NCSC "achieving its aims" with reduced criminal infrastructures attacking UK
Criminal cyber-infrastructures used to attack the UK have fallen by two thirds, from 72,975 unique IP addresses in 2017 to just 24,320 IP addresses used by attackers in 2018 whose sites were taken down by the NCSC, according to its latest Active Cyber Defence (ADC) report published earlier this week. However, the total number of takedowns, at 192,256, was just marginally down on the 2017 figure of 209,992, a fall of 13 per cent.
Report author Ian Levy suggests that this means criminals are using less infrastructure and hosting more individual attacks on each instance as part of a campaign. He also says that it could be that it is becoming harder to host attacks that the NCSC is interested in. Levy does not suggest that there are now fewer attackers, but acknowledges, "There could be other explanations due to causes hidden from us, but we are unaware of any other systemic work that could obviously cause that sort of effect," hence concludes it is likely that the NCSC is, "achieving our overall goal or making the UK (and UK-related brands) unattractive for cybercrime."
The Takedown Service is just one of the NCSCs activities reported on, with others including, Mail Check and Protective DNS. Mail Check monitors public sector organisations and helps them take control of their emails making phishing attacks much more difficult.
Last year, the NCSC stopped 140,000 separate phishing attacks including the bogus emails from an unnamed UK airport. The NCSC tackles large opportunistic threats but says it needs to prioritise the bigger risks. This can mean that smaller hazards can slip through. In an email to SC Media UK, Matt Walmsley, EMEA director at Vectra, said, " It is great to see the results of the programmes 2nd year of operations but each UK individual, and every UK organisation, needs to foster an attitude of being primarily responsible for their own cyber-security".
David Mount, the director, Europe at Cofense, agreed, commenting: "Unfortunately, while the NCSC may have the ability to help some, it does not have the resources to help everyone in the fight against cybercrime." He then went on to say that people should learn from the examples provided in the report to reduce or prevent harm.
The programme has raised awareness amongst UK organisations and businesses, nonetheless, email attacks have cost businesses and governments £10 billion so far. The report brought up many threats, including Domain Fraud actors that create domains to imitate trusted brands. Adenike Cosgrove, the cyber-security strategist at Proofpoint, told SC Media UK that, "Although progress is being made, email fraud from domain spoofing is still an issue and both businesses and consumers aren’t safe from this increasing threat. In fact, recent Proofpoint research shows that fraudulent domains grew by 11 per cent globally over the past year, with more than 90 per cent of these domains currently lives and active." She added that the NCSC had made a good start looking at government-owned domains.
There was some suggestion that although the NCSC report shows great progress and improvements in cyber-security, it has forced hackers to become more advanced in its attacks so cyber-security crime is becoming harder to solve. It is reported that there are an estimated 1.5 million phishing sites created every month, generating more problems for the NCSC to deal with. Corin Imai, a senior security advisor at DomainTools, suggested that "Organisations and educational institutions need to make a base level of phishing training available for everyone who has Internet access". This would mean that more people would be protected from phishing and the NCSC would have more time to focus on bigger problems. Imai went on to say that, "Taking the profitability out of phishing scams is ultimately how we can continue to build on the good work of the NCSC and move towards making phishing a thing of the past."
Whilst HMRC remains the top phished brand, the Student Loans Company and universities also figure in the top ten. In its report, the NCSC suggested that access to the relevant university mail account is needed to help the criminal gain access to passwords or more. Tim Sadler, CEO at cyber-security firm, Tessian, commented that "Attackers are successfully engineering new ways of deceiving their targets to share data or transfer money. And what better way to convince someone to share information or click a link than to impersonate a position of trust and authority?" To help stop this, Sadler suggested that users should, "Check the sender’s email address and look out for spelling mistakes. And if you're still not sure, then do not respond and verify the sender by calling the company or University in question."
