Two years since its launch and the UK’s National Cyber Security Centre (NCSC) has dealt with more than ten cyber attacks a week, including 557 in the last 12 months, mostly carried out by hostile foreign states.
According to its second annual review, published on Tuesday, the NCSC chief executive officer Ciaran Martin warned that the UK will be the victim of a “category one” cyber assault, highlighting Russia as one of the states most likely to launch an attack.
Martin said: “I’m extremely proud that the NCSC is strengthening the UK’s defences against those who seek to harm us online.
“We are calling out unacceptable behaviour by hostile states and giving our business the specific information they need to defend themselves. We are improving our critical systems. We are helping to make using the internet automatically safer.
“As we move into our third year, a major focus of our work will be providing every citizen with the tools they need to keep them safe online. I’m confident that the NCSC will continue to provide the best line of defence in the world to help the UK thrive in the digital age.
The organisation’s Active Cyber Defence (ACD) service, launched in 2017, has reduced the UK’s share of visible global phishing attacks, from 5.3 per cent to 2.4 per cent in the period between June 2016 and July 2018. It has also removed 138,398 phishing sites hosted in the UK.
The NCSC, which is part of the GCHQ intelligence agency, removed a further 14,116 worldwide sites spoofing the UK government.
In the centre’s first podcast, released as part of its second annual review, Adrian Searle – the head of incident management – said “most of the state cyber activity has developed an increased profile this year” and that “what might surprise people is the number of hostile states involved”.
Searle added: “We are currently investigating over 100 groups… we are seeing criminal and state actors working together.
“One of the biggest trends we’ve seen this year has been the increase in the use of ransomware to make money from attacks. This is when users are prevented from accessing their personal files and the attacker demands a ransom payment in order to regain access.
“We’ve also seen a growth in crypto-mining, where attackers effectively piggyback from another computer’s processing power to look for and confirm cryptocurrency transactions we are seeing a rise in that because adversaries realise there’s an increased use of electronic currencies that they can make money from.”