GCHQ to expand NCSC’s Web Check service to all gov.uk domains
March 29, 2018
The UK's premier intelligence agency GCHQ is planning the expansion of the National Cyber Security Centre's Web Check service to all websites run by the government, government agencies and local councils.
In July last year, the National Cyber Security Centre (NCSC) launched its Web Check service to help all UK public sector organisations fix existing and emerging vulnerabilities in their digital websites and applications.
Started to aid public sector firms
At the time of its launch, Web Check was already scanning digital properties of more than 1,200 government websites everyday and had reported more than 2,900 findings to users.
"Web Check came about by listening to the experiences of local government with automated vulnerability scanning tools. We see Web Check helping system owners find and fix common issues; letting them focus on trickier issues that only people can find," said NCSC.
According to The Register, the Web Check service has so far uncovered over 6,000 issues across 8,000 different websites and has also helped NCSC release over 4,000 advisories since April last year. It added that GCHQ will soon expand Web Check's coverage in order to improve the UK.gov's secure server setup.
According to NCSC, the new programme helped it remove 121,479 phishing sites hosted in the UK and 18,067 hosted in the rest of the world that spoofed UK government websites. It also blocked a total of 515,658 fake e-mails from bogus ‘@gov.uk’ accounts.
NCSC also announced that an average 4.5 million malicious emails per month were blocked from reaching end users and that the number of such emails peaked at 30.3 million in June last year. More than 1 million security scans and 7 million security tests were also carried out on public sector websites to detect threats, and this helped reduce UK's share of global phishing attacks from 5.3% in June to 3.1% in November last year.
In fact, the Web Check service itself performed 1,033,250 individual scans running 7,181,464 individual tests, scanned 7,791 unique URLs across 6,910 unique domains and produced 4,108 advisories for customers.
These advisories included 2,178 issues relating to certiﬁcate management, 1 relating to HTTP implementation, 184 relating to out of date content management systems, 1,629 relating to TLS implementation, 76 relating to out of date server software and, 40 relating to other issues.
Jay Jay is a freelance technology writer for teiss. He has previously written news articles, device reviews and features for Mobile Choice UK website and magazine, as well as writing extensively for SC Magazine UK, Tech Radar, Indian Express, and Android Headlines.