NCSC "achieving its aims" with reduced criminal infrastructures attacking UK
.png)
Criminal cyber-infrastructures used to attack the UK have fallen by two thirds, from 72,975 unique IP addresses in 2017 to just 24,320 IP addresses used by attackers in 2018 whose sites were taken down by the NCSC, according to its latest Active Cyber Defence (ADC) report published earlier this week. However, the total number of takedowns, at 192,256, was just marginally down on the 2017 figure of 209,992, a fall of 13 per cent.
Report author Ian Levy suggests that this means criminals are using less infrastructure and hosting more individual attacks on each instance as part of a campaign. He also says that it could be that it is becoming harder to host attacks that the NCSC is interested in. Levy does not suggest that there are now fewer attackers, but acknowledges, "There could be other explanations due to causes hidden from us, but we are unaware of any other systemic work that could obviously cause that sort of effect," hence concludes it is likely that the NCSC is, "achieving our overall goal or making the UK (and UK-related brands) unattractive for cybercrime."
The Takedown Service is just one of the NCSCs activities reported on, with others including, Mail Check and Protective DNS. Mail Check monitors public sector organisations and helps them take control of their emails making phishing attacks much more difficult.
Last year, the NCSC stopped 140,000 separate phishing attacks including the bogus emails from an unnamed UK airport. The NCSC tackles large opportunistic threats but says it needs to prioritise the bigger risks. This can mean that smaller hazards can slip through. In an email to SC Media UK, Matt Walmsley, EMEA director at Vectra, said, " It is great to see the results of the programmes 2nd year of operations but each UK individual, and every UK organisation, needs to foster an attitude of being primarily responsible for their own cyber-security".
David Mount, the director, Europe at Cofense, agreed, commenting: "Unfortunately, while the NCSC may have the ability to help some, it does not have the resources to help everyone in the fight against cybercrime." He then went on to say that people should learn from the examples provided in the report to reduce or prevent harm.
The programme has raised awareness amongst UK organisations and businesses, nonetheless, email attacks have cost businesses and governments £10 billion so far. The report brought up many threats, including Domain Fraud actors that create domains to imitate trusted brands. Adenike Cosgrove, the cyber-security strategist at Proofpoint, told SC Media UK that, "Although progress is being made, email fraud from domain spoofing is still an issue and both businesses and consumers aren’t safe from this increasing threat. In fact, recent Proofpoint research shows that fraudulent domains grew by 11 per cent globally over the past year, with more than 90 per cent of these domains currently lives and active." She added that the NCSC had made a good start looking at government-owned domains.
There was some suggestion that although the NCSC report shows great progress and improvements in cyber-security, it has forced hackers to become more advanced in its attacks so cyber-security crime is becoming harder to solve. It is reported that there are an estimated 1.5 million phishing sites created every month, generating more problems for the NCSC to deal with. Corin Imai, a senior security advisor at DomainTools, suggested that "Organisations and educational institutions need to make a base level of phishing training available for everyone who has Internet access". This would mean that more people would be protected from phishing and the NCSC would have more time to focus on bigger problems. Imai went on to say that, "Taking the profitability out of phishing scams is ultimately how we can continue to build on the good work of the NCSC and move towards making phishing a thing of the past."
Whilst HMRC remains the top phished brand, the Student Loans Company and universities also figure in the top ten. In its report, the NCSC suggested that access to the relevant university mail account is needed to help the criminal gain access to passwords or more. Tim Sadler, CEO at cyber-security firm, Tessian, commented that "Attackers are successfully engineering new ways of deceiving their targets to share data or transfer money. And what better way to convince someone to share information or click a link than to impersonate a position of trust and authority?" To help stop this, Sadler suggested that users should, "Check the sender’s email address and look out for spelling mistakes. And if you're still not sure, then do not respond and verify the sender by calling the company or University in question."
