What is Shadow Figment and how does it work?

Researchers have created ‘Shadow Figment’, a cybersecurity decoy tech that lures attackers into a fake world

Scientists at the US Department of Energy’s Pacific Northwest National Laboratory have created a cybersecurity technology called Shadow Figment that is designed to lure hackers into an artificial world, then stop them from doing damage by feeding them imaginary bites of success. 

The aim is to seize bad actors by captivating them with an attractive, but imaginary, world. The technology is aimed at protecting physical targets, infrastructures such as buildings, the electric grid, water and sewage systems, and even pipelines.

How does it work?

The starting point for Shadow Figment is a technology called a honeypot, which is something attractive to lure an attacker, perhaps a desirable target with the appearance of easy access. The technology uses AI to deploy elaborate deception to keep attackers engaged in a pretend world that mirrors the real world. The decoy interacts with users in real-time, responding in realistic ways to commands.

Shadow Figment is a model-driven cyber defence designed specifically for control system environments. The technology utilises a distributed computational platform to define and deploy deceptive devices. Deployed decoys respond to protocol queries from an attacker with realistic, plausible return signals. As attackers interact with decoys, alerts are sent to defenders and incident responders to inform and educate them about active attacks.

“Our intention is to make interactions seem realistic, so that if someone is interacting with our decoy, we keep them involved, giving our defenders extra time to respond,” said Thomas Edgar, a PNNL cybersecurity researcher who led the development of Shadow Figment.

The system rewards hackers with false signals of success, keeping them occupied while defenders learn about the attackers’ methods and take actions to protect the real system.

“We’re buying time so the defenders can take action to stop bad things from happening,” Edgar said. “Even a few minutes is sometimes all you need to stop an attack. But Shadow Figment needs to be one piece of a broader programme of cybersecurity defence. There is no one solution that is a magic bullet.”

PNNL has applied for a patent on the technology, which has been licensed to Attivo Networks. Shadow Figment is one of five cybersecurity technologies created by PNNL and packaged together in a suite called PACiFiC.


Featured Articles

Gartner unveils top cybersecurity predictions for 2023-2024

Half of CISOs will formally adopt human-centric design practices into their cybersecurity programmes, while adoption of zero trust architecture will rise

DDoS protection market to grow amid increase in attacks

According to research by Cloudflare, DDoS attacks increased by 109% last year, with the last 12 months seeing some of the largest attacks the world

The impact data poisoning has on cyber and AI

We take a look at why the risks of data and AI poisoning is continuing to wreak havoc on the cybersecurity industry

Five innovative ways AI can help prevent cyber attacks

Cyber Security

SailPoint delivers new non-employee risk management solution

Cyber Security

Akamai shares details of Asia’s record-breaking DDoS attack

Network Security