Fifteen times more online scams stamped out as cyber experts moved to protect UK during pandemic

10 May 2021 01:43 PM

The fourth annual report on the NCSC’s Active Cyber Defence (ACD) programme is released.

Decorative image

CYBER security experts in the UK have overseen a massive fifteen-fold increase in the number of scams removed from the internet, a new report reveals today (Monday).

The National Cyber Security Centre – a part of GCHQ – disclosed it had taken down more scams in the last year than in the previous three years combined as the organisation moved to further protect the UK public and critical services such as the NHS during the coronavirus pandemic.

The findings were contained in the fourth annual report on the NCSC’s Active Cyber Defence programme, a pioneering service which protects the UK from millions of cyber attacks and which was expanded during 2020.

The report was released ahead of the NCSC’s annual CYBERUK gathering, which this year for the first time will be hosted entirely online, enabling wider participation than ever before.

A major focus for the two-day event, which begins tomorrow (Tuesday) and features a host of expert speakers from around the world, will be on how the NCSC and cyber security industry has responded to the pandemic.

The NCSC response included the introduction of the hugely successful Suspicious Email Reporting Service, a new feature of the ACD programme launched in April 2020 which received nearly 4 million reports of suspect emails from members of the public last year alone.

The organisation also worked with allies to call out hostile state activity and last year exposed Russian attacks on coronavirus vaccine development.

And to help ensure young people were able to continue learning valuable cyber security skills the NCSC moved its CyberFirst courses online for the first time, leading to record numbers of sign-ups.

Lindy Cameron, NCSC CEO, said:

“As the cyber security community prepares to gather for CYBERUK, the ACD report offers a helpful insight into just some of the ways the NCSC has adapted to protect the UK during the pandemic.

“Whether it has been protecting vital research into the vaccine or helping people work from home securely, the NCSC has worked with partners to protect the digital homeland during this unprecedented period.

“I look forward to hearing from thought-leaders at CYBERUK as we reflect on this period and look ahead to building a resilient and prosperous digital UK after the pandemic.”

Dr Ian Levy, Technical Director of the NCSC, added:

“The ACD programme is truly a collaborative effort, and it’s thanks to our joint efforts with partners both at home and internationally that we’ve been able to significantly ramp up our efforts to protect the UK.

“This has never been more important than in the last year, where it was vital for us to do everything we could to protect our most critical services and the wider public during the pandemic.

“The bold defensive approach taken by the ACD programme continues to ensure our national resilience and so I urge public bodies, companies and the general public to sign up to the services available to help everyone stay safe online.”

The latest ACD report highlights how the NCSC used its Takedown Service to protect the public from scams including fake celebrity endorsement scams and bogus Covid vaccines adverts.

The report showed that in the last year more than 700,000 online scams totalling 1.4 million URLs were removed by the NCSC – a massive increase on previous years due largely to the expansion of the Takedown Service.

One particular area of focus for ACD last year was protecting the NHS, and the report detailed efforts to monitor for attacks that sought to harvest NHS credentials and potentially compromise critical systems. In 2020 ACD detected 122 phishing campaigns using NHS branding, compared to 36 in 2019.

Among the lures were those using the COVID-19 NHS vaccine rollout, the first of which was picked up in December. Others included fake or unofficial copies of the NHS Test and Trace mobile app, with the removal of 43 instances of NHS apps hosted and available for download outside of the official Apple and Google app stores.

Beyond the NHS, other areas protected included TV Licensing, which saw a surge in attacks that corresponded with news of changes to TV Licensing entitlements for UK pensioners during July 2020.

And while the overall level of Brexit-themed UK government phishing was low during 2020, attempts to clone part of the gov.uk website were identified in December. The attack was taken down promptly and relevant departments notified.

Introduced by the NCSC in 2016, the ACD programme includes a number of services which are designed to protect the UK from different online threats. Services include Mail Check, Web Check, Protective DNS, Exercise in a Box and the Suspicious Email Reporting Service.

Other key figures and findings for 2020 from the ACD Fourth Year report include:

A pre-recorded session about ACD services and how they help defend the UK from cyber threats will be available during CYBERUK.

The report also comes ahead of the launch of a new online service which alerts organisations to potential cyber attacks affecting their networks.

The new Early Warning service is designed to help organisations defend against cyber attacks by providing timely notifications about possible incidents and security issues and will be launched during CYBERUK.