WORLD leading initiatives by the National Cyber Security Centre (NCSC) have detected and prevented millions of online commodity attacks against the UK, figures published today (February 5) have shown.

The results of the UK government’s new bold approach to tackling cyber crime are detailed in ‘Active Cyber Defence – One Year On’, a comprehensive summary compiled by the NCSC’s Technical Director Dr Ian Levy.

Four pioneering Active Cyber Defence (ACD) programmes – Web Check, DMARC, Public Sector DNS and a takedown service – were launched last year as part of the National Cyber Security Strategy to improve basic cyber security by disrupting commodity cyber attacks that affect UK citizens.

The technology, which is free at the point of use, improves defence against threats by blocking fake emails, removing phishing attacks and stopping public sector systems veering onto malicious servers.

Key findings amongst the comprehensive analysis show that since the ACD was introduced;

  • UK share of visible global phishing attacks dropped from 5.3% (June 2016) to 3.1% (Nov 2017)
  • removed 121,479 phishing sites hosted in the UK – and 18,067 worldwide spoofing UK government
  • takedown availability times for sites spoofing government brands down from 42 hours to 10 hours
  • a dramatic drop of scam emails from bogus ‘@gov.uk’ accounts (total of 515,658 rejected in year)
  • average 4.5 million malicious emails per month blocked from reaching users (peak 30.3m in June)
  • more than 1 million security scans and 7 million security tests carried out on public sector websites

Dr Ian Levy, Technical Director of the NCSC, said:

Through the National Cyber Security Centre, the UK has taken a unique approach that is bold and interventionalist, aiming to make the UK an unattractive target to criminals or nation states.

The ACD programme intends to increase our cyber adversaries’ risk and reduces their return on investment to protect the majority of people in the UK from cyber attacks.

The results we have published today are positive, but there is a lot more work to be done. The successes we have had in our first year will cause attackers to change their behaviour and we will need to adapt.

Our measures seem to already be having a great security benefit – we now need to incentivise others to do similar things to scale up the benefits to best protect the UK from commodity cyber attacks in a measurable way.”

The report lists scam domains promoted by phishing emails that have now been removed, such as onlinehmrc-gov.uk, refunds-dvla.co.uk and nationalcrime-agency.com and shares examples of real phishing emails they have prevented from being delivered.

It also puts on record the 10 most spoofed government brands in the year, with HMRC the most targeted with 16,064 fake websites taken down. Also in the list are the DVLA, the Student Loans Company and the Crown Prosecution Service.

The report also breaks down the brands which have been most successfully protected from criminals for each month. Amongst the organisations best defending themselves from spoof attempts thanks to implementing ACD are local authorities such as Northumberland County Council (59,405 attempts in August), Cardiff Council (31,728 in December) and Denbighshire County Council (25,627 in May).

Dr Levy continued:

This report shows that simple things, done at scale, can have a positive and measurable effect and the British UK public should be safer as a result of these measures.

As these measures are scaled up, people should be asked less often to do impossible things, like judge whether an email or website is good or bad, less often.

The NCSC has committed to being transparent and publishing data. We think the results here show that the first year of our Active Cyber Defence programme have been successful – and the following years will be really interesting.

The paper goes on to outline the NCSC’s intention to broaden sharing of detection events between UK ISPs, building on BT’s new MISP threat sharing platform launched in December and ensuring it provides real security benefit to end users.

Mark Hughes, CEO of BT Security, said:

“The Government’s Active Cyber Defence strategy will make it increasingly difficult for cyber criminals to carry out relatively unsophisticated attacks, which account for roughly 80 per cent of all cyber crime.

BT is supporting its strategy in a number of crucial ways, including strengthening email security, internet and signalling protocols and by blocking tens of millions of malicious malware infections every week.

We’ve also launched a collaborative online platform which sees BT share its threat intelligence data with other UK ISPs, so that they can better protect their customers should they choose to take action.”

The NCSC provides a single, central body for cyber security at a national level and is the UK’s technical authority on cyber. It manages national cyber security incidents, carries out real-time threat analysis and provides tailored sectoral advice.

GCHQ is the parent body for the NCSC, meaning that it can draw on the organisation’s world-class skills and sensitive capabilities.

You can read the full report here: www.ncsc.gov.uk/information/active-cyber-defence-one-year