Cybersecurity experts in the U.K. have overseen a massive fifteen-fold increase in the number of scams removed from the internet, a new report reveals.
The National Cyber Security Centre (NCSC) – a part of GCHQ – disclosed it had taken down more scams in the last year than in the previous three years combined as the organization moved to further protect the U.K. public and critical services such as the NHS during the coronavirus pandemic.
The findings were contained in the fourth annual report on the NCSC’s Active Cyber Defence program, which protects the U.K. from millions of cyber attacks and which was expanded during 2020.
The report was released ahead of the NCSC’s annual CYBERUK gathering, which this year for the first time will be hosted entirely online, enabling wider participation than ever before.
A major focus for the two-day event, which begins on May 11 and features a host of expert speakers from around the world, will be on how the NCSC and cyber security industry has responded to the pandemic.
The new report shows that in the last year more than 700,000 online scams totalling 1.4 million URLs were removed by the NCSC – a massive increase on previous years due largely to the expansion of the center’s Takedown Service.
One particular area of focus last year was protecting the National Health Service (NHS), and the report detailed efforts to monitor for attacks that sought to harvest NHS credentials and potentially compromise critical systems. In 2020 NCSC detected 122 phishing campaigns using NHS branding, compared to 36 in 2019.
Among the lures were those using the COVID-19 NHS vaccine rollout, the first of which was picked up in December. Others included fake or unofficial copies of the NHS Test and Trace mobile app, with the removal of 43 instances of NHS apps hosted and available for download outside of the official Apple and Google app stores.
Beyond the NHS, other areas protected included TV Licensing, which saw a surge in attacks that corresponded with news of changes to TV Licensing entitlements for U.K. pensioners during July 2020.
And while the overall level of Brexit-themed U.K. government phishing was low during 2020, attempts to clone part of the gov.uk website were identified in December. The attack was taken down promptly and relevant departments notified.
Other key figures and findings for 2020 from the report include:
- More than 11,000 U.K.-government-themed phishing campaigns were taken down – more than double the 2019 figure.
- The Suspicious Email Reporting Service was launched in April 2020, and received nearly 4 million reports by year-end, leading to the removal of over 26,000 scams not previously identified by the Takedown Service. The latest figures can be found on the NCSC website.
- The most phished U.K. government brand was Her Majesty’s Revenue and Customs (HMRC).
The report comes ahead of the launch of a new online service which alerts organizations to potential cyber attacks affecting their networks. The new Early Warning service is designed to help organizations defend against cyber attacks by providing timely notifications about possible incidents and security issues and will be launched during CYBERUK.