Malicious UK Website Takedowns Surge 15-Fold in 2020

Written by

The UK authorities took down over 700,000 malicious and phishing sites last year, a huge increase from 2019, according to the National Cyber Security Centre (NCSC).

The GCHQ body revealed the figures in its annual Active Cyber Defence (ACD) report. ACD is the NCSC’s four-year-old strategy to protect the public sector and, where possible, a broader audience.

It does so via a toolkit of around 14 initiatives, headed by the Takedown Service, which involves finding and removing malicious websites from the internet.

As well as 700,000+ websites, the service removed 1.4 million malicious URLs. Although COVID-19 scams surged in 2020, the NCSC said that the 15-fold increase in the volume of sites taken down was due to an expansion of the service, which saw it invest in a wider set of measures to address “different categories of campaigns.”

Among the institutions protected by the ACD last year was the NHS. The NCSC claimed to have detected and blocked 122 phishing campaigns spoofing the health service, up from just 36 in 2019. This included fake vaccine lures and over 40 malicious apps masquerading as official titles such as NHS Test and Trace in third-party app stores.

Also spoofed was the TV Licensing agency, which was hit by a surge of scam emails in July 2020 when entitlements for pensioners changed, and tax office the HMRC, which was the most phished brand last year.

Overall, more than 11,000 government-themed phishing campaigns were taken down — more than double the 2019 figure.

Meanwhile, the Suspicious Email Reporting Service, only launched in April 2020, received nearly four million reports by the end of the year, leading to the removal of over 26,000 scams not previously identified by the Takedown Service.

NCSC technical director, Ian Levy, said the ACD was made possible through partnerships at home and abroad.

“This has never been more important than in the last year, where it was vital for us to do everything we could to protect our most critical services and the wider public during the pandemic,” he added.

“The bold defensive approach taken by the ACD program continues to ensure our national resilience and so I urge public bodies, companies and the general public to sign up to the services available to help everyone stay safe online.”

The full ACD report is available to read here.

What’s hot on Infosecurity Magazine?