
YC-backed Cymmetria published a report about an APT caught with cyber-deception - lorg
https://threatpost.com/apt-group-patchwork-cuts-and-pastes-a-potent-attack/119081/
======
dkopi
How is cyber-deception different from regular honeypots?

~~~
ddiinn2
There are two main advancements beyond "classic" honeypots:

1\. Honeypots are easy to fingerprint (see our blackhat talk,
[https://www.youtube.com/watch?v=Pjvr25lMKSY](https://www.youtube.com/watch?v=Pjvr25lMKSY)
)

2\. Most honeypots just "sit on the network", waiting to be scanned. By using
breadcrumbs (AKA honeytokens) as part of deception stories you're actively
hunting the attackers in the network, by influencing their decision process.

------
ddiinn2
Any questions, we'd be happy to answer

