NCSC "achieving its aims" with reduced criminal infrastructures attacking UK
.png)
Criminal cyber-infrastructures used to attack the UK have fallen by two thirds, from 72,975 unique IP addresses in 2017 to just 24,320 IP addresses used by attackers in 2018 whose sites were taken down by the NCSC, according to its latest Active Cyber Defence (ADC) report published earlier this week. However, the total number of takedowns, at 192,256, was just marginally down on the 2017 figure of 209,992, a fall of 13 per cent.
Report author Ian Levy suggests that this means criminals are using less infrastructure and hosting more individual attacks on each instance as part of a campaign. He also says that it could be that it is becoming harder to host attacks that the NCSC is interested in. Levy does not suggest that there are now fewer attackers, but acknowledges, "There could be other explanations due to causes hidden from us, but we are unaware of any other systemic work that could obviously cause that sort of effect," hence concludes it is likely that the NCSC is, "achieving our overall goal or making the UK (and UK-related brands) unattractive for cybercrime."
The Takedown Service is just one of the NCSCs activities reported on, with others including, Mail Check and Protective DNS. Mail Check monitors public sector organisations and helps them take control of their emails making phishing attacks much more difficult.
Last year, the NCSC stopped 140,000 separate phishing attacks including the bogus emails from an unnamed UK airport. The NCSC tackles large opportunistic threats but says it needs to prioritise the bigger risks. This can mean that smaller hazards can slip through. In an email to SC Media UK, Matt Walmsley, EMEA director at Vectra, said, " It is great to see the results of the programmes 2nd year of operations but each UK individual, and every UK organisation, needs to foster an attitude of being primarily responsible for their own cyber-security".
David Mount, the director, Europe at Cofense, agreed, commenting: "Unfortunately, while the NCSC may have the ability to help some, it does not have the resources to help everyone in the fight against cybercrime." He then went on to say that people should learn from the examples provided in the report to reduce or prevent harm.
The programme has raised awareness amongst UK organisations and businesses, nonetheless, email attacks have cost businesses and governments £10 billion so far. The report brought up many threats, including Domain Fraud actors that create domains to imitate trusted brands. Adenike Cosgrove, the cyber-security strategist at Proofpoint, told SC Media UK that, "Although progress is being made, email fraud from domain spoofing is still an issue and both businesses and consumers aren’t safe from this increasing threat. In fact, recent Proofpoint research shows that fraudulent domains grew by 11 per cent globally over the past year, with more than 90 per cent of these domains currently lives and active." She added that the NCSC had made a good start looking at government-owned domains.
There was some suggestion that although the NCSC report shows great progress and improvements in cyber-security, it has forced hackers to become more advanced in its attacks so cyber-security crime is becoming harder to solve. It is reported that there are an estimated 1.5 million phishing sites created every month, generating more problems for the NCSC to deal with. Corin Imai, a senior security advisor at DomainTools, suggested that "Organisations and educational institutions need to make a base level of phishing training available for everyone who has Internet access". This would mean that more people would be protected from phishing and the NCSC would have more time to focus on bigger problems. Imai went on to say that, "Taking the profitability out of phishing scams is ultimately how we can continue to build on the good work of the NCSC and move towards making phishing a thing of the past."
Whilst HMRC remains the top phished brand, the Student Loans Company and universities also figure in the top ten. In its report, the NCSC suggested that access to the relevant university mail account is needed to help the criminal gain access to passwords or more. Tim Sadler, CEO at cyber-security firm, Tessian, commented that "Attackers are successfully engineering new ways of deceiving their targets to share data or transfer money. And what better way to convince someone to share information or click a link than to impersonate a position of trust and authority?" To help stop this, Sadler suggested that users should, "Check the sender’s email address and look out for spelling mistakes. And if you're still not sure, then do not respond and verify the sender by calling the company or University in question."
In NCSC’s report (on pg. 46 of PDF in the connected website), it advises that businesses adopt DMARC "as it is only through widespread adoption of better email security that we will have a sustained impact on criminal return on investment and their intent to attack citizens." Sadler claims that "The problem with DMARC is that it only protects against a small fraction of the threats on email. Businesses and government agencies should be aware that a high percentage of emails employees receive are still not DMARC authenticated. This means that while their own domain may be protected from direct impersonation, their employees remain vulnerable to direct impersonation of their external contacts."

