What is Shadow Figment and how does it work?

Share
Researchers have created ‘Shadow Figment’, a cybersecurity decoy tech that lures attackers into a fake world

Scientists at the US Department of Energy’s Pacific Northwest National Laboratory have created a cybersecurity technology called Shadow Figment that is designed to lure hackers into an artificial world, then stop them from doing damage by feeding them imaginary bites of success. 

The aim is to seize bad actors by captivating them with an attractive, but imaginary, world. The technology is aimed at protecting physical targets, infrastructures such as buildings, the electric grid, water and sewage systems, and even pipelines.

How does it work?

The starting point for Shadow Figment is a technology called a honeypot, which is something attractive to lure an attacker, perhaps a desirable target with the appearance of easy access. The technology uses AI to deploy elaborate deception to keep attackers engaged in a pretend world that mirrors the real world. The decoy interacts with users in real-time, responding in realistic ways to commands.

Shadow Figment is a model-driven cyber defence designed specifically for control system environments. The technology utilises a distributed computational platform to define and deploy deceptive devices. Deployed decoys respond to protocol queries from an attacker with realistic, plausible return signals. As attackers interact with decoys, alerts are sent to defenders and incident responders to inform and educate them about active attacks.

Youtube Placeholder

“Our intention is to make interactions seem realistic, so that if someone is interacting with our decoy, we keep them involved, giving our defenders extra time to respond,” said Thomas Edgar, a PNNL cybersecurity researcher who led the development of Shadow Figment.

The system rewards hackers with false signals of success, keeping them occupied while defenders learn about the attackers’ methods and take actions to protect the real system.

“We’re buying time so the defenders can take action to stop bad things from happening,” Edgar said. “Even a few minutes is sometimes all you need to stop an attack. But Shadow Figment needs to be one piece of a broader programme of cybersecurity defence. There is no one solution that is a magic bullet.”

PNNL has applied for a patent on the technology, which has been licensed to Attivo Networks. Shadow Figment is one of five cybersecurity technologies created by PNNL and packaged together in a suite called PACiFiC.

Share

Featured Articles

Cloudflare and the Push for E2E Encryption of Messaging Apps

Cloudflare has partnered with Whatsapp to deliver E2EE and Key Transparency for millions of users

Why Biden Was Proved Right on Push to Secure Water Utilities

The outgoing President has seen the threats posed by cyber attacks on specific utilise like water and has thus been pushing for tighter regulations

AI-Native Edge: Juniper Networks Vision of Networking

Juniper Network is aiming to offer visibility across network and security operations with its new Secure AI-Native Edge solution

DNV & CyberOwl Join to Give Shipping Huge Cyber Offering

Operational Security

Why is Active Directory a Concern for CISOs?

Cyber Security

Palo Alto Networks, Deloitte and The Push to Platformization

Cyber Security