In NCSC’s report (on pg. 46 of PDF in the connected website), it advises that businesses adopt DMARC "as it is only through widespread adoption of better email security that we will have a sustained impact on criminal return on investment and their intent to attack citizens." Sadler claims that "The problem with DMARC is that it only protects against a small fraction of the threats on email. Businesses and government agencies should be aware that a high percentage of emails employees receive are still not DMARC authenticated. This means that while their own domain may be protected from direct impersonation, their employees remain vulnerable to direct impersonation of their external contacts."
- Head of Penetration Testing
- United Kingdom
Head of Penetration Testing needed to join a security consultancy that are delivering client facing penetration testing services around Web app and Infrastructure. Looking for someone hands on that is able to manage a highly skilled technical team of testers. 50-60% of the time is expected to be hands on, other duties will include, but not be limited to; leading and managing the day to day running of the team, mentoring, team upskill, recruitment, reporting, escalation, process improvement etc. Flexible location although south east is preferred. Anyone with Check / CREST experience is highly desirable. MUST be able to achieve SC clearance. UK based role. All details kept in confidence.
- CONTRACT SOC Manager. London / Birmingham. URGENT Immediate role.
REF7847 Contract SOC Manager. SC cleared, London / Birmingham. Initial 3 month Contract. SOC Manager needed to for an URGENT 3-4 month CONTRACT. SC clearance is essential. The project is to aid in the setup, implementation and management of resources to help with the initial stand up stages of a new SOC within a greenfield site. This is a short term contract role whilst a permanent hire is brought on over the coming 3 to 4 months. Experience engaging with and managing client stakeholder relationships as well as 3rd party relationships is critical. The role will involve; setting up, implementing and fine tuning the various initial stages of a SOC environment. Experience establishing and building out technical process / operational capability, managing of technical teams (analysts, engineers and architects, creation of policy / playbooks, fine turning is key. SPLUNK is the tooling of choice… Interviewing immediately. Set up a call with me today on https://calendly.com/chris-holt/arranged-call-with-chris-holt-remote-soc-role Direct contact details Chris.Holt@dclsearch.com or 07884666351
- SPLUNK Level 3 SOC Consultant, SIEM Splunk, London / Birmingham
REF CH7825 Level 3 SOC Consultant, SIEM Splunk, London / Birmingham £55,000 + Level 3 SOC Consultant, SIEM SPLUNK needed. Security Clearance. Permanent role Level 3 SOC Consultant, SIEM SPLUNK needed to join a public sector client. The ability to achieve SC clearance is essential. MUST have experience working with SPLUNK ideally to an Advanced Power User level. Splunk Enterprise Security (ES) knowledge and hands on experience highly desirable. The role will include, but not be limited to; managing and handling incidents end to end, supporting and mentoring level 1 / level 2 staff, supporting the SOC manager in the delivery of the SOC roadmap, engaging with the client stakeholders (other technical teams) as and where needed, use case development, advanced search and reporting etc. The individual MUST currently be living in the UK and be able to achieve UK security clearance. (SC) This is a permanent role To arrange a call with Chris Holt use this calendy link https://calendly.com/chris-holt/arranged-call-with-chris-holt-remote-soc-role Chris.Holt@dclsearch.com
- Aspiring Cyber Partner. Business lead, market maker.
Aspiring Cyber Partner (management consultancy) with Cyber specialism into Healthcare, Utilities and or Public Sector. Working with new and existing clients to help them solve, transform or evolve their cyber capabilities. MUST have; A proven management consultancy background in cyber. A history of identifying and closing new business opportunities. Currently Revenue generating / must be able to demonstrate recent wins. Client facing to board level with international businesses. Team leadership / mentoring experience. Extensive cyber industry experience. Digital transformation, Start-up environments etc. Experienced presenter at industry events, to be the public face of a business / capability. Breadth of knowledge across Cyber security. Service definition / creation. Would consider a senior director with experience delivering the above looking to step up. All conversations kept in confidence. To arrange a discreet call book a time to speak in my diary via https://calendly.com/chris-holt/cyber-partner-call Chris.Holt@dclsearch.com