Carolyn Crandall 15 July 2020

How councils can use deception to fight cybercrime

How councils can use deception to fight cybercrime image

Many cybercriminals are opportunists and take the path of least resistance, aiming at targets that will enable them to make a quick profit with the least effort. Unfortunately, local government authorities are often precisely the kind of target these criminals seek.

Threat actors are well aware that local authorities have vast stores of valuable data such as personal and financial details of residents. At the same time, they generally lack the budgets and resources of their counterparts in the central government, making them an ideal mark for a criminal looking to make quick cash. Research from Gallagher found that threat actors attacked UK local authorities more than 800 times an hour last year.

Advanced ransomware attacks are now increasingly targeting the public sector and aim to widely lock systems and cripple services so that they can command a more lucrative payout. In recent years these attacks have become more sophisticated and problematic to detect. Perpetrators are now seeking to optimise their chances of success by first infiltrating the network then pinpointing the most valuable assets to encrypt.

Criminals bank on the idea that local governmental bodies will quickly pay a ransom demand to unlock their systems because the public depends on them for essential municipal services. It is worth noting that even when paying a ransom, there is no guarantee that they can recover data or that these or other criminals will not strike again.

Dangerous deception

One of the reasons these major attacks keep occurring is that the majority of cyber attackers use deception as a powerful tool for gaining advantage over their victims. Phishing emails purporting to come from known contacts account for more than 80% of reported security incidents, according to CSO Online. A threat actor only needs to fool one employee into clicking a link to gain initial access to an internal system. Criminals will then leverage various other attack techniques to evade security measures such as antivirus. These deceptions often involve stealing employee credentials so that they can log into systems as legitimate users.

However, while deception has always been one of the most powerful resources in an attacker’s tool kit, it can be equally useful for defence. Organisations can lay deceptive traps, bait, and misdirections of their own for cyber attackers that breach their network, deflecting them away from the real assets and crucially delaying or even entirely derailing their attack.

The defenders achieve this by creating traps and lures that resemble genuine files, systems, and credentials that an attacker is likely to seek out. Advanced deceptions go so far as being able to hide and deny access to production assets such as Active Directory, files, folders, and mapped network and cloud shares. Whether the attacker has infiltrated the network to steal data, implant ransomware, or tamper with critical device operations the minute they interact with any of these false assets, the security team gets an alert and activates incident response. Additionally, since deception provides the means to engage an attacker safely, it can gather and analyse extremely valuable information on the attacker’s tools and techniques to fortify defences.

At a basic level, a deceptive defence strategy will buy time to respond and shut down the attack. At a more advanced level, deception can prevent an attack from successfully compromising assets or moving laterally throughout the network to navigate upstream to find their desired target.

While many people see deception as decoys that serve to mimic real assets and attract in-network attackers, deceptive technology can apply to multiple different areas. A particularly effective strategy is to create a decoy Active Directory or to intercept and derail unauthorized queries. A central point for managing user authentication, Active Directory is a prized target for criminals seeking to escalate their attacks and access more of the network. After detecting unauthorised AD access, the system can even give the intruder fake data that will lead them directly into the deception environment for safe observation.

While attackers may eventually realise they have fallen for the deception, the longer this takes, the better. Wasting a cyber criminal’s time and resources on decoys or forcing them to decipher real from fake data will clearly slow an attack, increase the attacker’s cost, and could result in sending them in search of a softer target.

Covering all the bases

The core concept of defence through deception is a versatile strategy that covers a lot of ground. It is particularly useful for local authorities working within a limited budget but still needing to prevent and detect threats early in the attack cycle proactively. By deploying deception on the endpoint and as a fabric across the network, businesses will gain an early warning system. Plus, with the ability to engage an attacker within a decoy, they can obtain valuable attack information, which is particularly useful in helping understand security gaps and notifying security teams when attackers are evading prevention systems.

The number of cyberattacks increased significantly in recent months as attackers exploited organisations left vulnerable by changes made in response to the COVID-19 crisis. Cybercriminals have taken the opportunity to prey on the pandemic-related fears and concerns of remote workers through phishing and other deceptive techniques. Against this mounting threat, it is worthwhile local authorities broadening their approach to cybersecurity, deceiving the deceivers and arming themselves with the visibility to an adversary’s trickery and advancements.

Carolyn Crandall is chief deception officer at Attivo Networks

SIGN UP
For your free daily news bulletin
Highways jobs

Front-End Developer - Learning Platform

Essex County Council
Negotiable
Essex County Council (ECC) is one of the largest and most dynamic local authorities in the UK, serving a population of 2 million residents, and has a England, Essex, Chelmsford
Recuriter: Essex County Council

Personal Advisor - Leaving After Care

Essex County Council
Negotiable
Please note this is a fixed term /secondment opportunity until August 2021. (please discuss with your current manager if you are considering a secondm England, Essex, Colchester
Recuriter: Essex County Council

Personal Advisor - Homelessness

Essex County Council
Negotiable
Please note this is Fixed Term Contract/secondment opportunity until 31st March 2021. (please discuss with your current manager if you are considering England, Essex, Harlow
Recuriter: Essex County Council

Commercial Vehicle Technician

Chelmsford City Council
£30,000 per annum
We are seeking a fully trained HGV technician to work as part of the team who maintain the Council's fleet to the highest standards.  Chelmsford, Essex
Recuriter: Chelmsford City Council

Social Worker - Carer Assessment Team (Fostering)

Barnet London Borough Council
£39,040.00 - £49,950.00 Per Annum
In Barnet we value our Social Care staff and we know that our biggest and most important resource are its workforce. Colindale, London (Greater)
Recuriter: Barnet London Borough Council

Public Property

Latest issue - Public Property News

This issue of Public Property examines how how flexible workspaces can lead the way in regeneration for local authorities, Why local authority intervention is key to successful urban regeneration schemes and if the Government’s challenge of embracing beauty is an opportunity for communities.

The March issue also takes a closer look at Blackburn with Darwen Council's first digital health hub to help people gain control over health and care services.

Register for your free digital issue