NCSC defends UK from more than 700 cyber attacks in past 12 months

According the NCSC’s latest annual review, almost 200 of these were directly linked to the coronavirus pandemic.

The NCSC, which is a part of GCHQ, handled 723 incidents between September 1, 2019, and August 31, 2020. In the previous three years since launching, it supported an average of 602 incidents annually (590 in 2017, 557 in 2018 and 658 in 2019).

On average, the NCSC responded to 60 attacks a month against the UK, during a year which saw its resources focused on the coronavirus response.

It says the growth this year reflects ongoing efforts to “proactively identify and mitigate threats, tips the organisation receives from its extensive network of partners and reports from victims themselves”.

Lindy Cameron, chief executive of the NCSC, said: “This review outlines the breadth of remarkable work delivered by the NCSC in the past year, largely against a backdrop of the shared global crisis of coronavirus.

“From handling hundreds of incidents to protecting our democratic institutions and keeping people safe while working remotely, our expertise has delivered across multiple frontiers.

“This has all been achieved with the fantastic support of government, businesses and citizens and I would urge them to continue contributing to our collective cyber security.”

In a year heavily influenced by the pandemic, the review highlights the NCSC’s support for the healthcare sector, such as scanning more than one million NHS IP addresses for vulnerabilities leading to the detection of 51,000 indicators of compromise, and working with international allies to raise awareness of the threat of vaccine research targeting.

With cyber criminals looking to exploit public fear over the pandemic with coronavirus-related online scams, the NCSC and City of London Police also launched the Suspicious Email Reporting Service, which received 2.3 million reports from the public in its first four months – resulting in thousands of malicious websites being taken down.

The NCSC also provided the technical assurances during the creation of the Virtual Parliament, as well as producing a wide range of advice for businesses and individuals switching to home working as a result of the pandemic.

A new remote working scenario was added to the NCSC’s ‘Exercise in a Box’ programme. The initiative, which allows people to test their cyber defences against realistic scenarios, was used by people in 125 countries this year.

Jeremy Fleming, Director of GCHQ, said: “The world changed in 2020 and so did the balance of threats we are seeing.

“As this review shows, the expertise of the NCSC, as part of GCHQ, has been invaluable in keeping the country safe: enabling us to defend our democracy, counter high levels of malicious state and criminal activity, and protect against those who have tried to exploit the pandemic.

“The years ahead are likely to be just as challenging, but I am confident that in the NCSC we have developed the capabilities, relationships and approaches to keep the UK at the forefront of global cyber security.

The growing threat from ransomware was starkly revealed in the review, which shows the NCSC handled more than three times as many ransomware incidents compared to the previous year.

Alongside this rise, the NCSC said there has also been a marked shift in the way criminals carry out these attacks. Traditionally, victims are denied access to their own data until a ransom is paid, however, attackers are increasingly threatening to leak sensitive information publicly until payment is received.

The NCSC has recently updated its guidance to reflect this changing nature, and emphasises its commitment to ensuring the organisations and businesses in the UK understand how they can make themselves as secure as possible, as well as support law enforcement to bring criminals responsible to justice.

The Rt Hon Penny Mordaunt MP, the Paymaster General, said: “The Covid-19 pandemic continues to affect how we live and work. In a year of complex challenges, the NCSC has continued to react to swiftly-evolving cyber threats.

“This review shows how the NCSC has taken decisive action against malicious actors in the UK and abroad who saw our digital lifelines as vectors for espionage, fraud and ransom attacks.

“It is vital that cyber security remains a priority for government, industry and the public in building UK resilience to a spectrum of risks.”

The NCSC also played a key role in securing the UK’s telecoms networks, which included its role in the Government’s decision to remove Huawei from the UK’s 5G network by the end of 2027. This came after a thorough NCSC review on the impact of US sanctions imposed on the company in May.