Tag: ncsc

UK Cyber Security Centre One Year On

In November 2016 the National Cyber Security Centre (NCSC) was created as part of GCHQ and given a mandate to pursue the radical action required to better protect the UK’s interests in cyberspace.

A key strand in this new approach is the NCSC’s Active Cyber Defence (ACD) programme, which aspires to protect the majority of people in the UK from the majority of the harm, caused by the majority of the attacks, for the majority of the time. It is intended to tackle the high-volume commodity attacks that affect people’s everyday lives, rather than the highly sophisticated and targeted attacks, which are dealt with in other ways.

One key intervention is the Takedown Service.

The Takedown Service

This service works by requesting that hosting providers remove malicious content that is pretending to be related to UK government and also certain types of malicious content hosted in the UK.

  • In 2017, we removed 18,067 unique phishing sites across 2,929 attack groups that pretended to be a UK government brand, wherever in the world they were hosted.
  • As a consequence, we have reduced the median availability of a UK government-related phishing site from 42 hours to 10 hours. That means that these sites are available for much less time to do harm to UK citizens. 65.8% of those are down in 24 hours, up from 39% before we started takedowns.
  • In 2017, we removed 121,479 unique phishing sites across 20,763 attack groups physically hosted in the UK, regardless of who it was pretending to be. As a consequence, we have reduced the median availability of a phishing site physically hosted in the UK from 26 hours to 3 hours, again giving them much less time to do harm. 76.8% of those were down in 24 hours, up from 47.3% before NCSC started takedowns.
  • In 2017, we worked with 1,719 compromised sites in the UK that were being used to host 5,111 attacks, intended to compromise the people that visited them. As a consequence, we have reduced the median availability of these compromises from 525 hours to 39 hours.
  • Over the year 2017, the month-by-month volume of each of these has fallen, suggesting that criminals are using the UK government brand less and hosting fewer of their malicious sites in UK infrastructure.
  • In 2017, we notified email providers about 3,243 Advance Fee Fraud attacks, pretending to be related to UK government.
  • In 2017, we stopped several thousand mail servers being used to impersonate government domains and sending malware to people, in the expectation that the government link makes them more realistic. We have also removed a number of deceptive domains that were registered with the sole intention of deceiving people.
  • While the volume of global phishing we can see has gone up significantly (nearly 50%) over the last 18 months, the share hosted in the UK has reduced from 5.5% to 2.9%.

That’s a great first year – keep up the good work.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

Fightback Ninja Signature

The Government’s New Cyber Security Centre

The government’s National Cyber Security Centre (NCSC), based in Victoria, London, was officially opened by the Queen in early February.

The new boss is Ciaran Martin, who has moved from the agency’s headquarters in Cheltenham.

The NCSC is already busy as it says it has stopped more than a hundred high level cyber attacks in the last few months.

“The cyberattacks we are seeing are increasing in their frequency, their severity, and their sophistication,” chancellor Philip Hammond said ahead of the opening.

“We will help secure our critical services, lead the response to the most serious incidents and improve the underlying security of the internet through technological improvement and advice to citizens and organisations,” Martin said. This will include finding vulnerabilities in public sector websites, stopping spoof emails, and taking down thousands of phishing websites in the UK.

The National Cyber Security Centre has four key objectives outlined in its prospectus.

  1. To Be a Centre of Expertise on Cyber Security

To understand the cyber security environment, share knowledge, and use that expertise to identify and address systemic vulnerabilities. The NCSC will be the centre of government expertise on what is happening in cyberspace.. That knowledge will be used to provide best practice advice and guidance, and to tackle systemic vulnerabilities to enhance cyber security for all.

  1. To Protect the UK

To reduce risks to the UK by working with public and private sector organisations to improve their cyber security. The NCSC will support the most critical organisations in the UK across government and the private sector to secure and defend their networks.

  1. To respond to Cyber Security Incidents

When a serious cyber incident occurs, the NCSC will work with victims to minimise the damage, to help with recovery, and to learn lessons to reduce the chance of recurrence and minimise future impact. At the same time the NCSC will ensure that the wider response of government and law enforcement is well co-ordinated

  1. To Grow the UK Cyber Security Capability

To nurture and grow our national cyber security capability, and provide leadership on critical national cyber security issues. Cyber security and information technology continues to develop and evolve at a rapid pace. As the Centre within government for cyber-knowledge, the NCSC will have the best possible visibility of what is happening today – in terms of threats, vulnerabilities and technology trends. This means cutting edge technical research teams, combining the best of government, industry and academic expertise, scanning the horizon and helping plan for what could challenge us tomorrow. The NCSC will lead the UK’s thinking across the range of initiatives and developments, ensuring that the UK Government, organisations and the public can harness the advantages that new technologies bring in a safe and secure manner.

Let’s hope the new NCSC is up to the job of combatting foreign and domestic hackers, criminals and terrorists.

Do you have an opinion on this matter? Please comment in the box below.