Carolyn Crandall 15 July 2020

How councils can use deception to fight cybercrime

How councils can use deception to fight cybercrime image

Many cybercriminals are opportunists and take the path of least resistance, aiming at targets that will enable them to make a quick profit with the least effort. Unfortunately, local government authorities are often precisely the kind of target these criminals seek.

Threat actors are well aware that local authorities have vast stores of valuable data such as personal and financial details of residents. At the same time, they generally lack the budgets and resources of their counterparts in the central government, making them an ideal mark for a criminal looking to make quick cash. Research from Gallagher found that threat actors attacked UK local authorities more than 800 times an hour last year.

Advanced ransomware attacks are now increasingly targeting the public sector and aim to widely lock systems and cripple services so that they can command a more lucrative payout. In recent years these attacks have become more sophisticated and problematic to detect. Perpetrators are now seeking to optimise their chances of success by first infiltrating the network then pinpointing the most valuable assets to encrypt.

Criminals bank on the idea that local governmental bodies will quickly pay a ransom demand to unlock their systems because the public depends on them for essential municipal services. It is worth noting that even when paying a ransom, there is no guarantee that they can recover data or that these or other criminals will not strike again.

Dangerous deception

One of the reasons these major attacks keep occurring is that the majority of cyber attackers use deception as a powerful tool for gaining advantage over their victims. Phishing emails purporting to come from known contacts account for more than 80% of reported security incidents, according to CSO Online. A threat actor only needs to fool one employee into clicking a link to gain initial access to an internal system. Criminals will then leverage various other attack techniques to evade security measures such as antivirus. These deceptions often involve stealing employee credentials so that they can log into systems as legitimate users.

However, while deception has always been one of the most powerful resources in an attacker’s tool kit, it can be equally useful for defence. Organisations can lay deceptive traps, bait, and misdirections of their own for cyber attackers that breach their network, deflecting them away from the real assets and crucially delaying or even entirely derailing their attack.

The defenders achieve this by creating traps and lures that resemble genuine files, systems, and credentials that an attacker is likely to seek out. Advanced deceptions go so far as being able to hide and deny access to production assets such as Active Directory, files, folders, and mapped network and cloud shares. Whether the attacker has infiltrated the network to steal data, implant ransomware, or tamper with critical device operations the minute they interact with any of these false assets, the security team gets an alert and activates incident response. Additionally, since deception provides the means to engage an attacker safely, it can gather and analyse extremely valuable information on the attacker’s tools and techniques to fortify defences.

At a basic level, a deceptive defence strategy will buy time to respond and shut down the attack. At a more advanced level, deception can prevent an attack from successfully compromising assets or moving laterally throughout the network to navigate upstream to find their desired target.

While many people see deception as decoys that serve to mimic real assets and attract in-network attackers, deceptive technology can apply to multiple different areas. A particularly effective strategy is to create a decoy Active Directory or to intercept and derail unauthorized queries. A central point for managing user authentication, Active Directory is a prized target for criminals seeking to escalate their attacks and access more of the network. After detecting unauthorised AD access, the system can even give the intruder fake data that will lead them directly into the deception environment for safe observation.

While attackers may eventually realise they have fallen for the deception, the longer this takes, the better. Wasting a cyber criminal’s time and resources on decoys or forcing them to decipher real from fake data will clearly slow an attack, increase the attacker’s cost, and could result in sending them in search of a softer target.

Covering all the bases

The core concept of defence through deception is a versatile strategy that covers a lot of ground. It is particularly useful for local authorities working within a limited budget but still needing to prevent and detect threats early in the attack cycle proactively. By deploying deception on the endpoint and as a fabric across the network, businesses will gain an early warning system. Plus, with the ability to engage an attacker within a decoy, they can obtain valuable attack information, which is particularly useful in helping understand security gaps and notifying security teams when attackers are evading prevention systems.

The number of cyberattacks increased significantly in recent months as attackers exploited organisations left vulnerable by changes made in response to the COVID-19 crisis. Cybercriminals have taken the opportunity to prey on the pandemic-related fears and concerns of remote workers through phishing and other deceptive techniques. Against this mounting threat, it is worthwhile local authorities broadening their approach to cybersecurity, deceiving the deceivers and arming themselves with the visibility to an adversary’s trickery and advancements.

Carolyn Crandall is chief deception officer at Attivo Networks

Automatic planning image

Automatic planning

The new reforms mean local authorities need to mobilise, but is this what’s really required? Paul Beaney reports.
For your free daily news bulletin
Highways jobs

Social Worker - FTC - DBIT

Essex County Council
£30906.0 - £42254.0 per annum + + Free Parking & Benefits Package
A fantastic opportunity has arisen for a Social Workers to join the South D-BIT Team based Ely House covering the South Quadrant area on a Fixed Term Contract basis, for a period of 18 months. England, Essex, Basildon
Recuriter: Essex County Council

Senior Practitioner - Family Support & Protection Team

Essex County Council
Up to £237 per day + Umbrella
To hold and sustain a caseload consisting mainly of the most sensitive, "complex and difficult" cases to which the post holder is able to bring to bear the highest standards of professional ability and a considerable depth of knowledge in relevant legisla England, Essex, Chelmsford
Recuriter: Essex County Council

Qualified Social Worker - Children in Care Specialist Team

Essex County Council
Up to £207 per day + Umbrella
The role includes managing a defined caseload, the Social Worker is responsible for working effectively with children, young people and families/carers to achieve positive change and improved outcomes. England, Essex, Harlow
Recuriter: Essex County Council

Associate Director – Finance & Commercial

Slough Borough Council
£80,912 to £94,371
As our Associate Director – Finance & Commercial and Deputy 151 Officer you will lead a team of approximately 57 people within... Slough, Berkshire
Recuriter: Slough Borough Council

Channel Officer

Kirklees Metropolitan Council
£34,728 - £36,922 per annum
You will need to possess demonstrable knowledge and understanding of the UK Government Counter... Kirklees, West Yorkshire
Recuriter: Kirklees Metropolitan Council

Public Property

Latest issue - Public Property News

This issue of Public Property examines how how flexible workspaces can lead the way in regeneration for local authorities, Why local authority intervention is key to successful urban regeneration schemes and if the Government’s challenge of embracing beauty is an opportunity for communities.

The March issue also takes a closer look at Blackburn with Darwen Council's first digital health hub to help people gain control over health and care services.

Register for your free digital issue