NCSC blocks millions of cyber attacks launched against UK

But hackers will respond with fresh ways to target businesses and citizens, body warns

Cyber criminals will change their tactics in response to the National Cyber Security Centre's (NCSC's) success in blocking millions of attacks against UK businesses over the last year, the organisation's director warned today.

In a report entitled Active Cyber Defence - One Year On', the GCHQ-led agency today detailed the success it has had in reducing cybercrime against businesses and citizens since it introduced its four Active Cyber Defence (ACD) programmes a year ago, under the government's National Cyber Security Strategy.

These four programmes are aimed at improving UK security by checking public body websites' security, blocking fake emails, thwarting phishing attacks and stopping public sector bodies' IT systems from landing on malicious websites.

As a result, the UK's share of visible global phishing attacks has almost halved since the measures began a year ago, dropping from 5.3% in June 2016 to 3.1% November 2017, according to the report. The organisation also blocked an average 4.5 million malicious emails per month from reaching users, and carried out more than one million security scans and seven million security tests on public sector websites.

Additionally, the NCSC removed 121,479 UK-hosted phishing sites, 18,067 of which were spoofing UK government services. As a result, the average time it took to take down sites spoofing government services dropped from 42 hours to 10 hours, it said.

ACD has also accommodated for a dramatic drop of scam emails from bogus @gov.uk' accounts, the report said, with a total of 515,658 rejected over the year.

NCSC technical director Ian Levy said: "The ACD programme intends to increase our cyber adversaries' risk and reduces their return on investment to protect the majority of people in the UK from cyber attacks. The results are positive, but there is a lot more work to be done."

However, he warned that the programmes' success will see attackers alter their tactics.

"The successes we have had in our first year will cause attackers to change their behaviour and we will need to adapt," he said. "Our measures seem to already be having a great security benefit - we now need to incentivise others to do similar things to scale up the benefits to best protect the UK from commodity cyberattacks in a measurable way."

The NCSC's report also listed the 10 most-spoofed government departments, revealing that HMRC is the most targeted, with 16,064 fake websites taken down. Also on the list are the DVLA, the Student Loans Company and the Crown Prosecution Service.

The report comes after UK defence secretary Gavin Williamson warned that a cyber attack by Russia could cripple Britain's infrastructure and cause "thousands and thousands and thousands of deaths". The NCSC's head, Ciaran Martin, had earlier claimed that an attack on the UK's energy infrastructure or election process "is a matter of when, not if".

Featured Resources

How virtual desktop infrastructure enables digital transformation

Challenges and benefits of VDI

Free download

The Okta digital trust index

Exploring the human edge of trust

Free download

Optimising workload placement in your hybrid cloud

Deliver increased IT agility with the cloud

Free Download

Modernise endpoint protection and leave your legacy challenges behind

The risk of keeping your legacy endpoint security tools

Download now

Recommended

What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

30 Nov 2021
The IT Pro Panel
Business strategy

The IT Pro Panel

29 Nov 2021
A guide to cyber security certification and training
Careers & training

A guide to cyber security certification and training

9 Nov 2021
What is ethical AI?
artificial intelligence (AI)

What is ethical AI?

8 Oct 2021

Most Popular

How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

4 Jan 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

6 Jan 2022
Microsoft Exchange servers break thanks to 'Y2K22' bug
email delivery

Microsoft Exchange servers break thanks to 'Y2K22' bug

4 Jan 2022