NCSC "achieving its aims" with reduced criminal infrastructures attacking UK
Criminal cyber-infrastructures used to attack the UK have fallen by two thirds, from 72,975 unique IP addresses in 2017 to just 24,320 IP addresses used by attackers in 2018 whose sites were taken down by the NCSC, according to its latest Active Cyber Defence (ADC) report published earlier this week. However, the total number of takedowns, at 192,256, was just marginally down on the 2017 figure of 209,992, a fall of 13 per cent.
Report author Ian Levy suggests that this means criminals are using less infrastructure and hosting more individual attacks on each instance as part of a campaign. He also says that it could be that it is becoming harder to host attacks that the NCSC is interested in. Levy does not suggest that there are now fewer attackers, but acknowledges, "There could be other explanations due to causes hidden from us, but we are unaware of any other systemic work that could obviously cause that sort of effect," hence concludes it is likely that the NCSC is, "achieving our overall goal or making the UK (and UK-related brands) unattractive for cybercrime."
The Takedown Service is just one of the NCSCs activities reported on, with others including, Mail Check and Protective DNS. Mail Check monitors public sector organisations and helps them take control of their emails making phishing attacks much more difficult.
Last year, the NCSC stopped 140,000 separate phishing attacks including the bogus emails from an unnamed UK airport. The NCSC tackles large opportunistic threats but says it needs to prioritise the bigger risks. This can mean that smaller hazards can slip through. In an email to SC Media UK, Matt Walmsley, EMEA director at Vectra, said, " It is great to see the results of the programmes 2nd year of operations but each UK individual, and every UK organisation, needs to foster an attitude of being primarily responsible for their own cyber-security".
David Mount, the director, Europe at Cofense, agreed, commenting: "Unfortunately, while the NCSC may have the ability to help some, it does not have the resources to help everyone in the fight against cybercrime." He then went on to say that people should learn from the examples provided in the report to reduce or prevent harm.
The programme has raised awareness amongst UK organisations and businesses, nonetheless, email attacks have cost businesses and governments £10 billion so far. The report brought up many threats, including Domain Fraud actors that create domains to imitate trusted brands. Adenike Cosgrove, the cyber-security strategist at Proofpoint, told SC Media UK that, "Although progress is being made, email fraud from domain spoofing is still an issue and both businesses and consumers aren’t safe from this increasing threat. In fact, recent Proofpoint research shows that fraudulent domains grew by 11 per cent globally over the past year, with more than 90 per cent of these domains currently lives and active." She added that the NCSC had made a good start looking at government-owned domains.
There was some suggestion that although the NCSC report shows great progress and improvements in cyber-security, it has forced hackers to become more advanced in its attacks so cyber-security crime is becoming harder to solve. It is reported that there are an estimated 1.5 million phishing sites created every month, generating more problems for the NCSC to deal with. Corin Imai, a senior security advisor at DomainTools, suggested that "Organisations and educational institutions need to make a base level of phishing training available for everyone who has Internet access". This would mean that more people would be protected from phishing and the NCSC would have more time to focus on bigger problems. Imai went on to say that, "Taking the profitability out of phishing scams is ultimately how we can continue to build on the good work of the NCSC and move towards making phishing a thing of the past."
Whilst HMRC remains the top phished brand, the Student Loans Company and universities also figure in the top ten. In its report, the NCSC suggested that access to the relevant university mail account is needed to help the criminal gain access to passwords or more. Tim Sadler, CEO at cyber-security firm, Tessian, commented that "Attackers are successfully engineering new ways of deceiving their targets to share data or transfer money. And what better way to convince someone to share information or click a link than to impersonate a position of trust and authority?" To help stop this, Sadler suggested that users should, "Check the sender’s email address and look out for spelling mistakes. And if you're still not sure, then do not respond and verify the sender by calling the company or University in question."
In NCSC’s report (on pg. 46 of PDF in the connected website), it advises that businesses adopt DMARC "as it is only through widespread adoption of better email security that we will have a sustained impact on criminal return on investment and their intent to attack citizens." Sadler claims that "The problem with DMARC is that it only protects against a small fraction of the threats on email. Businesses and government agencies should be aware that a high percentage of emails employees receive are still not DMARC authenticated. This means that while their own domain may be protected from direct impersonation, their employees remain vulnerable to direct impersonation of their external contacts."
- CONTRACT SIEM Cyber Security Operations Engineer. REMOTE OUTSIDE IR35
- United Kingdom
REFCH8165 CONTRACT SIEM Cyber Security Operations Engineer. REMOTE UK SIEM Engineer. 6 month Contract. OUTSIDE IR35 Working towards a "SOC 2" environment. CLOUD (AWS) experience essential. Three key functions; Monitor, Escalate and Triage incidents. Vulnerability Management / threat intel. SIEM configuration / management, review, enhancement More specifically; Work with internal teams to identify assets. Identity applicable threat feeds and work with internal teams to remediate. Patch Patch Patch. (Help mature process / identify gaps) Configuration / fine tuning of SIEM alerts. Create dashboards, Compliance reporting. Log ingestion. Experience across ISO27001 / SOC2 / SIEM / End Point Security is essential Contact me today for more information Chris.Holt@dclsearch.com Or 07884666351
- Cyber Security Operations Engineer. REMOTE UK. SOC2
- United Kingdom
REF8164 Cyber Security Operations Engineer. REMOTE UK Internal opportunity. New position. Exclusive to DCL Search. You will be the hands on technical eyes and ears of the Cyber security capability actively working to ensure and enhance the adherence to ISO27001 and "SOC 2" controls. You role will touch on the following · Security Monitoring- SIEM · Vulnerability Management / Testing · Incident Management · Asset management · Disaster Recovery planning · Change Management AWS Cloud experience is essential as is the ability to ensure patch management is prioritised across the business. Any CLOUD SIEM experience highly desirable. Contact me today for more information Chris.Holt@dclsearch.com Or 07884666351
- Lead Security Architect
- United Kingdom
Engage with key clients in an Architectural / technical presales capacity. Including Stakeholders, end users / partners. Working on new and existing Security projects to confirm that proposed solutions are fit for purpose from both a technical and regulatory capacity. Working closely with multiple vendor . Managed security service background ideal CLOUD Security (AZURE OR AWS), IDAM background ideal.
- Threat Vulnerability Management Analyst
- United Kingdom
To monitor, identify and alert internal teams of cyber threats and vulnerabilities. MIRE Att&ck, CIS, OWASP, Vulnerability management tools MUST be able to commute to central London MUST be able to achieve UK SC Clearance. On going support and development.