- Security TWENTY
- Women in Security
The UK’s official National Cyber Security Centre – NCSC, a part of GCHQ – says it had taken down more scams in the last year than in the previous three years combined. That was in the fourth annual report on the NCSC’s Active Cyber Defence programme; released ahead of the NCSC’s annual CYBERUK event, which this year for the first time will be online.
Lindy Cameron, NCSC CEO, said: “As the cyber security community prepares to gather for CYBERUK, the ACD report offers a helpful insight into just some of the ways the NCSC has adapted to protect the UK during the pandemic. Whether it has been protecting vital research into the vaccine or helping people work from home securely, the NCSC has worked with partners to protect the digital homeland during this unprecedented period.”
The NCSC used its Takedown Service against scams such as fake celebrity endorsement scams and bogus Covid vaccines adverts. More than 700,000 online scams totalling 1.4 million URLs were removed by the NCSC. TV Licensing, a common target for online scammers, saw a surge in attacks that corresponded with changes to TV Licensing entitlements for UK pensioners during July 2020. While Brexit-themed UK government phishing was low during 2020, attempts to clone part of the gov.uk website were identified in December. The attack was taken down. The most phished UK government brand was Her Majesty’s Revenue and Customs.
The Suspicious Email Reporting Service was launched in April 2020, and received nearly four million reports by year-end, leading to the removal of over 26,000 scams not previously identified by the Takedown Service.
For the 62-page report, visit the NCSC website.
Mark Crichton, Senior Director of Security Product Management at authentication product company OneSpan, said: “We’ve seen a huge number of Covid related scams over the past year and even as we started to emerge out of the pandemic in the UK, we’re not out of the water yet in terms of fraudulent scams targeting consumers. We’ll start to see cybercriminals switch their focus onto new trends like holidays abroad as restrictions begin to lift. Despite this, it’s promising to see that while scams have surged, we’ve increased the number scam takedowns. But inevitably, with the vast number of scams from cybercriminals, some will still slip through the net.
“Consumers need to have absolute certainty that any unsolicited offering is from a trusted brand by checking the senders email address or phone number. If the communication seems suspicious even in the slightest, they should not click on any links or share any sensitive information.
“As for banks, they are the final line of defence against fraud, so as scams like these continue to be widespread online, it is essential that they are investing in dynamic fraud solutions that analyse vast amounts of data with machine learning and advanced risk analytics to identify abnormal user behaviour in real time. We also must encourage more use of biometrics. New risk-based multifactor authentication with fingerprint, face, or iris recognition will help free us from the burden of unsecure passwords and enable a safer digital world.”
David Carroll, Managing Director of Nominet Cyber Security described the fourth year of Active Cyber Defence as remarkable. “Seeing Protective DNS come to the fore at a time when it was most needed – during the pandemic – is a source of pride here at Nominet. Not only were we able to deliver PDNS to the majority of NHS organisations but, for the first time, PDNS protection was extended to the private sector as it was offered to protect the vaccine supply chain.
“Another key milestone for PDNS was the response to SolarWinds. Proving to be a treasure trove for cyber analysts, the PDNS dataset was able to help NCSC identify the scope of vulnerability across the public sector to inform its incident response.
“Now handling 237 billion DNS requests and with close to 800 organisations onboarded – excluding the 1,000-plus organisations within the Health & Social Care Network (HSCN) – we have scaled PDNS across new ground, proved its effectiveness, and underlined its importance to our national defence. With the intention of ACD to be copied across other industries and foreign governments, we’re committed to delivering PDNS as it evolves to protect the digital world of the future.”