While the top five UK phished government-related brands remained the same between 2017 and 2018, including gov.uk, TV Licensing, HM Revenue and Customs and DVLA, they’ve changed in order, according to a report by the official NCSC (National Cyber Security Centre) on the second year of its Active Cyber Defence (ACD) programme.
HMRC has remained at the top but there has been a very significant improvement in the number of attacks seen by NCSC. University-related phishing attacks appear to be harvesting credentials for university webmail services and have increased significantly over the year. The NCSC says it doesn’t know how the criminals are going to monetise those credentials, but it’s possibly linked to the Student Loans Company-related attacks. Attackers will often impersonate well-known public sector organisations, the report notes, to extract a fee from their victims.
Meanwhile the top brands impersonated by advance fee fraudsters are to do with money, such as the Bank of England or the National Lottery. An impersonation of the legal system is used as a common lure in advance fee fraud attacks, whether bogus law firms, or impersonation of legitimate law firms.
Malicious code on shopping websites not kept up to date with patches skims the customers’ credit card details as they check out of the real site. The site owner doesn’t know anything about it – they still have a fully functioning shopping site.
The report sets out how the centre intends to ‘raise the cost and risk of mounting commodity cyber attacks against the UK, thereby reducing the return on investment for the criminals’; not promising to stop all cyber attacks, but to disrupt, to protect most people from most of the harm caused by most of the cyber attacks, most of the time. The document points out that criminal modus operandi evolve as protections are put in place, making curating email security, including the DMARC email authentication protocol, a long-term effort for any organisation.
The NCSC proposes to make a prototype ‘Internet Weather Centre’, that aims to draw on multiple data sources to ‘really understand the digital landscape of the UK’.
The report gives case studies, such as a spoof email campaign that was thwarting from sending 200,000 emails, purporting to be from an airport with a gov.uk address – enough to make the Centre suspicious – and two fire services that merged to form a new service with a new name and associated internet domain. NCSC Technical Director Dr Ian Levy said: “These are just two examples of the value of ACD – they protected thousands of UK citizens and further reduced the criminal utility of UK brands. Concerted effort can dissuade criminals and protect UK citizens. While this and other successes are encouraging, we know there is more to do, and we would welcome partnerships with people and organisations who wish to contribute to the ACD ecosystem so that together we can further protect UK citizens.
“This second comprehensive analysis we have undertaken of the programme shows that this bold approach to preventing cyber attacks is continuing to deliver for the British public.”
The report notes that a pernicious characteristic of cyber attack is that it’s easy to enable others with less skill to purport attacks. “That’s different to the real world. If you put up a burglar alarm, CCTV, a good lock and so on, burglars will be discouraged from trying to get into your house. If lots of people do this in your neighbourhood, it will become less attractive for burglars to wander your local streets.”
In a blog to accompany the report, Ian Levy said that cyber crime really does run on a return on investment model, ‘and if we can affect that, we can demotivate attackers from targeting the UK’. For the blog in full visit the NCSC website.
For the 84-page report visit https://www.ncsc.gov.uk/report/active-cyber-defence-report-2019.
Comments
David Mount, Director, Europe at Cofense said: ““As important as technology is in the fight against those with malicious intent, it should be allied with employee awareness and education to keep businesses secure. By deploying their most adaptable and intelligent resource – employees – businesses can build a risk-aware culture and stand strong in the fight against threat actors. With a human defence shield identifying suspicious activity, reporting it in a way that is simple, yet gives the security team all it needs to triage against other incidents, cyber intelligence can be generated and fed back into the business to make those first line responders even more effective. By combining real time intelligence from security-aware humans, with leading-edge technology, organisations can identify both vulnerabilities and active attacks in progress more quickly with fewer resources, leading to a more successful outcome.”
Matt Lock – Technical Director at Varonis said: “While it is reassuring to know government officials are working diligently to thwart cyber criminals, businesses and individuals must stay on alert. Cyber criminals have an array of tools and techniques at their disposal and will continue to change course to avoid detection and follow the money.”
And Corin Imai, senior security advisor at DomainTools said: “This is a massively encouraging progress report we have received from the NCSC, and the UK is extremely wise to have invested in such a diligent dedicated cybersecurity centre in order to combat cybercrime. Phishing is one of the most common and sadly one of the most effective methods of extracting funds by nefarious means from the general public, so the NCSC being able to stop 140,000 separate phishing attacks is a step in the right direction. However, there is only so much that one organisation can do on its own – even a government funded one. With an estimated 1.5 million new phishing sites created every month, cybersecurity teams at governments all over the world need to be working as hard as the NCSC.”
