INDUSTRY WATCH
A
scam to defraud thousands of UK citizens
using a fake email address spoofing a
UK airport was one of a wide range of
cyberattacks successfully prevented by the National
Cyber Security Centre (NCSC), a report revealed on
July 16. Details of the criminal campaign are just one
case study of many in Active Cyber Defence – The
Second Year, the latest comprehensive analysis of the
NCSC’s world-leading programme to protect the UK
from cyberattacks.
The thwarting of the airport scam was one example
in 2018 of how ACD, an interventionist approach
introduced by the NCSC that stops millions of
cyberattacks from ever happening, protects the public
– in this case, preventing potentially thousands of
people ending up out of pocket.
The incident occurred last August when criminals
tried to send in excess of 200,000 emails purporting
to be from a UK airport and using a non-existent gov.
uk address in a bid to defraud people. However, the
emails never reached the intended recipients’ inboxes
because the NCSC’s ACD system automatically
detected the suspicious domain name and the
recipient’s mail providers never delivered the spoof
messages. The real email account used by the criminals
to communicate with victims was also taken down.
A combination of ACD services has helped HMRC’s
own efforts in massively reducing the criminal use of
its brand. HMRC was the 16th most phished brand
globally in 2016, but by the end of 2018 it was 146th
in the world. Dr Ian Levy, the NCSC’s Technical Director
and Author of the ACD report, said: “These are just two
examples of the value of ACD – it protected thousands
of UK citizens and further reduced the criminal utility
of UK brands. Concerted effort can dissuade criminals
and protect UK citizens.
“While this and other successes are encouraging, we
know there is more to do and we would welcome
partnerships with people and organisations who
wish to contribute to the ACD ecosystem so that
together, we can further protect UK citizens This
second comprehensive analysis we have undertaken
of the programme shows that this bold approach to
preventing cyberattacks is continuing to deliver for
the British public.”
The ACD system includes the pioneering
programmes; Web Check, DMARC, Public Sector DNS
and a takedown service. The ACD technology, which
is free at the point of use, intends to protect most of
the UK from harm caused by the majority of attacks.
www.intelligentcio.com
Other key findings for 2018 from the second ACD
report include:
• In 2018, the NCSC took down 22,133 phishing
campaigns hosted in UK delegated IP space,
totalling 142,203 individual attacks
• 14,124 UK government-related phishing sites
were removed
• Thanks to ACD, the number of phishing
campaigns against HMRC continues to fall
dramatically – with campaigns spoofing HMRC
falling from 2,466 in 2017 – 1,332 in 2018. These
figures relate to 16,064 spoof sites in 2017 and
6,752 sites in 2018
• The total number of takedowns of fraudulent
websites was 192,256, and across 2018, with 64%
of them down in 24 hours
• The number of individual web checks run has
increased almost 100-fold and we issued a total of
111,853 advisories direct to users in 2018
Chancellor of the Duchy of Lancaster and Minister
for the Cabinet Office, David Lidington, said: “The
UK is safer since the launch of our cyberstrategy
in 2016. Over the last three years, and backed by
a £1.9 billion investment, we have revolutionised
the UK’s fight against cyberthreats as part of an
ambitious programme of action.
“The statistics and examples in this report speak for
themselves. They outline the tangible impact that
Active Cyber Defence is having and how it is a key
building block in improving cybersecurity in the UK
now and in the future.”
The new report also looks to the future of ACD,
highlighting a number of areas in development.
These include:
• The work between the NCSC and Action Fraud to
design and build a new automated system which
allows the public to report suspicious emails easily.
The NCSC aims to launch this system to the public
later in 2019
• The development of the NCSC Internet Weather
Centre, which will aim to draw on multiple data
sources to allow us to really understand the digital
landscape of the UK
• We’ll explore developing an Infrastructure
Check service: a web-based tool to help public
sector and critical national infrastructure
providers scan their Internet-connected
infrastructure for vulnerabilities
• NCSC researchers have begun exploring
additional ways to use the data created as part
of the normal operation of the public sector
protective DNS service to help our users better
INTELLIGENTCIO
75