Carolyn Crandall 15 July 2020

How councils can use deception to fight cybercrime

Many cybercriminals are opportunists and take the path of least resistance, aiming at targets that will enable them to make a quick profit with the least effort. Unfortunately, local government authorities are often precisely the kind of target these criminals seek.

Threat actors are well aware that local authorities have vast stores of valuable data such as personal and financial details of residents. At the same time, they generally lack the budgets and resources of their counterparts in the central government, making them an ideal mark for a criminal looking to make quick cash. Research from Gallagher found that threat actors attacked UK local authorities more than 800 times an hour last year.

Advanced ransomware attacks are now increasingly targeting the public sector and aim to widely lock systems and cripple services so that they can command a more lucrative payout. In recent years these attacks have become more sophisticated and problematic to detect. Perpetrators are now seeking to optimise their chances of success by first infiltrating the network then pinpointing the most valuable assets to encrypt.

Criminals bank on the idea that local governmental bodies will quickly pay a ransom demand to unlock their systems because the public depends on them for essential municipal services. It is worth noting that even when paying a ransom, there is no guarantee that they can recover data or that these or other criminals will not strike again.

Dangerous deception

One of the reasons these major attacks keep occurring is that the majority of cyber attackers use deception as a powerful tool for gaining advantage over their victims. Phishing emails purporting to come from known contacts account for more than 80% of reported security incidents, according to CSO Online. A threat actor only needs to fool one employee into clicking a link to gain initial access to an internal system. Criminals will then leverage various other attack techniques to evade security measures such as antivirus. These deceptions often involve stealing employee credentials so that they can log into systems as legitimate users.

However, while deception has always been one of the most powerful resources in an attacker’s tool kit, it can be equally useful for defence. Organisations can lay deceptive traps, bait, and misdirections of their own for cyber attackers that breach their network, deflecting them away from the real assets and crucially delaying or even entirely derailing their attack.

The defenders achieve this by creating traps and lures that resemble genuine files, systems, and credentials that an attacker is likely to seek out. Advanced deceptions go so far as being able to hide and deny access to production assets such as Active Directory, files, folders, and mapped network and cloud shares. Whether the attacker has infiltrated the network to steal data, implant ransomware, or tamper with critical device operations the minute they interact with any of these false assets, the security team gets an alert and activates incident response. Additionally, since deception provides the means to engage an attacker safely, it can gather and analyse extremely valuable information on the attacker’s tools and techniques to fortify defences.

At a basic level, a deceptive defence strategy will buy time to respond and shut down the attack. At a more advanced level, deception can prevent an attack from successfully compromising assets or moving laterally throughout the network to navigate upstream to find their desired target.

While many people see deception as decoys that serve to mimic real assets and attract in-network attackers, deceptive technology can apply to multiple different areas. A particularly effective strategy is to create a decoy Active Directory or to intercept and derail unauthorized queries. A central point for managing user authentication, Active Directory is a prized target for criminals seeking to escalate their attacks and access more of the network. After detecting unauthorised AD access, the system can even give the intruder fake data that will lead them directly into the deception environment for safe observation.

While attackers may eventually realise they have fallen for the deception, the longer this takes, the better. Wasting a cyber criminal’s time and resources on decoys or forcing them to decipher real from fake data will clearly slow an attack, increase the attacker’s cost, and could result in sending them in search of a softer target.

Covering all the bases

The core concept of defence through deception is a versatile strategy that covers a lot of ground. It is particularly useful for local authorities working within a limited budget but still needing to prevent and detect threats early in the attack cycle proactively. By deploying deception on the endpoint and as a fabric across the network, businesses will gain an early warning system. Plus, with the ability to engage an attacker within a decoy, they can obtain valuable attack information, which is particularly useful in helping understand security gaps and notifying security teams when attackers are evading prevention systems.

The number of cyberattacks increased significantly in recent months as attackers exploited organisations left vulnerable by changes made in response to the COVID-19 crisis. Cybercriminals have taken the opportunity to prey on the pandemic-related fears and concerns of remote workers through phishing and other deceptive techniques. Against this mounting threat, it is worthwhile local authorities broadening their approach to cybersecurity, deceiving the deceivers and arming themselves with the visibility to an adversary’s trickery and advancements.

Carolyn Crandall is chief deception officer at Attivo Networks

For your free daily news bulletin
Highways jobs

Travel Information Data Technician

Essex County Council
Up to £25581 per annum
This is an exciting opportunity to work across all aspects of the Integrated Passenger Transport Unit (IPTU). Working with a passionate and dedicated England, Essex, Chelmsford
Recuriter: Essex County Council

Planning Strategy & Implementation Manager

Essex County Council
£57621 - £61410 per annum
Planning Strategy & Implementation Manager Permanent, Full Time £57,621 to £61,410 per annum Location
Recuriter: Essex County Council

Senior Accountant

Telford & Wrekin Council
£39,571 - £42,614
Are you a qualified Accountant looking to take the next step in your career? Telford, Shropshire
Recuriter: Telford & Wrekin Council

Family Assessment Worker

Telford & Wrekin Council
£25,419 to £27,514
We have a great opportunity for a full time Family Assessment Worker in the Parenting Assessment Team. Telford, Shropshire
Recuriter: Telford & Wrekin Council

Neighbourhood Enforcement Officer

Telford & Wrekin Council
£23,023 - £24,920
The post holder will tackle environmental crimes and unlawful parking. Telford, Shropshire
Recuriter: Telford & Wrekin Council

Partner Content

Circular highways is a necessity not an aspiration – and it’s within our grasp

Shell is helping power the journey towards a circular paving industry with Shell Bitumen LT R, a new product for roads that uses plastics destined for landfill as part of the additives to make the bitumen.

Support from Effective Energy Group for Local Authorities to Deliver £430m Sustainable Warmth Funded Energy Efficiency Projects

Effective Energy Group is now offering its support to the 40 Local Authorities who have received a share of the £430m to deliver their projects on the ground by surveying properties and installing measures.

Pay.UK – the next step in Bacs’ evolution

Dougie Belmore explains how one of the main interfaces between you and Bacs is about to change.