UK council yanks IT systems and phone lines offline following cyber ambush

Re: One has to ask whether councils are specifically targeted in advance

Possibly. It depends who's behind the attack. If I was a criminal opportunist then I'd sneak in wherever I saw an opening. If I was the kind of aggressive nation state who liked to try and interfere in another country's elections then I'd definitely be targeting councils in order to disrupt services, cost money and sow much dissatisfaction among the populace. I understand it's known as hybrid warfare.

Re: "Cyberattacks happen a lot, they happen to councils a lot,"

We do IT for a few local authorities and I think one of the stipulations is to publicly advertise all staff/councillors details openly on their website. This makes spear phishing rather easy as they already have the e-mail address, first/second name of most of their targets before they even begin. It's far from ideal so they have to run an extremely tight ship. Most of the ones we look after are <25 seats, so fairly easy to secure the lot but the bigger ones could be a logistical nightmare I'd imagine.

Re: "Cyberattacks happen a lot, they happen to councils a lot,"

"the recognised poverty of most UK councils"

"Poverty" is relative. Some may have effectively gone bankrupt and others may be close to it, but the annual budget is still a Very Large Number in most cases.

Birmingham, as a current example, may be effectively bust and in special measure, but the annual budget is still over £3B. To a ransomeware crim, that's still a juicy target.

Likewise, Leicester City Council has an annual budget in the region of £500m, so to ransomware scum, also a juicy target for a $million or so, even though local councils, especially now, are at best breaking even and have no spare cash.

Re: "Cyberattacks happen a lot, they happen to councils a lot,"

It’s terrifying that the moron masses are allowed anywhere near a computer.

How many idiots are there right now, dangerously close to a keyboard?

Most people, and I do mean the majority, have no bloody clue how most of the things they take for granted work.

Lets face it, IF councils even have an IT department, chances are high, its just some MSP doing a piss poor job

Re: "Cyberattacks happen a lot, they happen to councils a lot,"

Speaking with my sister in law recently who is an NHS psychologist. We got onto talking about IT security when she was telling me about a recent NHS breach. She was amazed when I told her I had been using MFA for at least 10 years as people I have worked for have had a security focus. They have only rolled it out where she works in the last few weeks.

Re: "Cyberattacks happen a lot, they happen to councils a lot,"

The deliberate approach will typically have a motive beyond cash. The ability to carry one out is only constrained by the intelligence that you can gather. If you WANT to get into something, you probably can, if sufficiently determined.

Whereas the blanket approach and take-what-you-can-get, typical of most ransomware outfits, they just plain don't care who the target is. The disruption caused might be a "bonus" for the group, and, as was the case with the NHS hit a significant backfire for the ransomers - not because of the negative PR for them - but rather the attention it drew to (attempting) to beef up security.

30 years hard fought experience says that practically everything going connected is the biggest mistake of all. There's a place for it, but any form of Automation, PLC's. etc - I'd rather not have the personnel and physical security barriers be the line of defence not some software that can and will be bypassed by the determined.

Re: "Cyberattacks happen a lot, they happen to councils a lot,"

Councils are reletively big organisations so many users to choose from. They have a wide range of contacts and the subject matters of contacts are huge. they must receive email from teh public which means it's difficult to screen.

On top of that most councils workers these days are overworked covering 2-4 jobs that were previously done by other people.

Training budgets are generally zero, and IT budgets have been cut beyond bare minimum.

On top of that you have to deal with elected members who will ignore training requests and click on anything (I dealt with incidents caused by elected members falling for the exactly the same scam email 3x over and still they would refuse to do training).

And you also have disgruntled staff who are unfit to work anywhere else but too difficult to sack that will click on phish just out of malicious delight.

And if you're in Scotland you'll deal with teachers (who make the behaviour of elected members seem a minor irritation, since they will preach physical child safety till they are blue in the face then in the same rage filled breath demand to transfer all kids data to a Russian Paedophile because they simply must have access to the app du-jour or the children will all be academically destitute).

I don't miss it much

My sympathies to public sector cyber pros that haven't yet left through some deluded sense of loyalty. You work too hard, have rediculous levels of responsibility and are paid far too little.

Re: "Cyberattacks happen a lot, they happen to councils a lot,"

> the recognised poverty of most UK councils (making them a poor target of target)

Their resources may be stretched thin to provide their services but councils routinely handle vast sums of cash, tens or hundreds of millions.

Re: Managed Service Success Story stabalising the home Office's digital applications

That first link is just part of the insanity of the Public Sector. The amount of information that is available directly or via vexatious FOIA requests is bonkers.

I have been on the receiving end of some of these with requests down to serial numbers of equipment.

No private sector company would ever make that available.

Re: Ah, the good old UK public sector!

I was contacted about a job at a London council recently doing M365 migration. I have 25 years of AD and Exchange, 10 of 365 and many successful migrations under the belt, but at the salary on offer of £45-50k they're not going to get the best.

Re: Ah, the good old UK public sector!

re "incompetent IT staff", etc.

Been there - done that. It's far more nuanced than just Idiots-work-for-the-council. It's basically a Kafka-nightmare in miniature, played out by the characters from Gormenghast.

The staffers are not typically incompetent at all. Not necessarily the top 10%, but certainly more than capable of keeping the IT lights on.

It's the layers and layers of middle management who bog everything down. That's where the "couldn't get a proper job in the real world" individuals are to be found. Too many decisions made at that level are self-serving and fly in the interests of the tax-payer.

Add to that the senior management, who, like CEOs everywhere, spunk too much money on their pet vanity project, but then leave before it gets finished, only to get replaced by a looky-likey clone with another totally different vision that requires a complete U-turn.

And then you have the tendering and procurement processes that effectively guarantee that all promising and well-intentioned initiatives get compromised to the point of being unrecognisable.

Re: Ah, the good old UK public sector!

I worked for a council, for a few months between "real" jobs. If they paid worth a damn they might keep the better people.

Re: Ah, the good old UK public sector!

I think you'll find they employ plenty of private sector consultants too.

Re: Ah, the good old UK public sector!

A few years ago my council got infected. Nothing clever, someone in a small remote office like parks and recreation plugged in an infected USB stick and EVERYTHING was infected, all the servers right down to the Cisco CallMangler, so along with no systems they had no phones for three weeks. Because they didn't have even the simplest network segmentation.

But who to blame? Likely not a senior network engineer, who probably told his boss then needed £25k to upgrade the firewalls but the boss had spent the last £25k of his budget buying top-of-the-range laptops and iPhones for the councillors who would be doing his pay review. Or perhaps the culture was that the engineer was too scared to press the subject for fear for his own job (and nice final salary pension)? Who knows? The remediation of course was to hire HPE or the like for £000ks to audit, recommend and upgrade.

Some years later that same council won the Private Eye 'Rotten Boroughs' award, also coming runner up the following year.

Re: Keep your key services inaccessible to the internet.

That does not work when everyone demands everything be available online.

"Until people who click the links are fired, this will continue to happen"

Or, preferably, technological means are employed to prevent malicious links being active before they get presented to users, who can not reasonably be expected to discriminate between legitimate and malicious links on sight.

Quite apart from which, punitive regimes such as dismissal for mistakes don't prevent accidents of this kind happening, as the next person appointed is just as likely to make a similar mistake if left unaided by proper controls. The culture of fear such regimes generate also results in people who make mistakes concealing them, which helps nobody.

Re: Jumping to conclusions

Except of course LCC have already stated on Monday that they are working with “cyber security and law enforcement partners” so nobody is jumping to conclusions.....