NCSC security agency stops phishing scams and helps reduce online fraud impersonating HMRC as part of ‘active’ cyber defence programme
The UK’s cyber-security watchdog said it has foiled a fraud scheme involving emails that impersonated a UK airport as part of its activities in 2018.
The scam, which made use of a fake gov.uk address, sent some 200,000 emails to members of the public asking them to pay a fee in order to receive a larger refund.
But the emails, sent in late August, were prevented from reaching their recipients, said the National Cyber Security Centre (NCSC) in an annual report.
The NCSC also took the criminals’ real email address offline to prevent them from receiving replies.
The agency said it had stopped 140,000 separate phishing attacks and taken down 190,000 fraudulent sites.
Some 64 percent of malicious sites were offline within 24 hours after being discovered and 99.3 percent eventually went dark.
The report gives details on the NCSC’s Active Cyber Defence (ACD) programme, an interventionist effort launched in late 2016.
ACD has helped to dramatically reduce phishing fraud impersonating HMRC, with HMRC going from the 16th most popular cover for phishing in 2016 to the 146th by the end of 2018.
“These are just two examples of the value of ACD – (it) protected thousands of UK citizens and further reduced the criminal utility of UK brands. Concerted effort can dissuade criminals and protect UK citizens,” said NCSC technical director Ian Levy, the author of the ACD report.
“While this and other successes are encouraging, we know there is more to do, and we would welcome partnerships with people and organisations that wish to contribute to the ACD ecosystem so that together we can further protect UK citizens.”
Primary school attack
Other incidents outlined in the report include a primary school that was being used to spread the Ramnit worm due to insufficient antivirus systems; a public sector organisation that was infected by malware via a USB stick; another public sector organisation breached after an employee downloaded unauthorised software; and more than 300 public sector networks found to still be using Windows XP, which has not been officially supported since 2014.
David Lidington, Minister for the Cabinet Office, highlighted the NCSC’s successes as part of the government’s cyber strategy, launched in 2016.
“Over the past three years, backed by a £1.9bn investment, we have revolutionised the UK’s fight against cyber threats as part of an ambitious programme of action,” he said.
In March the National Audit Office criticised the UK’s cyber-defence plan, saying it lacked a clear focus and was not doing enough to protect critical infrastructure.
But the NAO praised the NCSC, noting its successes in areas such as reducing phishing and other forms of online fraud.