General

The National Cyber Security Centre (NCSC) has recently released the sixth annual report from their Active Cyber Defence (ACD) programme.

Established in 2016 the ACD programme seeks to reduce the harm from commodity cyber attacks by providing tools and services that protect from a range of attacks. The programme is one of the NCSC’s most successful projects to counter online threats, reducing high volume attacks (like malware) from reaching UK citizens whilst removing the burden of action from the user. Its core services include Takedown, Protective DNS, Early Warning and Exercise in a Box.

The NCSC was initially concentrated on strengthening the cyber resilience of the public sector. However, recognising the importance of a unified approach, they have now extended the reach of ACD services to encompass a “whole of society” perspective. As a result, existing ACD services have been made accessible to all organisations, not just limited to those within the public sector. Additionally, new services, such as “Check Your Cyber Security” have been developed with a focus on simplicity to cater to organisations lacking specialised cyber security expertise.

The ACD report provides a comprehensive overview of all the services offered by the ACD program. The rationale behind producing the yearly report has remained constant over time, focusing on transparency and basing interventions on unbiased data and evidence to better understand the reality of cyber attacks, as well as the efficacy of the products and services of the ACD programme.

Some of the findings from the report:

  • The Takedown Service finds malicious sites and sends notifications to the host or owner to get them removed from the internet before significant harm can be done. The total takedowns by campaign group, which had risen to 2.7 million in 2021 (from 700,000 in 2020) fell to 1.8 million in 2022
  • Most of the reduction in takedowns can be attributed to extortion mail servers (down 528,000) and cryptocurrency investment scams (down 459,000), whilst the frequency of other attack types has either grown or remained static.
  • 7.1 million suspicious emails and URLs were flagged by UK organisations and citizens through the NCSC’s free Suspicious Email Reporting Service (SERS) in 2022 – the equivalent of nearly 20,000 reports a day or one every five seconds.
  • The reports, many of which came from UK businesses, contributed to the direct removal of nearly a quarter of a million (235,000) malicious URLs from the internet by the NCSC since SERS – the first service of its kind globally – launched in April 2020.
  • It took less than 6 hours on average for the NCSC to remove reported malicious URLs from the internet.
  • Businesses’ sign-ups to NCSC services were up 39% in 2022 with the launch of a SME-specific tool empowering non-technical users to boost resilience
  • Phishing scams remain the most prevalent attack hosted in the UK, though the amount of global phishing campaigns hosted in the UK has declined.
  • Mail Check, the NCSC’s platform for assessing email security compliance, saw an increase in the number of organisations using the service, up to 2,452 from 1,530 at the end of 2021. This was primarily driven by an uptake across universities, colleges, schools and charities. The number of domains in Mail Check nearly doubled in 2022, growing from around 29,000 to over 54,000. 63% of these new domains belonged to schools
  • The Web Check customer base grew by approximately 1,000 users during 2022, an increase of 26%. The number of unique URLs and domains being scanned increased by 33%. The service presented over 12,000 ‘urgent findings’ to users, of which 95% have been resolved.
  • As Web Check is only available to certain sectors Check Your Cyber Security was developed as a public product to address vulnerabilities and configuration errors which are present in over 370,000 computers and servers in the UK, and which can be exploited by cyber security attacks
  • The Protective Domain Name Service (PDNS), which provides safeguards to prevent organisations from accessing malicious sites containing malware, phishing attacks and more, blocked 11 billion DNS queries for 420,000 domains in 2022.
  • The PDNS blocked over 5 million requests for domains associated with ransomware, a significant contribution to protecting UK organisations from this threat
  • By the end of 2022, just over 18,500 users worldwide were using the Exercise in a Box service, an increase of around 40% on 2021. The largest increase in signups was from large businesses, up 61%. Signups by cyber security professionals were up 50%, those from public sector were up 37% and small organisation signups were up 36%.
  • The NCSC has worked with the the Cyber and Fraud Centre – Scotland to promote EiaB to Scottish businesses. They have done an impressive job by holding 46 events covering nearly 140 organisations. Feedback from EiaB sessions has been very positive.
  • Early Warning is a free NCSC service designed to automatically inform an organisation of potential cyber attacks on their network, as soon as possible. The service lead to 570 organisations being warned about active malware on their networks, 2,270 were warned about vulnerabilities on their networks and 1,193 were warned about a host on their network scanning the internet, which might be, for example, an indicator of a possible compromise.
  • The MyNCSC platform provides a common point of entry to a number of the NCSC’s Active Cyber Defence (ACD) services. At the end of 2022, 2,800 user organisations were using MyNCSC, thereby benefitting from a unified user interface to access Mail Check and Web Check, with the ability to perform some configuration functions just once at the platform level.
  • Early Warning will be joining MyNCSC moving forward with the intent to gradually increase the number of ACD services integrated with MyNCSC.

In relation to the ACD Jonathon Ellison, NCSC Director for National Resilience and Future Technology, said:

“In a cyber threat environment that resembles the Hydra – cut down one attack, another springs up in its place – ACD is once again doing unparalleled work to keep the country safe.

“As this latest report shows, cyber security is not the sole preserve of tech specialists: businesses are increasingly alive to and eager to engage with the cyber risks they face, signing up in swathes to make the most of NCSC data and expertise.

“Small businesses have a key role to play in making it safer to work and live online, which is why we’re making it even easier for them to shore up their defences with accessible, free tools and soon, to manage these effortlessly via our integrated MyNCSC platform.”

Martin McTague, National Chair of the Federation of Small Businesses (FSB), also stated that:

“While security is important, we’ve long championed building cyber resilience among small firms, given the persistent risk of cybercrime.

“A fifth of small businesses see cybercrime as the most impactful crime in terms of both cost and disruption to their operations.

“NCSC is doing the right thing by making its services accessible to SMEs so that they can better protect themselves in the digital world.”

An important underpinning message in the report is that cyber security is a collaborative effort, requiring the active involvement of the public sector, commercial entities, and international partners. These partnerships are crucial for successfully implementing national-scale cyber security defenses.

Among the conclusions made in the report were that the “six years of reports tell us that combining digital tools, sensors, services, data and platforms has improved the UK’s cyber resilience at a reach and scale that couldn’t have been achieved by other means.” When it comes to cyber security challenges the “need to tackle them through automation will persist, because as things stand that’s the only realistic way of generating the scale and reach required.” Also that “over the next couple of years, we want to double down on the digital services where evidence, feedback from users and our own experience give us confidence that we’re getting a good return on investment from a cyber security perspective”

The full report and a summary are both available here

Back to top of the page