designed to lure hackers into an artificial world, then stop them from doing damage by feeding them imaginary bites of success. 

The aim is to seize bad actors by captivating them with an attractive, but imaginary, world. The technology is aimed at protecting physical targets, infrastructures such as buildings, the electric grid, water and sewage systems, and even pipelines.

How does it work?

The starting point for Shadow Figment is a technology called a honeypot, which is something attractive to lure an attacker, perhaps a desirable target with the appearance of easy access. The technology uses AI to deploy elaborate deception to keep attackers engaged in a pretend world that mirrors the real world. The decoy interacts with users in real-time, responding in realistic ways to commands.

Shadow Figment is a model-driven cyber defence designed specifically for control system environments. The technology utilises a distributed computational platform to define and deploy deceptive devices. Deployed decoys respond to protocol queries from an attacker with realistic, plausible return signals. As attackers interact with decoys, alerts are sent to defenders and incident responders to inform and educate them about active attacks.

“Our intention is to make interactions seem realistic, so that if someone is interacting with our decoy, we keep them involved, giving our defenders extra time to respond,” said Thomas Edgar, a PNNL cybersecurity researcher who led the development of Shadow Figment.

The system rewards hackers with false signals of success, keeping them occupied while defenders learn about the attackers’ methods and take actions to protect the real system.

“We’re buying time so the defenders can take action to stop bad things from happening,” Edgar said. “Even a few minutes is sometimes all you need to stop an attack. But Shadow Figment needs to be one piece of a broader programme of cybersecurity defence. There is no one solution that is a magic bullet.”

PNNL has applied for a patent on the technology, which has been licensed to Attivo Networks. Shadow Figment is one of five cybersecurity technologies created by PNNL and packaged together in a suite called PACiFiC.


Featured Articles

Tech & AI LIVE: Key Events that are Vital for Cybersecurity

Connecting the world’s technology and AI leaders, Tech & AI LIVE returns in 2024, find out more on what’s to come in 2024

MWC Barcelona 2024: The Future is Connectivity

Discover the latest in global technology and connectivity at MWC Barcelona 2024, where industry giants converge to discuss 5G, AI and more industry trends

AI-Based Phishing Scams Are On The Rise This Valentine’s Day

Research from Egress Threat Intelligence, Avast, Cequence Security & KnowBe4 outlines how AI is being used in dating app phishing scams on Valentine’s Day

Speaker Lineup Announced for Tech Show London 2024

Technology & AI

Darktrace predicts AI deepfakes and cloud vulnerabilities

Cloud Security

Secure 2024: AI’s impact on cybersecurity with Integrity360

Technology & AI