The National Cyber Security Centre’s (NCSC’s) Active Cyber Defence (ACD) programme removed more online scams from the internet during 2020 than in 2016-2019 combined, as it responded to a 15-fold surge in cyber crime and malicious online activity during the Covid-19 pandemic.
Last year saw a significant expansion of the ACD programme – partly in response to the transformative impact of the pandemic on personal and organisational cyber security – including the introduction of the Suspicious Email Reporting service (Sers), a reporting inbox for the public to forward scam or spam emails to for investigation. Sers has been a runaway success, receiving more than four million reports in 2020, and more in 2021.
The programme also assisted in the UK’s work with allies (such as the US) to call out hostile nation state cyber activity, such as the attribution of cyber attacks on the development of Covid-19 vaccines to the Russia-backed APT29, or Cozy Bear, group; and oversaw the move of the NCSC’s CyberFirst skills outreach programme online, resulting in record numbers of sign-ups from young people.
“As the cyber security community prepares to gather for CyberUK, the ACD report offers a helpful insight into just some of the ways the NCSC has adapted to protect the UK during the pandemic,” said NCSC CEO Lindy Cameron.
“Whether it has been protecting vital research into the vaccine or helping people work from home securely, the NCSC has worked with partners to protect the digital homeland during this unprecedented period.
“I look forward to hearing from thought-leaders at CyberUK as we reflect on this period and look ahead to building a resilient and prosperous digital UK after the pandemic,” she said.
NCSC technical director Ian Levy added: “The ACD programme is truly a collaborative effort, and it’s thanks to our joint efforts with partners both at home and internationally that we’ve been able to significantly ramp up our efforts to protect the UK.
“This has never been more important than in the past year, where it was vital for us to do everything we could to protect our most critical services and the wider public during the pandemic.
“The bold defensive approach taken by the ACD programme continues to ensure our national resilience, and so I urge public bodies, companies and the general public to sign up to the services available to help everyone stay safe online,” said Levy.
Among some of the details in the report is that the NCSC’s Takedown Service removed more than 700,000 scams, totalling 1.4 million unique URLs as it reacted to protect the general public from the surge in pandemic-linked threats, and other scams such as celebrity-backed investments.
The report also details how the ACD programme protected the NHS by monitoring for attacks seeking to harvest health service credentials and compromise critical hospital systems.
It detected more than 120 phishing campaigns using NHS brands, up from 36 in 2019, with lures including vaccine roll-out and information, and fake or unofficial copies of the Test and Trace mobile app – 43 fake NHS apps were removed from the Apple and Google app stores in 2020.
However, while it was by far and away the most exploited source of cyber threats in 2020, the pandemic was not the only. Last year, the ACD programme also noted a surge in attacks themed around TV licensing, corresponding with news of changes to the TV Licence regime for pensioners in July 2020. There were also a number of attempts to run phishing scams around Brexit.
More information on the services provided by the ACD programme – including email and web security for public sector organisations, protective DNS services, and the popular Exercise-In-A-Box training tools, are available from the NCSC.