Skip to main content

Intelligence campaigns in the digital realms

Periodic Reporting for period 1 - COUNTERCRAFT (Intelligence campaigns in the digital realms)

Reporting period: 2017-09-01 to 2018-08-31

The main objective of CounterCraft project is to accelerate the introduction of the first EU deception tool capable of detecting advanced targeted cyber-attacks, obstructing the actions of attackers and obtaining the maximum amount of information from them by successfully designing, deploying, monitoring and managing Counterintelligence Campaigns.

The introduction to the market of CounterCraft’s tool will lead to the achievement of the following SPECIFIC OBJECTIVES:
• To integrate the product with customers’ security strategies by developing a comprehensive set of procedures to identify the suitable response action to each potential event identified for each vertical and to allow the integration of the product with existing security technology by developing a software module which allow the exchange of information with other security products
• To permit the integration of the product with existing security technology being capable of interacting with other security software enhancing the overall performance of the security system.
• To allow the adaptation of mobile devices and alternative operating systems, the delusion will be based in any type of equipment creating a more plausible deception.
• To increase the effectiveness of the product by including advanced features regarding response, coverage and plausibility.
• To provide to the customer legal assurance regarding the actions which can be carried in different countries.

COUNTERCRAFT designs and builds counterintelligence campaigns to protect key data and infrastructure. It provides a wide range of deployable assets to create personalised deception campaigns where customers can deploy them easily with only one button. They can also monitor and manage incidents in real-time when adversaries have penetrated at organisation’s defences, allowing them to react to threats when they have been detected with automated and manual responses. Customers can run Deception Operations to manipulate adversaries’ path through the kill chain and redirect then away from valuable information and assets.

Thanks to this project COUNTERCRAFT has several features that correspond with the user benefits comparing the tool with other approaches:
• Active defence: identifying the attackers and their intentions, looking for human mistakes and counter attacking to the attacker.
• Plausibility: creating content which seems to have been generated by humans and closely modelled on the content available on other “real” systems in the organisation or real machines using to deploy decoys and breadcrumbs to monitor the attackers without their knowledge.
• Coverage: leaving breadcrumbs all over the system pointing to decoy servers, which increase the detection rate of attackers.
• Interoperability: integrating the tool via API and SDK enhancing existing systems via API exports.
During the first year of the Project, COUNTERCRAFT have finished the most important goals for this period:
• WP1: This Work Package has already finished according to the project time schedule. The integration with the security lifecycle of organisations is now much easier thanks to the job done in this WP.
• WP2: The adaptation of major versions of Windows and Linux has been already implemented and currently the company is working in the adaptation to other mobile Operating Systems.
• WP3: COUNTERCRAFT has completed the most urgent task for its global and full commercialization and expansion, which is to assure that COUNTERCRAFT complies with the General Data Protection Regulation (GDPR) legislation inside and outside Europe. The rest of the activities within this WP3 progress according to the plan
• WP4: In this sense, CounterCraft has engaged several stakeholders in different vertical sectors to validate the tool in different environments and develop several trials and tests. The results of these pilots will be available in the next period.
• WP5: Foreseen activities in WP5 regarding commercialization and diffusion activities have just only begun and are already having a great impact. COUNTERCRAFT has assisted a total of 21 workshops, trade fairs and conferences. Furthermore, Business Plan is a living document and it has already been updated during this first reporting period and it is foreseen that will be updated during the second period.
• WP6: Several management activities have been started. In this sense, the Project Management Handbook (a complete management guide of the project regarding administrative, financial, quality and operating procedures to assure the success of COUNTERCRAFT project) has been already launched. The rest of activities are running as foreseen.
According to the Work Programme here are several recent and relevant demonstrations of the threat that current cyber security weakness poses to Critical Infrastructures and to national security worldwide.

Currently companies can no longer afford to concentrate all of their resources on firewalls and first line of defence systems. They also need to incorporate “internally focused” solutions such as deception technologies to help identify a criminal while in attack mode. Deception technologies are markedly different from traditional cyber security appliance and architectural solutions, taking a proactive stance and trying to catch cybercriminals in the act. This new situation sets the ground for an important business opportunity from which COUNTERCRAFT expects to take advantage thanks to its novel tool COUNTERCRAFT.

The scope of this project is focused on early detection of cyber attacks by a disruptive approach automatically creating, managing and updating decoys, using a vast list of assets which can not be detected by attackers. More over, the solution goals are oriented to support adversary blocking, study and manipulation features, being possible to deploy in local or cloud facilities easily, thanks to the integration with other security applications of the customers base on algorithms associated to the creation of indicators of compromise.

On balance, COUNTERCRAFT is a new cyber deception tool opened to hugely different target markets, where budgets dedicated to security are increasing vastly fast. In a first step, COUNTERCRAFT has focused in the following markets to expand their tool:
• Banking
• Financial Services and Insurance (BSFI)
• Retail
• IT & Telecom
• Critical Infrastructures (Energy & Transport)
• Others (Government Enterprises, Healthcare and Manufacturing Sector)

To conclude and in order to explain the innovation level offered by COUNTERCRAFT, it is important to analyse the main features of the tool, that basically are:
• Active Defence
• Plausibility
• Coverage
• Interoperability

Currently, the best solution to reduce the impact of cyber-attacks on organisation systems and the best way to know the intentions of their attackers is COUNTERCRAFT solutions. It represents a new layer in the cyber defence based in deception thanks to the Counterintelligence campaigns that allow obstruct the actions of the attackers obtaining the maximum amount of information from them.
Cyber Deception platform