Latest Jobs
-
- Identity Channel Partner Manager | London
- London
- N/A
-
Identity Channel Partner Manager | London Location: South East UK (commutable to London) We are working with a Cyber Security business who are looking for a Channel Partner Manager to drive and grow relationships across their identity ecosystem. Prior experience working within VARs, distributors, vendors or resellers in the identity space is essential. You must have experience working with technologies such as CyberArk, Sailpoint, Okta etc Responsibilities will include, but not be limited to: Build, maintain and develop strong relationships with channel partners. Work closely with partner sales teams to support growth drive sales opportunities. Identify and onboard new partners while strengthening existing partnerships. Act as the key point of contact for all channel-related activity. If you are an experienced channel professional, with experience in the Identity space and are ready for your next challenge, apply today.
-
- Service Architect- DACH regions
- Germany
- Upto €110,000 plus bonus and benefits
-
Lead Service Architect with the authority and experience to take control of complex, multi-million-euro outsourcing bids. This role is about leading the Service/ solutioning effort, bringing structure to chaos, and driving the entire bid team to deliver winning proposals. The company area a global managed services business working with enterprise and public sector clients, across Cloud, End-User Computing, Digital Workplace, Service Desk, and Network Infrastructure. What You’ll Do: Lead Service/ solution design from qualification to contract. Control bid teams — architects, pricing, delivery, and SMEs. Break down RFPs/RFIs into actionable, costed, client-ready solutions. Present internally and to clients at decision-maker level. Run solution workshops, own the architecture, and shape the financial model. You’ll Need: Experience working as a Service architect, Service Manager or Customer Success Manager R Gravitas to lead and drive teams through high-stakes bids. Deep knowledge of managed services delivery and commercial models. Strong technical grasp: Cloud, Security, EUC, Unified Comms, Service Desk, and more. Experience leading deals across onshore, offshore, and hybrid delivery models.
-
- Deal Architect- DACH region
- Germany
- Upto €110,000 plus bonus and benefits
-
Lead Deal Architect with the authority and experience to take control of complex, multi-million-euro outsourcing bids. This role is about leading the solutioning/ Service effort, bringing structure to chaos, and driving the entire bid team to deliver winning proposals. The company is a global managed services business providing solutions to enterprise and public sector clients, across Cloud, End-User Computing, Digital Workplace, Service Desk, and Network Infrastructure. What You’ll Do: Lead the deal from qualification to contract. Control bid teams — architects, pricing, delivery, and SMEs. Break down RFPs/RFIs into actionable, costed, client-ready solutions. Present internally and to clients at decision-maker level. Run solution workshops, own the architecture, and shape the financial model. Be responsible for the service Wrap and ensuring the Service meets clients requirements You’ll Need: A back ground with IT Services Experience in a similar type of role, for example: Deal, Service, or Solution Architect in ICT outsourcing. Gravitas to lead and drive teams through high-stakes bids. Deep knowledge of managed services delivery and commercial models. Strong technical knowledge: Cloud, Security, EUC, Unified Comms, Service Desk, and more. Experience leading deals across onshore, offshore, and hybrid delivery models.
-
- Pre Sales Lead- IT Services
- Germany
- Upto €100,000 plus benefits
-
As the Pre-Sales Lead (Sales Engineer/ Solution Architect) you will drive large-scale ICT managed services and outsourcing deals (from €0.5M to €20M+). You'll work directly with Business Development and clients to design high-impact solutions across Cloud (Azure, IaaS, SaaS, PaaS), EUC, Unified Comms, Security (SIEM, PAM), Networks, and Smart Workplaces. What You’ll Do: Lead the end-to-end pre-sales cycle — from RFI/RFP to contract. Design innovative, client-specific solutions with technical & commercial impact. Present at CxO level and steer proposal strategies & financial models. Collaborate closely with Portfolio, Service Desk, Field, and Digital Workplace teams. Support deal shaping with strong knowledge of ITIL, SIAM, Automation, and cost analysis. What You’ll Bring: Have strong experience in pre-sales or solution architecture. Experience with €M+ managed service deals. Deep technical expertise in modern ICT stack and enterprise IT services. Strong German (C1) and English communication skills. Certifications: ITIL v3/v4 required; SIAM, ISO20000 desirable.