NCSC Tackles 10 Attacks on Government Per Week

Written by

The UK’s National Cyber Security Centre (NCSC) has blocked more than 10 cyber-attacks per week in its first two years of operation, blaming nation states for the majority of incidents.

The government body was spun out of GCHQ in 2016 with a goal of making the UK one of the safest places to live and work online.

Since then, it has dealt with 1100 attacks and helped central and local government become more resilient via its Active Cyber Defence (ACD) strategy.

The idea here is to employ simple-to-use, tried-and-tested online tools and techniques to mitigate the risk from high volume, commodity attacks like phishing.

The strategy has seen remarkable success over the past year.

Thanks to a Web Check service, public sector bodies have identified over 2,300 urgent vulnerabilities to fix, with all local authorities in England, Wales and Scotland signing up.

Meanwhile, a Protective DNS service blocks malicious sites from being accessed by government staff and notifies managers of any issues that need fixing. It has apparently now detected and blocked attempts to access over 30 million malicious websites.

A Takedown Service has also been successful, removing over 138,000 phishing sites hosted in the UK and a further 14,116 worldwide spoofing the government.  

The NCSC claimed that thanks to these efforts the UK’s share of visible global phishing attacks has roughly halved, from 5.3% in June 2016 to 2.4% in July 2018.

Finally, a Mail Check service using DMARC has helped government bodies to authenticate the emails they send so that receivers can spot more easily if they are genuine or fake.

From a figure of just over 200 in September 2017, nearly 900 government domains now use DMARC.

“You don’t need to beat cybercrime — and it would be unrealistic to think we could,” argued NCSC technical director, Ian Levy. “But we do want to make it as hard as possible and that means making it as unprofitable and risky as we can for cyber-criminals to act in the UK.”

Elsewhere, NCSC CEO, Ciaran Martin, claimed most of the attacks it has had to tackle over the past two years have come from nation states. He has been vocal in the past at calling out Russian attempts to infiltrate critical national infrastructure and destabilize the geopolitical system.

“We are calling out unacceptable behavior by hostile states and giving our businesses the specific information they need to defend themselves. We are improving our critical systems. We are helping to make using the Internet automatically safer,” he said in a statement.

“As we move into our third year, a major focus of our work will be providing every citizen with the tools they need to keep them safe online. I’m confident that the NCSC will continue to provide the best line of defense in the world to help the UK thrive in the digital age.”

Talal Rajab, head of cyber and national security at techUK, welcomed the NCSC’s contribution over the past two years.

“This report documents a vast body of work that has been undertaken including incident response, active cyber-defense, skills and education, industry engagement and protecting CNI,” he added.

“The NCSC is a leader in all of these, working with partners across industry to deliver a world leading cyber-capabilities in the UK. TechUK has been delighted to support these initiatives and is looking forward to increased engagement with the NCSC over the next year.”

What’s hot on Infosecurity Magazine?