NCSC’s ‘Active Cyber Defence programme’ helped it block 54mn phishing emails

NCSC’s ‘Active Cyber Defence programme’ helped it block 54mn phishing emails

National Cyber Security Strategy

Thanks to an ‘Active Cyber Defence programme’ that it initiated last year, the National Cyber Security Centre was able to block 54 million online attacks and to take down 120,000 fake websites run by cyber criminals.

NCSC took down fake websites that imitated websites owned by public sector institutions like HMRC, Crown Prosecution Service, the Bank of England and several UK universities as part of its new Active Cyber Defence programme.

The National Cyber Security Centre released a report today highlighting its achievements under the ‘Active Cyber Defence programme’ that was launched last year. The Centre said that thanks to the success of the programme, the UK’s share of global phishing attacks has plummetted and attackers have been forced to change their behaviour.

Last year, as part of the new programme, NCSC introduced four new technologies- Web Check, DMARC, Public Sector DNS and a takedown service which were offered for free to help public institutions defend against sophisticated phishing attacks and to stop public sector systems veering onto malicious servers.

‘The ACD programme intends to increase our cyber adversaries’ risk and reduces their return on investment to protect the majority of people in the UK from cyber attacks. The results we have published today are positive, but there is a lot more work to be done. The successes we have had in our first year will cause attackers to change their behaviour and we will need to adapt,’ said Dr Ian Levy, Technical Director of the NCSC.

‘Our measures seem to already be having a great security benefit – we now need to incentivise others to do similar things to scale up the benefits to best protect the UK from commodity cyber attacks in a measurable way,’ he added.

According to NCSC, the new programme helped it remove 121,479 phishing sites hosted in the UK and 18,067 hosted in the rest of the world that spoofed UK government websites. It also blocked a total of 515,658 fake e-mails from bogus ‘’ accounts.

NCSC also announced that an average 4.5 million malicious emails per month were blocked from reaching end users and that the number of such emails peaked at 30.3 million in June last year. More than 1 million security scans and 7 million security tests were also carried out on public sector websites to detect threats, and this helped reduce UK’s share of global phishing attacks from 5.3% in June to 3.1% in November last year.

For example, Web Check, one of the tools issued by NCSC, performed 1,033,250 individual scans running 7,181,464 individual tests, scanned 7,791 unique URLs across 6,910 unique domains and produced 4,108 advisories for customers. These advisories covered included 2,178 issues relating to certificate management, 1 relating to HTTP implementation, 184 relating to out of date content management systems, 1,629 relating to TLS implementation, 76 relating to out of date server software and 40 other issues.

Bob Rudis, Chief Data Scientist at Rapid7, terms the initiatives and results of NCSC’s ‘Active Cyber Defence programme’ as nothing short of incredible.

‘The NCSC has proved that with collaboration and appropriate support, it is possible to implement foundational cybersecurity monitoring, configuration, and reporting that fundamentally changes the economics for opportunistic/commodity attackers.

‘Each initiative covered in the report shows signs of real, measurable, positive impact, and at the same time, NCSC is providing clear, concise and effective tooling and reporting for defenders and business process owners.

‘We, as an industry, now have at-scale, baseline data that proves basic elements of cybersecurity — such as how DNS, email, web servers, SSL certificates and routing protocols are configured/tracked — can fundamentally change the behaviour of attackers and force them to move to more insecure targets,’ he adds.

Also read: Public sector is top target for malware, says NTT Com Security

Copyright Lyonsdown Limited 2021

Top Articles

Double trouble: the rising threat of double-extortion ransomware

Ransomware attackers continue to threaten businesses at an increasing scale, speed and sophistication.

The blurring line between nation-state and cyber-criminals

Russia is widely known to be involved in a plethora of cyber-criminal activity.

XDR: Delivering value where SIEMs fail

Implementing an XDR solution means faster detection, and remediation of cyber incidents

Related Articles

[s2Member-Login login_redirect=”” /]