The National Cyber Security Centre (NCSC) sixth annual report from their Active Cyber Defence (ACD) programme has revealed a continuing threat to the United Kingdom with a record-breaking 7.1m suspicious emails and websites reported to authorities in 2022 – equivalent to one every five seconds.
The ACD programme has been a key aspect of improving public-sector cybersecurity since 2016 and the latest report showed that phishing scams remain the most prevalent attack in the UK despite a 30% reduction in takedowns in 2022 compared with 2021.
The ACD programme aims to reduce the harm from cyber-attacks by providing tools and services that protect from a range of attacks. The programme is one of the NCSC’s most successful projects to counter online threats, reducing high volume attacks -like malware- from reaching UK citizens with core services including Takedown, Protective DNS, Early Warning and Exercise in a Box.
The report says: “Small businesses constitute 99% of the UK’s business ecosystem and, the ACD programme and its services aim to help protect these businesses from the harms caused by cyber-attacks. The appetite for more knowledge and support with cyber security is evident, with a 39% increase in signups to the ACD services in 2022.”
The key findings and important trends identified through the ACD programme include:
• The Takedown Service finds malicious sites and sends notifications to the host or owner to get them removed from the internet before significant harm can be done. The total takedowns by campaign group, which had risen to 2.7 million in 2021 (from 700,000 in 2020) fell to 1.8 million in 2022
• Most of the reduction in takedowns can be attributed to extortion mail servers (down 528,000) and cryptocurrency investment scams (down 459,000), whilst the frequency of other attack types has either grown or remained static.
• Mail Check, the NCSC’s platform for assessing email security compliance, saw an increase in the number of organisations using the service, up to 2,452 from 1,530 at the end of 2021. This was primarily driven by an uptake across universities, colleges, schools and charities.
• The number of unique URLs and domains being scanned increased by 33%. The service presented over 12,000 ‘urgent findings’ to users, of which 95% have been resolved. There was direct removal of nearly a quarter of a million (235,000) malicious URLs from the internet
• The Protective Domain Name Service (PDNS), which provides safeguards to prevent organisations from accessing malicious sites containing malware, phishing attacks and more, blocked 11 billion DNS queries for 420,000 domains in 2022.
• The PDNS blocked over 5 million requests for domains associated with ransomware, a significant contribution to protecting UK organisations from this threat
In a response to the continuing threats, the NCSC has launched a new Cyber Advisor scheme that aims to help the UK’s SMEs with trusted cyber security advice. The scheme is aimed at small organisations that lack in-house expertise to guard against the most common cyber-attacks.
The report also pinpoints areas where attacks have been concentrated in response to national and international problems including UK energy bill scams, Web Shells which are created by attackers using malicious scripts to install control panels on compromised server and Ukraine war cryptocurrency donation scam emails.
In 2022 the Suspicious Email Reporting Service received over 7.1 million reports from members of the public, an average of over 19,500 a day. This is an increase of over 33% on the number of reports received in 202.
Cyber exposures are evolving and it is important that businesses review their insurances, for suitability, using a specialist broker. To discuss this further with a broker at W Denis, please make arrangements with Daniel Moss at daniel.moss@wdenis.co.uk or on 0044 (0)113 2439812 or contact Mark Dutton at mark.dutton@wdenis.co.uk or on 0044 (0) 7831 366 469.
