NCSC blocked over 600 cyber attacks against UK businesses in 2019

Agency's third annual report highlights ongoing threat of malicious nation-state actors

The UK's national cyber security agency has said it defended against 658 cyber attacks against UK businesses and organisations over the past year.

The figures came as part of the NCSC's annual review, which looked at the organisation's work between 1 September 2018 and 31 August 2019. Since forming in 2016, the latest figures now bring the total number of thwarted attacks against UK targets to 1,800, with a large number of those coming from malicious state actors.

One of its first major projects of 2019 was supporting the joint efforts of the UK and Dutch government's to expose Russia's military intelligence agency, the GRU, which was conducting cyber attacks on political institutions, businesses, media and sporting organisations.

As part of its work, the NCSC said it also took down 177,335 phishing URLs over the last year. As a result, the country's share of visible phishing websites is now down to just 2% as of August 2019.

The agency said it aims to develop, operate and maintain world-class technical security capabilities to counter these threats from the country's most capable adversaries.

"We've made great progress on making the UK safer since launching our world-leading 1.9 billion cyber security strategy in 2015," said Minister for the Cabinet Office Oliver Dowden. "Establishing the NCSC was a key part of this and has played a central role in tackling online threats posed by criminals, hacktivists and hostile nation states."

NCSC chief executive Ciaran Martin said the review "gives a real insight into the breadth of outstanding work done by the NCSC and underlines why we are a world leader in cyber security".

"From handling more than 600 incidents many from hostile nation states to equipping the public with the tools they need to stay safe online, we are employing our expertise on a number of fronts. I am proud to lead this organisation and optimistic that, in a constantly evolving landscape, we can help make this the safest country to live and work online."

Phishing

NCSC took down 177,335 phishing URLs over the course of the year with 62.4% of those removed within 24 hours. As of August 2019, the UK's share of these attacks has been reduced to 2%.

Part of the NCSC's strategy for reducing cyber attacks is realised through its 'Active Cyber Defence (ACD)' initiative that empowers businesses and organisations to take more responsibility with cyber security.

"The ultimate goal for Active Cyber Defence is for there to be fewer cyber attacks in the world, causing less harm," the report said. "It represents a significant step-change in the country's approach to cyber security, because of its voluntary, non-regulatory, non-statutory approach delivered in partnership with central government, local government and business."

In 2016, HMRC was the 16th most targeted organisation in the world for phishing scams, according to the report. In Sept 2019, as a result of ACD services and HMRC's own countermeasures, its ranking had dropped to 126.

Hostile states

Since it formed in 2016, the NCSC says it has handled almost 1,800 cyber attacks with 658 of those taking place between 1 September 2018 to 31 August 2019. It also says that a significant number of these have come from hostile nations state actors, such as Russia, China, Iran and North Korea.

The NCSC said it knows more than ever before about its cyber foes thanks to its network of international partners. Last year, the organisation's CEO Ciaran Martin said that the UK had yet to see any major attack from a state-sponsored actor, but warned that a "category one attack" was coming.

The most famous of these state actors is the group known as APT28, or Fancy Bear, which has been linked to many high profile incidents in recent years, such as the cyber attack on the 2018 Winter Olympics, the massive power outage to the Ukranian city Kiev and most notoriously, it's alleged involvement in the 2016 US presidential elections.

Card Fraud

The NCSC thwarted more than one million cases of suspected payment card fraud in its third year. This was done through 'Operation Haulster' which sought to uncover which payment cards were being targeted by online fraudsters.

"Where payment fraud was historically driven by card cloning, it has since migrated to transactions where the card does not need to be present, such as online purchases," said Caroline Hermon, head of AI at SAS UK & Ireland. "While it is true that this provides the customer with a more seamless experience, it also aids fraudsters by helping them access funds through illicit transactions and gives banks less time to detect fraudulent activity."

Featured Resources

BIOS security: The next frontier for endpoint protection

Today’s threats upend traditional security measures

Download now

The role of modern storage in a multi-cloud future

Research exploring the impact of modern storage in defining cloud success

Download now

Enterprise data protection: A four-step plan

An interactive buyers’ guide and checklist

Download now

The total economic impact of Adobe Sign

Cost savings and business benefits enabled by Adobe Sign

Download now

Recommended

8 of the most secure web browsers
web browser

8 of the most secure web browsers

25 Sep 2020
Your essential guide to internet security
Security

Your essential guide to internet security

23 Sep 2020
How to enable private browsing on any device
privacy

How to enable private browsing on any device

22 Sep 2020
Third-party apps are tracking your WhatsApp activity
social media

Third-party apps are tracking your WhatsApp activity

21 Sep 2020

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
The Xbox Series X shows how far the cloud still has to go
Cloud

The Xbox Series X shows how far the cloud still has to go

25 Sep 2020