NCSC "achieving its aims" with reduced criminal infrastructures attacking UK
Criminal cyber-infrastructures used to attack the UK have fallen by two thirds, from 72,975 unique IP addresses in 2017 to just 24,320 IP addresses used by attackers in 2018 whose sites were taken down by the NCSC, according to its latest Active Cyber Defence (ADC) report published earlier this week. However, the total number of takedowns, at 192,256, was just marginally down on the 2017 figure of 209,992, a fall of 13 per cent.
Report author Ian Levy suggests that this means criminals are using less infrastructure and hosting more individual attacks on each instance as part of a campaign. He also says that it could be that it is becoming harder to host attacks that the NCSC is interested in. Levy does not suggest that there are now fewer attackers, but acknowledges, "There could be other explanations due to causes hidden from us, but we are unaware of any other systemic work that could obviously cause that sort of effect," hence concludes it is likely that the NCSC is, "achieving our overall goal or making the UK (and UK-related brands) unattractive for cybercrime."
The Takedown Service is just one of the NCSCs activities reported on, with others including, Mail Check and Protective DNS. Mail Check monitors public sector organisations and helps them take control of their emails making phishing attacks much more difficult.
Last year, the NCSC stopped 140,000 separate phishing attacks including the bogus emails from an unnamed UK airport. The NCSC tackles large opportunistic threats but says it needs to prioritise the bigger risks. This can mean that smaller hazards can slip through. In an email to SC Media UK, Matt Walmsley, EMEA director at Vectra, said, " It is great to see the results of the programmes 2nd year of operations but each UK individual, and every UK organisation, needs to foster an attitude of being primarily responsible for their own cyber-security".
David Mount, the director, Europe at Cofense, agreed, commenting: "Unfortunately, while the NCSC may have the ability to help some, it does not have the resources to help everyone in the fight against cybercrime." He then went on to say that people should learn from the examples provided in the report to reduce or prevent harm.
The programme has raised awareness amongst UK organisations and businesses, nonetheless, email attacks have cost businesses and governments £10 billion so far. The report brought up many threats, including Domain Fraud actors that create domains to imitate trusted brands. Adenike Cosgrove, the cyber-security strategist at Proofpoint, told SC Media UK that, "Although progress is being made, email fraud from domain spoofing is still an issue and both businesses and consumers aren’t safe from this increasing threat. In fact, recent Proofpoint research shows that fraudulent domains grew by 11 per cent globally over the past year, with more than 90 per cent of these domains currently lives and active." She added that the NCSC had made a good start looking at government-owned domains.
There was some suggestion that although the NCSC report shows great progress and improvements in cyber-security, it has forced hackers to become more advanced in its attacks so cyber-security crime is becoming harder to solve. It is reported that there are an estimated 1.5 million phishing sites created every month, generating more problems for the NCSC to deal with. Corin Imai, a senior security advisor at DomainTools, suggested that "Organisations and educational institutions need to make a base level of phishing training available for everyone who has Internet access". This would mean that more people would be protected from phishing and the NCSC would have more time to focus on bigger problems. Imai went on to say that, "Taking the profitability out of phishing scams is ultimately how we can continue to build on the good work of the NCSC and move towards making phishing a thing of the past."
Whilst HMRC remains the top phished brand, the Student Loans Company and universities also figure in the top ten. In its report, the NCSC suggested that access to the relevant university mail account is needed to help the criminal gain access to passwords or more. Tim Sadler, CEO at cyber-security firm, Tessian, commented that "Attackers are successfully engineering new ways of deceiving their targets to share data or transfer money. And what better way to convince someone to share information or click a link than to impersonate a position of trust and authority?" To help stop this, Sadler suggested that users should, "Check the sender’s email address and look out for spelling mistakes. And if you're still not sure, then do not respond and verify the sender by calling the company or University in question."
