A scam to defraud thousands of U.K. citizens using a fake email address spoofing a British airport was one of a wide range of cyber attacks successfully prevented by the National Cyber Security Centre (NCSC).
Details of the criminal campaign are just one case study of many in Active Cyber Defence – The Second Year, a report released on July 16 analyzing British cyber defense.
The incident occurred last August when criminals tried to send in excess of 200,000 emails purporting to be from a U.K. airport and using a non-existent gov.uk address in a bid to defraud people.
However, the emails never reached the intended recipients’ inboxes because the NCSC’s Active Cyber Defence (ACD) system automatically detected the suspicious domain name and the recipient’s mail providers never delivered the spoof messages. The real email account used by the criminals to communicate with victims was also taken down.
A combination of ACD services has helped Her Majesty’s Revenue and Customs (HMRC) – which, among other things, is responsible for collecting taxes – own efforts in massively reducing the criminal use of their brand. HMRC was the 16th most phished brand globally in 2016, but by the end of 2018 it was 146th in the world.
Introduced by the NCSC in 2016, ACD stops millions of cyber attacks from happening. It includes the pioneering programs Web Check, DMARC, Public Sector DNS and a takedown service.
The ACD technology, which is free at the point of use, intends to protect the majority of the U.K. from the majority of the harm from the majority of the attacks the majority of the time.
Other key findings for 2018 from the second ACD report include:
- In 2018 the NCSC took down 22,133 phishing campaigns hosted in U.K. delegated IP space, totaling 142,203 individual attacks;
- 14,124 U.K. government-related phishing sites were removed;
- The total number of takedowns of fraudulent websites was 192,256, and across 2018, with 64% of them down in 24 hours;
- The number of individual web checks run has increased almost 100-fold, and NCSC issued a total of 111,853 advisories direct to users in 2018.
The new report also looks to the future of ACD, highlighting a number of areas in development. These include:
- The work between the NCSC and Action Fraud to design and build a new automated system which allows the public to report suspicious emails easily. The NCSC aims to launch this system to the public later in 2019;
- The development of the NCSC Internet Weather Centre, which will aim to draw on multiple data sources to allow us to really understand the digital landscape of the U.K.;
- The development of an Infrastructure Check service: a web-based tool to help public sector and critical national infrastructure providers scan their internet-connected infrastructure for vulnerabilities;
- NCSC researchers have begun exploring additional ways to use the data created as part of the normal operation of the public sector protective DNS service to help our users better understand and protect the technologies in use on their networks.
Announcing the results of the report, Dr Ian Levy, Technical Director of the NCSC said the organization welcomes partnerships to help strengthen the country’s cyber defense.
“The NCSC is not the only organization with good ideas, and we are not the only country connected to the internet. We would welcome partnerships with people and organizations who wish to contribute to the ACD service ecosystem, analysis of the data or contributing data or infrastructure to help us make better inferences.
“We believe that evidence-based cyber security policy – driven by evidence and data rather than hyperbole and fear – is a possibility.”