National Cyber Security Centre
Fifteen times more online scams stamped out as cyber experts moved to protect UK during pandemic
The fourth annual report on the NCSC’s Active Cyber Defence (ACD) programme is released.
- National Cyber Security Centre (NCSC) reveals how Active Cyber Defence (ACD) programme was used to protect public and NHS
- Expansion of ACD among range of ways NCSC adapted to support UK during coronavirus pandemic
- Details revealed in a new report ahead of first-ever virtual CYBERUK
CYBER security experts in the UK have overseen a massive fifteen-fold increase in the number of scams removed from the internet, a new report reveals today (Monday).
The National Cyber Security Centre – a part of GCHQ – disclosed it had taken down more scams in the last year than in the previous three years combined as the organisation moved to further protect the UK public and critical services such as the NHS during the coronavirus pandemic.
The findings were contained in the fourth annual report on the NCSC’s Active Cyber Defence programme, a pioneering service which protects the UK from millions of cyber attacks and which was expanded during 2020.
The report was released ahead of the NCSC’s annual CYBERUK gathering, which this year for the first time will be hosted entirely online, enabling wider participation than ever before.
A major focus for the two-day event, which begins tomorrow (Tuesday) and features a host of expert speakers from around the world, will be on how the NCSC and cyber security industry has responded to the pandemic.
The NCSC response included the introduction of the hugely successful Suspicious Email Reporting Service, a new feature of the ACD programme launched in April 2020 which received nearly 4 million reports of suspect emails from members of the public last year alone.
The organisation also worked with allies to call out hostile state activity and last year exposed Russian attacks on coronavirus vaccine development.
And to help ensure young people were able to continue learning valuable cyber security skills the NCSC moved its CyberFirst courses online for the first time, leading to record numbers of sign-ups.
Lindy Cameron, NCSC CEO, said:
“As the cyber security community prepares to gather for CYBERUK, the ACD report offers a helpful insight into just some of the ways the NCSC has adapted to protect the UK during the pandemic.
“Whether it has been protecting vital research into the vaccine or helping people work from home securely, the NCSC has worked with partners to protect the digital homeland during this unprecedented period.
“I look forward to hearing from thought-leaders at CYBERUK as we reflect on this period and look ahead to building a resilient and prosperous digital UK after the pandemic.”
Dr Ian Levy, Technical Director of the NCSC, added:
“The ACD programme is truly a collaborative effort, and it’s thanks to our joint efforts with partners both at home and internationally that we’ve been able to significantly ramp up our efforts to protect the UK.
“This has never been more important than in the last year, where it was vital for us to do everything we could to protect our most critical services and the wider public during the pandemic.
“The bold defensive approach taken by the ACD programme continues to ensure our national resilience and so I urge public bodies, companies and the general public to sign up to the services available to help everyone stay safe online.”
The latest ACD report highlights how the NCSC used its Takedown Service to protect the public from scams including fake celebrity endorsement scams and bogus Covid vaccines adverts.
The report showed that in the last year more than 700,000 online scams totalling 1.4 million URLs were removed by the NCSC – a massive increase on previous years due largely to the expansion of the Takedown Service.
One particular area of focus for ACD last year was protecting the NHS, and the report detailed efforts to monitor for attacks that sought to harvest NHS credentials and potentially compromise critical systems. In 2020 ACD detected 122 phishing campaigns using NHS branding, compared to 36 in 2019.
Among the lures were those using the COVID-19 NHS vaccine rollout, the first of which was picked up in December. Others included fake or unofficial copies of the NHS Test and Trace mobile app, with the removal of 43 instances of NHS apps hosted and available for download outside of the official Apple and Google app stores.
Beyond the NHS, other areas protected included TV Licensing, which saw a surge in attacks that corresponded with news of changes to TV Licensing entitlements for UK pensioners during July 2020.
And while the overall level of Brexit-themed UK government phishing was low during 2020, attempts to clone part of the gov.uk website were identified in December. The attack was taken down promptly and relevant departments notified.
Introduced by the NCSC in 2016, the ACD programme includes a number of services which are designed to protect the UK from different online threats. Services include Mail Check, Web Check, Protective DNS, Exercise in a Box and the Suspicious Email Reporting Service.
Other key figures and findings for 2020 from the ACD Fourth Year report include:
- More than 11,000 UK-government-themed phishing campaigns were taken down – more than double the 2019 figure.
- The Suspicious Email Reporting Service was launched in April 2020, and received nearly 4 million reports by year-end, leading to the removal of over 26,000 scams not previously identified by the Takedown Service. The latest figures can be found on the NCSC website.
- The most phished UK government brand was Her Majesty’s Revenue and Customs (HMRC).
A pre-recorded session about ACD services and how they help defend the UK from cyber threats will be available during CYBERUK.
The report also comes ahead of the launch of a new online service which alerts organisations to potential cyber attacks affecting their networks.
The new Early Warning service is designed to help organisations defend against cyber attacks by providing timely notifications about possible incidents and security issues and will be launched during CYBERUK.
Latest News from
National Cyber Security Centre
Wanted: Cyber security innovators to help secure UK networks14/06/2021 11:15:00
Call open for pioneering companies to apply for new NCSC for Startups initiative.
Alert: Further ransomware attacks on the UK education sector by cyber criminals04/06/2021 16:10:00
The NCSC is responding to further ransomware attacks on the education sector by cyber criminals.
NCSC launches online game to give children a head start with staying cyber secure25/05/2021 14:15:00
CyberSprinters, an educational cyber security game, has been launched by the NCSC.
Neurodiversity and disability to be captured in second survey on diversity of UK cyber sector14/05/2021 16:15:00
NCSC and KPMG UK launch second survey to help improve diversity in the cyber security industry.
New tool launched to support organisations achieve Cyber Essentials certification12/05/2021 16:05:00
Cyber Essentials Readiness Tool asks organisations questions related to the main Cyber Essentials criteria to help prepare them for certification.
British tech startups offered help to keep innovations secure12/05/2021 15:05:00
New guidance from the NCSC and the Centre for the Protection of National Infrastructure (CPNI) to help fledgling technical companies consider key questions around security.
Large UK organisations offered ten steps to stay ahead of cyber threat12/05/2021 10:15:00
Refreshed 10 Steps to Cyber Security guidance released for cyber security professionals in large and medium sized organisations.
Cyber experts set out blueprint to secure smart cities of the future10/05/2021 09:15:00
The NCSC has published a set of principles outlining how to securely design, manage and build smart cities.