In NCSC’s report (on pg. 46 of PDF in the connected website), it advises that businesses adopt DMARC "as it is only through widespread adoption of better email security that we will have a sustained impact on criminal return on investment and their intent to attack citizens." Sadler claims that "The problem with DMARC is that it only protects against a small fraction of the threats on email. Businesses and government agencies should be aware that a high percentage of emails employees receive are still not DMARC authenticated. This means that while their own domain may be protected from direct impersonation, their employees remain vulnerable to direct impersonation of their external contacts."
Latest Jobs
-
- VOIP / SIP App Developer. Contract. SIP | VOIP experience needed. SC Cleared Outside IR35 Contract. London
- London
- OUTSIDE IR35
-
SIP | VOIP Developer. SC Cleared Contract. London Looking for a SC Cleared SIP / VOIP Developer to develop an application that interacts with a set of voice and video signalling API’s You will also work on developing in-house applications, browser plugins and automated tooling to support secure communication systems. Responsibilities Develop an application that will manage number mapping and associated identities using commercial SBC API’s. Develop new user-facing features using React.js or other modern JavaScript frameworks. Build reusable components and front-end libraries for future use. Collaborate with the design team to translate UI/UX design wireframes into code. Work closely with backend developers to integrate front-end code with server-side logic. Conduct code reviews and provide constructive feedback to team members. Stay up-to-date on emerging technologies and industry trends to continuously improve our front-end development practices. Troubleshoot and debug issues that arise during development and in production environments. Maintain high coding standards and practices and ensure code is well-documented. Requirement Experience of developing specialist applications using REST API’s. Good knowledge of Go, Java and Python (open to alternative combinations of languages). Proficiency in front-end languages and frameworks such as HTML, CSS, JavaScript, React.js, etc. Strong understanding of web standards, responsive design, and cross-browser compatibility. Experience with version control systems such as Git. Knowledge of RESTful APIs and asynchronous request handling. Familiarity with UI/UX design principles and tools.
-
- Senior Data Privacy Consultant. Client Facing | London
- London
- N/A
-
Senior Data Privacy Consultant. Client Facing | London Senior Data Privacy Consultant needed for a key client facing opportunity. Must be willing to undergo SC Security Clearance. Hybrid role- onsite with customer / office 2-3 days a week. London Key Responsibilities: Lead and support client facing data privacy projects. Assess compliance, define and deliver strategic projects / implement privacy solutions. Manage project teams and develop business opportunities. Required Experience: Experience in data protection and privacy standards. Background in consulting. Skills and Qualifications: Business consulting experience IAPP Privacy Manager / Privacy Technologist Location Greater London UK based role. Not able to provide VISA sponsorship.
-
- Security Analyst - Internal role. London commutable. Permanent
- London
- N/A
-
Security Analyst - Internal role. London commutable opportunity. Operational Security - Investigate, escalate and proactively work to ensure household name remains protected. Project Security - Coordinate, log change requests with project delivery teams to meet security requirements Policy / compliance - work with team to aid in uplifting these as and where needed This role is role to investigate, escalate and proactively work to protect a globally recognised brand. You must have current hands on operational analytical security experience with Microsoft technology stack Someone with a SOC Analyst / security engineering background would be well suited. This position will join a small team and would suit someone that has broad experience across the security threat landscape. Experience / knowledge across industry GRC standards such NIST, ISO27001 etc very advantageous and a priority. You will work across multiple teams proactively working to secure the business. Must be able to commute to Central London 3 days a week. Visa sponsorship not available Apply today to find out more.
-
- Network / Security Infrastructure Engineer | West London | Permanent
- London
- N/A
-
Network / Security Infrastructure Engineer | West London | Current Config, Install, upgrade experience On prem / Datacetner experience essential. Hands on experience MUST include: Routing, Switching, Network Security (firewall, IDS etc), Microsoft exchange / Exchange 365. Scripting / automation experience wanted. Python, Powershell etc Regular travel to West London is required. Visa sponsorship not available. Apply today for more information chris.holt@dclsearch.com Use this whatapp link to reach out https://wa.me/message/6USF5RAQBOZIP1