Show Hide image

National Cyber Security Centre says it has prevented 54m attacks in a year

GCHQ cyber security experts have blocked millions of emails that spoofed government addresses.

The National Cyber Security Centre (NCSC) detected and prevented approximately 54m online commodity attacks – hacks which use relatively simple techniques such as drawing out users’ personal information or exposing  vulnerabilities in operating systems and applications – against UK organisations last year.

The government’s official cyber watchdog also took down more than 120,000 fake websites in 2017 as part of its Active Cyber Defence (ACD) programme.

A comprehensive summary, Active Cyber Defence – One Year On, was compiled and released by the NCSC’s technical director Dr Ian Levy on Monday, detailing four pioneering techniques: web check, DMARC, public sector DNS and a takedown service.

The NCSC report claims that the organisation’s methods have led to a 2 per cent reduction in the volume of global “phishing” and “malware” attacks hosted in the UK since the summer of 2016.

On the report’s release, Levy commented: “Through the National Cyber Security Centre, the UK has taken a unique approach that is bold and interventionalist, aiming to make the UK an unattractive target to criminals or nation states.

“The ACD programme intends to increase our cyber adversaries’ risk and reduces their return on investment to protect the majority of people in the UK from cyber attacks.”

He added: “The results we have published today are positive, but there is a lot more work to be done. The successes we have had in our first year will cause attackers to change their behaviour and we will need to adapt.”

While the report does not address severe cyber attacks launched by hostile state actors such as North Korea or Russia, the NCSC said the UK had identified the scale of what it called commodity attacks, everyday threats which caused “the majority of people, the majority of harm”.

The NCSC’s chief executive Ciaran Martin, who claimed last month that it was a case of “when not if” a major cyber attack hit the UK, launched the ACD initiative in September 2016, announcing a strategy to work with internet companies to strengthen their online security.

Spoofing and phishing attacks were noted as the most common type of attack in the UK, wherein people are fooled into handing over their personal details through apparently legitimate emails which allege to be sent from a trusted source.

These types of email usually redirect people to a fake website that then either infects the user’s device or asks them to type in their personal information. With the ACD programme, the NCSC has overseen a drop in scam emails from bogus “@gov.uk” accounts, with a total of 515,658 debunked over the past 12 months. Furthermore, the NCSC has removed 121,479 phishing sites hosted in the UK, and 18,067 spoofing the UK government.

The NCSC said that while there was some crossover between hostile state actors that employed similar tactics, the vast majority of attacks were run by criminal groups who sought to profit from selling on people’s data or accessing their bank accounts.

The NCSC report focuses largely on public sector brands and departments that are among the most commonly used organisations as camouflage by hackers. The NCSC found that HM Revenue & Customs was by far the biggest inspiration for spoof websites, with 16,064 different copycat sites taken down.

But other public bodies such as several UK universities, the DVLA and the BBC were also targeted. According to the NCSC’s report, around 4.5m malicious emails per month on average needed to be blocked by the organisation.

Rohan Banerjee is a Special Projects Writer at the New Statesman. He co-hosts the No Country For Brown Men podcast.

Show Hide image

The UK is prepared for the international cyber threat

The Secretary of State explains how the UK is shoring up its defences, and working with other nations to meet the challenges of the digital age.

In the past three years as Defence Secretary, I’ve been confronted by a swathe of complex challenges. Yet whether the danger comes from state aggressors, rogue states or non-state actors, it’s striking how often cyber is now their weapon of choice. And there’s a very good reason we now regard cyber as a Tier One threat – up there with natural disasters and terror. Virtual attacks have real consequences. We’ve seen Daesh using online tools to recruit followers and spread murderous propaganda. We’ve seen Russia using an army of social media bots to steadily drip-feed fake news and disinformation to the West, poisoning public trust. And North Korea’s fingerprints appear to be on numerous high-profile cyber strikes.

This year alone Parliament has been hacked and the WannaCry virus has shut down NHS operating theatres, as well as affecting more than 200,000 people worldwide. The consequences for the military are equally significant; it has been claimed Russia used malware to track and target Ukrainian artillery which illustrates how cyber can directly impair military capability. While big set-piece attacks are devastating, lower-level activity is costing business billions, undermining democracy and putting us all at risk.

In recent years we’ve seen our cyber adversaries multiply, attracted by the anonymous and ambiguous nature of the medium. It’s no longer the usual suspects; now any loner with a laptop and a grudge can cause chaos. That’s why the UK is taking action. We’re investing £1.9bn to strengthen our cyber security capability. This month we marked the first anniversary of the National Cyber Security Centre – bringing together some of the best cyber security brains from across government and the country. In the past year it has responded to nearly 600 significant incidents requiring a national, coordinated response. Defence is at the forefront of our response which incorporates three key elements.

Firstly, it’s about creating better resilience. We’re making sure our latest fifth-generation kit, from F35 to future frigates, Ajax Armoured Vehicles to drones, is packed with information sensors that can gather millions of bytes of data per second, to detect cyber intrusions and respond appropriately. We’ve also set up the Defence Cyber Partnership Programme ensuring companies with whom we’ve placed defence contracts are properly protected and meeting a host of security standards.

Secondly, we’re recruiting the best and brightest cyber talent. We’ve got cyber reservists from industry and academia putting their high-tech skills at the service of the nation by weeding out network vulnerabilities. We’re also building up a new 21st century Cyber Corps. This team of expert volunteers and captains of industry will advise us how to generate the disruptive capability needed, in everything from big data to autonomy, to keep us ahead in the cyber space race. Cyber is now a core part of our military training. In a few months’ time we will open a dedicated state-of-the-art Defence Cyber School at Shrivenham, bringing together all of our military joint cyber training into one place.

But, as RAF Second World War hero Air Vice-Marshal ‘Johnnie’ Johnson once remarked: “The only proper defence is offence.” Knowing we have the ability to expose cyber attacks and respond, whether in the air, on land, at sea, or in the cyber sphere, will deter our adversaries. Equally, offensive cyber capability gives us the means to maintain our battlefield advantage, delivering more targeted effects, limiting civilian casualties and protecting our own people.

And thirdly, we’re making offensive cyber an essential part of our arsenal, to use it where appropriate and governed by our commitment to international law. Our National Offensive Cyber Programme allows us to integrate cyber into all our military operations, and is being used with great effectiveness to degrade Daesh, not only in Iraq but in Syria too. And we’re not just investing in kit capable of soaking up a wealth of data, but running a multimillion-pound competition to develop machine learning algorithms and artificial intelligence too – freeing up our personnel to provide a more co-ordinated and tailored response.

When it comes to cyber deterrence we stand stronger when we stand together, so we’re also working with our allies to develop our collective cyber response. At last year’s Warsaw summit, NATO recognised cyber as a distinctive domain of operations for the first time. Allied nations signed the cyber pledge, committing to enhance their national defences and strengthen their collective capability to resist attack. Simultaneously we need to continue to develop the ability to provide a proportionate response to cyber attacks against NATO allies. Having honed our own innovative national cyber techniques, we’ve become one of the first NATO members to publicly offer offensive cyber support to Alliance operations as and when required.

In 1933 Churchill declared: “Air power may either end war or end civilisation”, knowing air power could be used for good or ill. He made the right choice and in the dark decade that followed, our planes helped liberate our nation and transform our lives for the better. Now, in this new cyber age, we too are determined to make the right choices – boosting our cyber power to make our nation safer and the world more secure.