Carolyn Crandall 15 July 2020

How councils can use deception to fight cybercrime

Many cybercriminals are opportunists and take the path of least resistance, aiming at targets that will enable them to make a quick profit with the least effort. Unfortunately, local government authorities are often precisely the kind of target these criminals seek.

Threat actors are well aware that local authorities have vast stores of valuable data such as personal and financial details of residents. At the same time, they generally lack the budgets and resources of their counterparts in the central government, making them an ideal mark for a criminal looking to make quick cash. Research from Gallagher found that threat actors attacked UK local authorities more than 800 times an hour last year.

Advanced ransomware attacks are now increasingly targeting the public sector and aim to widely lock systems and cripple services so that they can command a more lucrative payout. In recent years these attacks have become more sophisticated and problematic to detect. Perpetrators are now seeking to optimise their chances of success by first infiltrating the network then pinpointing the most valuable assets to encrypt.

Criminals bank on the idea that local governmental bodies will quickly pay a ransom demand to unlock their systems because the public depends on them for essential municipal services. It is worth noting that even when paying a ransom, there is no guarantee that they can recover data or that these or other criminals will not strike again.

Dangerous deception

One of the reasons these major attacks keep occurring is that the majority of cyber attackers use deception as a powerful tool for gaining advantage over their victims. Phishing emails purporting to come from known contacts account for more than 80% of reported security incidents, according to CSO Online. A threat actor only needs to fool one employee into clicking a link to gain initial access to an internal system. Criminals will then leverage various other attack techniques to evade security measures such as antivirus. These deceptions often involve stealing employee credentials so that they can log into systems as legitimate users.

However, while deception has always been one of the most powerful resources in an attacker’s tool kit, it can be equally useful for defence. Organisations can lay deceptive traps, bait, and misdirections of their own for cyber attackers that breach their network, deflecting them away from the real assets and crucially delaying or even entirely derailing their attack.

The defenders achieve this by creating traps and lures that resemble genuine files, systems, and credentials that an attacker is likely to seek out. Advanced deceptions go so far as being able to hide and deny access to production assets such as Active Directory, files, folders, and mapped network and cloud shares. Whether the attacker has infiltrated the network to steal data, implant ransomware, or tamper with critical device operations the minute they interact with any of these false assets, the security team gets an alert and activates incident response. Additionally, since deception provides the means to engage an attacker safely, it can gather and analyse extremely valuable information on the attacker’s tools and techniques to fortify defences.

At a basic level, a deceptive defence strategy will buy time to respond and shut down the attack. At a more advanced level, deception can prevent an attack from successfully compromising assets or moving laterally throughout the network to navigate upstream to find their desired target.

While many people see deception as decoys that serve to mimic real assets and attract in-network attackers, deceptive technology can apply to multiple different areas. A particularly effective strategy is to create a decoy Active Directory or to intercept and derail unauthorized queries. A central point for managing user authentication, Active Directory is a prized target for criminals seeking to escalate their attacks and access more of the network. After detecting unauthorised AD access, the system can even give the intruder fake data that will lead them directly into the deception environment for safe observation.

While attackers may eventually realise they have fallen for the deception, the longer this takes, the better. Wasting a cyber criminal’s time and resources on decoys or forcing them to decipher real from fake data will clearly slow an attack, increase the attacker’s cost, and could result in sending them in search of a softer target.

Covering all the bases

The core concept of defence through deception is a versatile strategy that covers a lot of ground. It is particularly useful for local authorities working within a limited budget but still needing to prevent and detect threats early in the attack cycle proactively. By deploying deception on the endpoint and as a fabric across the network, businesses will gain an early warning system. Plus, with the ability to engage an attacker within a decoy, they can obtain valuable attack information, which is particularly useful in helping understand security gaps and notifying security teams when attackers are evading prevention systems.

The number of cyberattacks increased significantly in recent months as attackers exploited organisations left vulnerable by changes made in response to the COVID-19 crisis. Cybercriminals have taken the opportunity to prey on the pandemic-related fears and concerns of remote workers through phishing and other deceptive techniques. Against this mounting threat, it is worthwhile local authorities broadening their approach to cybersecurity, deceiving the deceivers and arming themselves with the visibility to an adversary’s trickery and advancements.

Carolyn Crandall is chief deception officer at Attivo Networks

For your free daily news bulletin
Highways jobs

Business Support Apprentice

Essex County Council
Up to £10187 per annum
Business Support ApprenticeFixed Term, Full Time£10,187 per annum rising to £20,104 per annum on the second year Location
Recuriter: Essex County Council

Director of Safeguarding and Support

Swindon Borough Council
£95,171 (spot salary)
Improving outcomes for our children and young people in Swindon... Swindon, Wiltshire
Recuriter: Swindon Borough Council

Principal Social Worker / Care Manager - Northampton Central, North and East

West Northamptonshire Council
£40316 - £43675
What will you be doing? As a champion of social work, you’ll lead by example, using your skills to encourage a culture of innovation, reflection and learning within the service, using practice evaluations and learning reviews to inform this work. The ex Northampton
Recuriter: West Northamptonshire Council

Data Officer - 18 month Fixed Term Contract

Essex County Council
£22361 - £24527 per annum + + 26 Days Leave & Defined Benefit Pension
Data OfficerFixed Term - 18 months duration, Full Time - 37 Hours Per WeekUp to £24,527 per annumLocation
Recuriter: Essex County Council

Customer Service Assistant

Essex County Council
Up to £22361 per annum
Customer Service AssistantPermanent, Part TimeUp to £22,361 per annum (FTE)Location
Recuriter: Essex County Council
Linkedin Banner

Partner Content

Circular highways is a necessity not an aspiration – and it’s within our grasp

Shell is helping power the journey towards a circular paving industry with Shell Bitumen LT R, a new product for roads that uses plastics destined for landfill as part of the additives to make the bitumen.

Support from Effective Energy Group for Local Authorities to Deliver £430m Sustainable Warmth Funded Energy Efficiency Projects

Effective Energy Group is now offering its support to the 40 Local Authorities who have received a share of the £430m to deliver their projects on the ground by surveying properties and installing measures.

Pay.UK – the next step in Bacs’ evolution

Dougie Belmore explains how one of the main interfaces between you and Bacs is about to change.