The National Cyber Security Centre (NCSC) detected and prevented approximately 54m online commodity attacks – hacks which use relatively simple techniques such as drawing out users’ personal information or exposing vulnerabilities in operating systems and applications – against UK organisations last year.
The government’s official cyber watchdog also took down more than 120,000 fake websites in 2017 as part of its Active Cyber Defence (ACD) programme.
A comprehensive summary, Active Cyber Defence – One Year On, was compiled and released by the NCSC’s technical director Dr Ian Levy on Monday, detailing four pioneering techniques: web check, DMARC, public sector DNS and a takedown service.
The NCSC report claims that the organisation’s methods have led to a 2 per cent reduction in the volume of global “phishing” and “malware” attacks hosted in the UK since the summer of 2016.
On the report’s release, Levy commented: “Through the National Cyber Security Centre, the UK has taken a unique approach that is bold and interventionalist, aiming to make the UK an unattractive target to criminals or nation states.
“The ACD programme intends to increase our cyber adversaries’ risk and reduces their return on investment to protect the majority of people in the UK from cyber attacks.”
He added: “The results we have published today are positive, but there is a lot more work to be done. The successes we have had in our first year will cause attackers to change their behaviour and we will need to adapt.”
While the report does not address severe cyber attacks launched by hostile state actors such as North Korea or Russia, the NCSC said the UK had identified the scale of what it called commodity attacks, everyday threats which caused “the majority of people, the majority of harm”.
The NCSC’s chief executive Ciaran Martin, who claimed last month that it was a case of “when not if” a major cyber attack hit the UK, launched the ACD initiative in September 2016, announcing a strategy to work with internet companies to strengthen their online security.
Spoofing and phishing attacks were noted as the most common type of attack in the UK, wherein people are fooled into handing over their personal details through apparently legitimate emails which allege to be sent from a trusted source.
These types of email usually redirect people to a fake website that then either infects the user’s device or asks them to type in their personal information. With the ACD programme, the NCSC has overseen a drop in scam emails from bogus “@gov.uk” accounts, with a total of 515,658 debunked over the past 12 months. Furthermore, the NCSC has removed 121,479 phishing sites hosted in the UK, and 18,067 spoofing the UK government.
The NCSC said that while there was some crossover between hostile state actors that employed similar tactics, the vast majority of attacks were run by criminal groups who sought to profit from selling on people’s data or accessing their bank accounts.
The NCSC report focuses largely on public sector brands and departments that are among the most commonly used organisations as camouflage by hackers. The NCSC found that HM Revenue & Customs was by far the biggest inspiration for spoof websites, with 16,064 different copycat sites taken down.
But other public bodies such as several UK universities, the DVLA and the BBC were also targeted. According to the NCSC’s report, around 4.5m malicious emails per month on average needed to be blocked by the organisation.