Coronavirus causes spike in serious cyberattacks
The National Cyber Security Centre was required to respond to more than 700 incidents last year
Credit: Kieran Cleeves/EMPICS Entertainment
The National Cyber Security Centre’s annual report reveals an 11% spike in the number of incidents requiring a response from the agency – including more than 200 that were related to the UK’s efforts to combat coronavirus.
The report, which marks the conclusion of the NCSC’s fourth year in operation, reveals that the 12-month period to 31 August saw the agency respond to a total of 729 incidents. This compares with a total of 658 in the prior year.
Upwards of 200 these pertained in some way to the national response to the pandemic, and the NCSC provided support to 230 separate victims of coronavirus-related attacks.
The organisation also identified 160 “high-risk and critical vulnerabilities” in the IT systems of NHS trusts around the country, and performed “threat-hunting” processes on 1.4 million devices and other end points.
These assessments took place after the Department of Health Social Care signed a “direction giving the NCSC consent to check the security of NHS IT systems”.
The cyber unit’s work in supporting coronavirus response included attributing to perpetrators acting on behalf of Russian intelligence services a cyberattack targeted at organisations working on a coronavirus vaccine.
“During the pandemic, protecting healthcare was the NCSC’s top priority, and the organisation worked ceaselessly to support the NHS,” the report said. “The national objective was clear: to keep the system and its staff secure and resilient to cyberthreats. To achieve this, the NCSC introduced measures including the design of a new back-up service, pioneering discovery tradecraft and deploying analysts to look at NHS threat data.”
The NCSC also worked with the Parliamentary Digital Service to assist in the deployment of video platforms to enable parliamentary business to continue during the coronavirus restrictinos. In the run-up to the December 2019 general election, the organisation also played in role in ensuring the resilience of the Register to vote online service.
The Westminster political parties, meanwhile, were reportedly better able to respond to cyberattacks as a result of support from the NCSC – which included a seminar in which the organisation advised the parties on the threats they faced and how they could best protect themselves.
“Early in the campaign, a series of distributed denial of service attacks against political-party websites became a major story,” the report said. “Whilst these were relatively low-capability attacks, the timing was concerning. The fact that these attacks were largely unsuccessful was a testament to the preparation done by the parties affected to defend themselves. The NCSC published relevant advice on its website and shared this guidance with the parliamentary parties’ IT teams.”
Other activities undertaken by the NCSC during the year included taking down 300,000 websites perpetrating so-called celebrity scams, in which false claims are made about a famous figure’s support of a moneymaking scheme. Victims of these scams, which feature celebrities including Sir Richard Branson, Martin Lewis, and Ed Sheeran, are urged to click a link to invest in the phoney scheme.
“We have dealt with hundreds of instances of fake sites and fraudsters impersonating me or my team online,” Branson said. “We are working in partnership with organisations such as the NCSC to report these sites and do all we can to get them taken down as quickly as possible. Sadly, the scams are not going to disappear overnight, and I would urge everyone to be vigilant and always check for official website addresses and verified social media accounts.”
In a foreword to the report, Lindy Cameron, who last month became the NCSC’s second-ever chief executive, said that the achievements outlined in the annual review are “testament to the innovation, expertise, hard work and dedication of the NCSC’s workforce, especially in this year’s extraordinary circumstances”.
“I am hugely excited to lead this team and take the NCSC on the next stage of its journey,” she added. “Throughout this review, the real-world impact being driven by our expertise to the benefit of the UK is evident. As NCSC has done since its inception, we will continue to adapt and innovate to drive the UK’s cyber resilience, not only in the coming year but for the rest of this decade and beyond.”
Gary Aitkenhead is leaving Dstl
Whistleblower raised concerns about practice that went unheeded
Newly created organisation aims to improve national resilience
Email addresses and info about eligibility for payments accidentally revealed
Seven years after the Home Office shared findings from its 'Multi-Agency Working and Information Sharing Project', Huddle asks - where are we today?
As misinformation about the coronavirus vaccine spreads, Granicus outlines key considerations for local government when delivering a successful vaccine communications campaign
SolarWinds explains how public sector organisations can make the most of their hybrid IT investments - delivering services that are both innovative and reliable
There are many reasons to keep your Oracle workloads running on local servers. But there are even more reasons to move them to the cloud as part of a wider digital transition strategy. Six Degrees...