The UK’s National Cyber Security Center (NCSC) has reported increased success in protecting UK citizens and organizations from harm online through its flagship Active Cyber Defense (ACD) program to as the initiative enters its fourth year.
The ACD program is designed to protect UK Internet users from “most of the damage caused by most cyberattacks most of the time”. ACD’s third annual report covers calendar year 2019, so it does not yet take into account the impact of the Covid-19 pandemic on the UK’s cybersecurity posture.
Covers a number of core services including Domain Name Protection Services (PDNS), Web and Mail Checks, Host Based Capability (HBC), Simplified Registry Vulnerability Disclosure (LME), Exercise in a Box, and Removal of NCSC. Service. It also monitors the very popular Suspicious Email Reporting Service (Sers), although since this was only launched in 2020, it is beyond the scope of the most recent report.
Among some of the highlights of 2019, the NCSC said its removal activities resulted in a “significant reduction in ‘evil’ on the Internet,” even as malicious actors continued to tailor their attacks, while other parts of the scheme continued. collecting valuable data. on email security and how to train organizations through the implementation of Dmarc.
Over the course of 2019, its Removal Service, which is managed by Netcraft, removed 217,172 malicious URLs, roughly 25,000 more than in 2018. This was spread across 21,111 IP addresses in 2019, a slight decrease from 24,320 in 2018, possibly as result of the infrastructure used. conducting attacks is more difficult to acquire, although this remains an unproven hypothesis.
A total of 17,399 of the busted campaigns in 2019 used the UK government branding in some way, primarily phishing URLs, but also phishing URL mail servers, malware attachment mail servers and prepayment scams, also known as 419 scams, many of which are related to fake Brexit investment opportunities.
Note that the NCSC has a broad view of the government brand, so the data includes brands that are not necessarily identified as linked to the government, such as TV Licensing, which was the most imitated brand in the statistics, the BBC e even the National Lottery. , which is widely faked by advance fee fraud scammers.
Interestingly, HMRC spoofing attacks – generally the government domain most abused by cybercriminals and scammers – declined in 2019, largely due to the department’s implementation of anti-spoofing controls, Dmarc Protection. and a laser focus on protecting himself.
Other notable removals included nearly 1,400 credit card skimmers, 861 hosted in the UK, and many of them related to unpatched versions of the Magento e-commerce platform; and attacks on an online business providing custom English and Scottish Premiership football shirts. Crypto miner takedowns bottomed out in 2019, likely thanks to the Coinhive service outage in March of that year.
Furthermore, ACD’s Domain Name Protection System (PDNS) program, which combats malicious activity targeting the public sector with the support of Nominet, increased the number of protected public sector employees from 1.4 million to 2.2 million in 2019, handling 142 billion queries, more than double the number in 2018, up to 43,726 per second at peak hours.
It blocked 80 million queries to 175,000 unique domains, 25 million of them related to algorithmically generated domains or AGDs, 16 million to botnet command and control infrastructure (C2), 14,000 for indicators related to exploit kits, and 3,200 for ransomware.
The malwares most frequently viewed in his rogue gallery in 2019 included Emotet, Necurs, Kraken, Sphinx, Neutrino, Cerber, CryptoLocker, GandCrab, WannaCry, NotPetya, BadRabbit, Ramnit, Tiny Banker, and Conficker.
As of December 31, 2019, PDNS service was in use in 35 of the 45 central government departments, compared to 24 at the end of 2018, while 102 local government agencies, as well as some shared service providers, signed up ie PDNS now covers 65% of local government organizations, up from 40% in 2018. Particularly strong engagement was seen in decentralized administrations in Northern Ireland, Scotland and Wales.
The report can be downloaded for reading in its entirety through the NCSC website, and the organization invites further analysis and feedback from stakeholders, security experts, and the general public.