NCSC's Active Cyber Defence programme helped block 140,000 phishing attacks in 2018

Thanks to its Active Cyber Defence programme, the National Cyber Security Centre helped block and contain over 140,000 phishing attacks in 2018, including a phishing campaign that spoofed a UK airport and targeted more than 200,000 email accounts.
In 2017, the National Cyber Security Centre launched its Active Cyber Defence programme, the aim of which was to make the UK more secure online, to protect the majority of people in the UK from cyber attacks, and to reduce cyber criminals' return on investment by cracking down on their malicious activities.
As part of the Active Cyber Defence programme, NCSC also introduced four new technologies- Web Check, DMARC, Public Sector DNS and a takedown service which were offered for free to help public institutions defend against sophisticated phishing attacks and to stop public sector systems veering onto malicious servers.
So successful was the programme that in the first year after it was launched, NCSC was able to remove 121,479 phishing sites hosted in the UK and 18,067 hosted in the rest of the world that spoofed UK government websites. It also blocked a total of 515,658 fake e-mails from bogus ‘@gov.uk’ accounts.
NCSC also announced that an average 4.5 million malicious emails per month were blocked from reaching end users and that the number of such emails peaked at 30.3 million in June 2017. More than 1 million security scans and 7 million security tests were also carried out on public sector websites to detect threats and this helped reduce UK's share of global phishing attacks from 5.3% in June to 3.1% in November 2017.
Earlier today, NCSC announced its achievements during the second year of the Active Cyber Defence programme, stating that in 2018, the programme helped block and contain over 140,000 phishing attacks, including a phishing campaign that spoofed a UK airport and targeted more than 200,000 email accounts.
"The thwarting of the airport scam was one example in 2018 of how ACD protects the public – in this case preventing potentially thousands of people ending up out of pocket. The incident occurred last August when criminals tried to send in excess of 200,000 emails purporting to be from a UK airport and using a non-existent gov.uk address in a bid to defraud people," it said.
During this period, NCSC was also able to significantly reduce the number of times cyber criminals could spoof the HMRC website by as much as 46 percent, thereby preventing fraudsters from luring taxpayers into sharing their financial information or making tax payments on fraudulent websites.
In July last year, HMRC announced that it had removed as many as 20,750 malicious websites in 12 months to protect taxpayers from being defrauded by cyber criminals, 29 percent more than the number of malicious websites taken down in the previous year.
While the department was able to save more than £2.4 million by tackling fraudsters that tricked the public into using premium rate phone numbers for services that HMRC provided for free, it also implemented a verification system called DMARC that successfully stopped half a billion phishing emails from reaching customers.
According to Dr. Ian levy, technical director at the NCSC, a combination of Active Cyber Defence services helped reduce the spoofing of HMRC's domain significantly in the past few years. While HMRC was the world's 16th most phished brand in 2016, it became 146th by the end of 2018.
Other achievements of the NCSC's Active Cyber Defence programme included the tracing and removal of 14,124 phishing sites that spoofed UK government domains, the takedown of 22,133 phishing campaigns hosted in UK delegated IP space, totalling 142,203 individual attacks, and the removal of 192,256 fraudulent websites in 2018.
"While this and other successes are encouraging, we know there is more to do, and we would welcome partnerships with people and organisations who wish to contribute to the ACD ecosystem so that together we can further protect UK citizens," said Dr Ian Levy.
Commenting on the NCSC's announcement, Corin Imai, senior security advisor at DomainTools, says: "This is a massively encouraging progress report we have received from the NCSC, and the UK is extremely wise to have invested in such a diligent dedicated cybersecurity centre in order to combat cybercrime. Phishing is one of the most common and sadly one of the most effective methods of extracting funds by nefarious means from the general public, so the NCSC being able to stop 140,000 separate phishing attacks is a step in the right direction.
"However, there is only so much that one organisation can do on its own - even a government funded one. With an estimated 1.5 million new phishing sites created every month, cybersecurity teams at governments all over the world need to be working as hard as the NCSC.
"In addition to this, organisations and educational institutions need to make a base level of phishing training available for everyone who has Internet access – Taking the profitability out of phishing scams is ultimately how we can continue to build on the good work of the NCSC and move towards making phishing a thing of the past," she adds.