NCSC blocks millions of cyber attacks launched against UK

But hackers will respond with fresh ways to target businesses and citizens, body warns

Cyber criminals will change their tactics in response to the National Cyber Security Centre's (NCSC's) success in blocking millions of attacks against UK businesses over the last year, the organisation's director warned today.

In a report entitled Active Cyber Defence - One Year On', the GCHQ-led agency today detailed the success it has had in reducing cybercrime against businesses and citizens since it introduced its four Active Cyber Defence (ACD) programmes a year ago, under the government's National Cyber Security Strategy.

These four programmes are aimed at improving UK security by checking public body websites' security, blocking fake emails, thwarting phishing attacks and stopping public sector bodies' IT systems from landing on malicious websites.

As a result, the UK's share of visible global phishing attacks has almost halved since the measures began a year ago, dropping from 5.3% in June 2016 to 3.1% November 2017, according to the report. The organisation also blocked an average 4.5 million malicious emails per month from reaching users, and carried out more than one million security scans and seven million security tests on public sector websites.

Additionally, the NCSC removed 121,479 UK-hosted phishing sites, 18,067 of which were spoofing UK government services. As a result, the average time it took to take down sites spoofing government services dropped from 42 hours to 10 hours, it said.

ACD has also accommodated for a dramatic drop of scam emails from bogus @gov.uk' accounts, the report said, with a total of 515,658 rejected over the year.

NCSC technical director Ian Levy said: "The ACD programme intends to increase our cyber adversaries' risk and reduces their return on investment to protect the majority of people in the UK from cyber attacks. The results are positive, but there is a lot more work to be done."

However, he warned that the programmes' success will see attackers alter their tactics.

"The successes we have had in our first year will cause attackers to change their behaviour and we will need to adapt," he said. "Our measures seem to already be having a great security benefit - we now need to incentivise others to do similar things to scale up the benefits to best protect the UK from commodity cyberattacks in a measurable way."

The NCSC's report also listed the 10 most-spoofed government departments, revealing that HMRC is the most targeted, with 16,064 fake websites taken down. Also on the list are the DVLA, the Student Loans Company and the Crown Prosecution Service.

The report comes after UK defence secretary Gavin Williamson warned that a cyber attack by Russia could cripple Britain's infrastructure and cause "thousands and thousands and thousands of deaths". The NCSC's head, Ciaran Martin, had earlier claimed that an attack on the UK's energy infrastructure or election process "is a matter of when, not if".

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

The IT Pro Panel
Business strategy

The IT Pro Panel

25 Jan 2021
Global ransom DDoS extortionists are retargeting companies
distributed denial of service (DDOS)

Global ransom DDoS extortionists are retargeting companies

22 Jan 2021
What is ethical AI?
artificial intelligence (AI)

What is ethical AI?

21 Jan 2021
BEC scammers are using Google Forms to identify easy victims
phishing

BEC scammers are using Google Forms to identify easy victims

21 Jan 2021

Most Popular

School laptops sent by government arrive loaded with malware
malware

School laptops sent by government arrive loaded with malware

21 Jan 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

21 Jan 2021
What is the Raspberry Pi Pico?
Hardware

What is the Raspberry Pi Pico?

21 Jan 2021