NCSC blocks millions of cyber attacks launched against UK

Cyber criminals will change their tactics in response to the National Cyber Security Centre's (NCSC's) success in blocking millions of attacks against UK businesses over the last year, the organisation's director warned today.

In a report entitled Active Cyber Defence - One Year On', the GCHQ-led agency today detailed the success it has had in reducing cybercrime against businesses and citizens since it introduced its four Active Cyber Defence (ACD) programmes a year ago, under the government's National Cyber Security Strategy.

These four programmes are aimed at improving UK security by checking public body websites' security, blocking fake emails, thwarting phishing attacks and stopping public sector bodies' IT systems from landing on malicious websites.

As a result, the UK's share of visible global phishing attacks has almost halved since the measures began a year ago, dropping from 5.3% in June 2016 to 3.1% November 2017, according to the report. The organisation also blocked an average 4.5 million malicious emails per month from reaching users, and carried out more than one million security scans and seven million security tests on public sector websites.

Additionally, the NCSC removed 121,479 UK-hosted phishing sites, 18,067 of which were spoofing UK government services. As a result, the average time it took to take down sites spoofing government services dropped from 42 hours to 10 hours, it said.

ACD has also accommodated for a dramatic drop of scam emails from bogus @gov.uk' accounts, the report said, with a total of 515,658 rejected over the year.

NCSC technical director Ian Levy said: "The ACD programme intends to increase our cyber adversaries' risk and reduces their return on investment to protect the majority of people in the UK from cyber attacks. The results are positive, but there is a lot more work to be done."

However, he warned that the programmes' success will see attackers alter their tactics.

"The successes we have had in our first year will cause attackers to change their behaviour and we will need to adapt," he said. "Our measures seem to already be having a great security benefit - we now need to incentivise others to do similar things to scale up the benefits to best protect the UK from commodity cyberattacks in a measurable way."

The NCSC's report also listed the 10 most-spoofed government departments, revealing that HMRC is the most targeted, with 16,064 fake websites taken down. Also on the list are the DVLA, the Student Loans Company and the Crown Prosecution Service.

The report comes after UK defence secretary Gavin Williamson warned that a cyber attack by Russia could cripple Britain's infrastructure and cause "thousands and thousands and thousands of deaths". The NCSC's head, Ciaran Martin, had earlier claimed that an attack on the UK's energy infrastructure or election process "is a matter of when, not if".