In NCSC’s report (on pg. 46 of PDF in the connected website), it advises that businesses adopt DMARC "as it is only through widespread adoption of better email security that we will have a sustained impact on criminal return on investment and their intent to attack citizens." Sadler claims that "The problem with DMARC is that it only protects against a small fraction of the threats on email. Businesses and government agencies should be aware that a high percentage of emails employees receive are still not DMARC authenticated. This means that while their own domain may be protected from direct impersonation, their employees remain vulnerable to direct impersonation of their external contacts."
source scmagazineuk
Industry: Cyber Security
Latest Jobs
-
- Sailpoint IIQ Consultant
- London
- Up to £75,000
-
SailPoint IIQ consultant- London We are looking for a strong SailPoint IIQ consultant to work for this global enterprise, in this position you will be the lead consultant in regard to the IAM and PAM tools Duties include Responsible for designing, developing, testing, implementing, and integrating IAM (SailPoint) systems and solutions. Assessing requirements for Identity and Access Management solutions to meet stakeholders needs. Provide support for production IAM infrastructure systems and processes. Ensures the maintenance, patching, operating, and monitoring of IAM systems. Ensures senior management and staff are informed of any changes and updates in a timely manner. Experience with Maintaining and supporting SailPoint IIQ Assessing requirements for Privilege Access Management solutions to meet stakeholders needs We are looking for someone with the following experience SailPoint IIQ experience Expertise working with SailPoint Identity IQ platform - Access Lifecycle Management, Certifications, Role Management Expertise in onboarding applications with various connectors like Active Directory, JDBC, SCIM 2.0, Azure Active Directory Expertise in developing APIs (SCIM, REST) leveraging Java based developmentExperience of Privileged Access Management concepts and use cases Unfortunatly we are unable to provide sponsorship for this opportunity, therefore applications will need to be able to work in the UK
-
- SailPoint Consultant- Netherland-
- Netherlands
- upto €700 per day
-
We are looking for a highly skilled SailPoint IIQ Consultant to work on a major deployment project. The ideal candidate will have experience with all aspects of SailPoint IIQ, including development, configuration, and administration. They will also be able to work independently and as part of a team to deliver high-quality results. · Responsibilities · Develop and configure Sailpoint IIQ solutions · Integrate SailPoint IIQ with other systems · Support SailPoint IIQ deployments · Provide technical support to users If you are a highly skilled SailPoint IIQ consultant who is looking for their next project, we encourage you to apply. look forward to hearing from you!
-
- Lead CyberArk deployment Consultant
- London
- Upto £80,000 plus benefits
-
CyberArk Consultant is needed to be responsible for leading the deployment of CyberArk solutions for this expanding IT services business, You will work with customer both pre and post sales, getting involved in CyberArk Solution Design, helping to create CyberArk Strategic Roadmaps, on-boarding accounts, product and process integration into the CyberArk Solution and Proviso of Installation and technical Documentation. We are looking for this individual to have experience in: Installation of CyberArk PAS for V11.X and V12.X (Vault, DR Vault, Central Policy Manager and Password Vault Web Access) Upgrade of CyberArk from V9 and V10 (Vault, DR Vault, Central Policy Manager and Password Vault Web Access) Installation and Upgrade of Privilege Session Manager and Privilege Session Manager Proxy As some of your client will be government site, all individual will need to be put through SC clearance, therefore you must be eligible to receive this and happy to be put through(With a British Citizen or to have lived in the UK for the past 5 years) We are unable to provide work visa sponsorship for this opportunity
-
- Senior Business Analyst - Outside IR35 Contract, SC Clearance Required, London
- London
- £400 per day outside IR35
-
Senior Business Analyst - Outside IR35 Contract, SC Clearance Required, Based in London Project- to engage with colleagues and stakeholders to investigate and model business functions, processes, information flows and data structures, using a range of business analysis techniques. • You will translate the solution to the business problem into detailed requirements by creating user stories and well-defined acceptance criteria. • Elicit end-to-end business requirements for a live cross-government service • Working across the Government departments to bring together varied business and operational outcomes to form a holistic overall set of service requirements Current SC clearance is required. As is the ability to travel to London.