In November 2016 the National Cyber Security Centre (NCSC) was created as part of GCHQ and given a mandate to pursue the radical action required to better protect the UK’s interests in cyberspace.
A key strand in this new approach is the NCSC’s Active Cyber Defence (ACD) programme, which aspires to protect the majority of people in the UK from the majority of the harm, caused by the majority of the attacks, for the majority of the time. It is intended to tackle the high-volume commodity attacks that affect people’s everyday lives, rather than the highly sophisticated and targeted attacks, which are dealt with in other ways.
One key intervention is the Takedown Service.
The Takedown Service
This service works by requesting that hosting providers remove malicious content that is pretending to be related to UK government and also certain types of malicious content hosted in the UK.
- In 2017, we removed 18,067 unique phishing sites across 2,929 attack groups that pretended to be a UK government brand, wherever in the world they were hosted.
- As a consequence, we have reduced the median availability of a UK government-related phishing site from 42 hours to 10 hours. That means that these sites are available for much less time to do harm to UK citizens. 65.8% of those are down in 24 hours, up from 39% before we started takedowns.
- In 2017, we removed 121,479 unique phishing sites across 20,763 attack groups physically hosted in the UK, regardless of who it was pretending to be. As a consequence, we have reduced the median availability of a phishing site physically hosted in the UK from 26 hours to 3 hours, again giving them much less time to do harm. 76.8% of those were down in 24 hours, up from 47.3% before NCSC started takedowns.
- In 2017, we worked with 1,719 compromised sites in the UK that were being used to host 5,111 attacks, intended to compromise the people that visited them. As a consequence, we have reduced the median availability of these compromises from 525 hours to 39 hours.
- Over the year 2017, the month-by-month volume of each of these has fallen, suggesting that criminals are using the UK government brand less and hosting fewer of their malicious sites in UK infrastructure.
- In 2017, we notified email providers about 3,243 Advance Fee Fraud attacks, pretending to be related to UK government.
- In 2017, we stopped several thousand mail servers being used to impersonate government domains and sending malware to people, in the expectation that the government link makes them more realistic. We have also removed a number of deceptive domains that were registered with the sole intention of deceiving people.
- While the volume of global phishing we can see has gone up significantly (nearly 50%) over the last 18 months, the share hosted in the UK has reduced from 5.5% to 2.9%.
That’s a great first year – keep up the good work.
Do leave a comment on this post – click on the post title then scroll down to leave your comment.