UK government blocked four times as many cyber-scams in 2021

by | May 11, 2022 | News

ACD

Post Views: 149

Premium Content

patreon

Subscribe to Patreon to watch this episode.

 

Reading Time: 2 Minutes

More than 2.7 million scams were removed from the internet in 2021 thanks to an expansion of the UK government’s Active Cyber Defence (ACD) program.

 

 

Led by GCHQ’s National Cyber Security Centre (NCSC), successful ACD action has increased by a factor of four over the past 12 months.

This is according to preliminary figures in the latest ACD annual report, which was released today (May 10) on the first day of the NCSC-organized CyberUK conference.

Behind the scenes

 

During a directors’ panel session at CyberUK today, Ian Levy, technical director of NCSC, said the volume of scams blocked by the agency has increased by a factor of almost four, thanks in part to the inclusion of new categories of fraud.

For example, the NCSC has started blocking extortion-based scams against individuals and parcel delivery firms, along with ‘celebrity endorsed investment scams’.

Themes used by scammers included fake coronavirus vaccines and vaccine passports. One campaign was even discovered to be impersonating the CEO of the NCSC, Lindy Cameron.

For example, the NCSC removed more than 1,400 NHS-themed phishing campaigns last year – an 11-fold increase on 2020.

The ACD program – which works alongside the disruption of cybercrime forums such as the recent takedown of Hydra – to “increase costs and reduce opportunities for cybercriminals”, according to the NCSC.

Levy added that the agency was working with telecommunications providers to make it more difficult for criminals to spoof the phone number of reputable firms, a trick sometimes used by scammers to make frauds more credible.

 

 

See Also: Complete Offensive Security and Ethical Hacking Course

 

 

 

Solutions

 

Eastern front

The preliminary results from the annual report on the ACD program were released on the first day of CyberUK 2022. The full version is due to be published next week.

Other key topics topping the agenda at the event included Russia’s invasion of Ukraine and the ongoing threat from ransomware.

Western government agencies including GCHQ have blamed Russia for a series of attacks in the run up to and during its invasion of Ukraine.

These have included the deployment of destructive wiper-style malware, as well as the February 24 attack against ViaSat – an attack primarily aimed at the Ukrainian military that also hit wind farms in central Europe and internet users outside Ukraine.

“We’ve seen spill over from some of the attacks on Ukraine but nothing on the scale of NotPetya,” commented the NCSC’s Lindy Cameron.

NCSC operations director Paul Chichester added that the war in Ukraine has been accompanied by the “most offensive set of cyber operations one country has launched against another country” and the only reason they have not had a bigger effect is because of the “resilience of Ukraine”.

 
 
 

See Also: Attackers Use Event Logs to Hide Fileless Malware

 

 

 

 

See Also: OSINT Tool: MOSINT

 

Disrupting cybercrime

 

The war in Ukraine has been accompanied by a raft of sanctions, including banking restrictions against Russia.

These restrictions have impeded the ability of Russian-based cybercriminals to buy or rent internet infrastructure as well as their ability to cash out the proceeds of ransomware scams, according to senior NSA advisor Rob Joyce.

UK government officials were reluctant to endorse these findings while private sector experts told The Daily Swig it was too early to say definitively whether the war in Ukraine was disrupting cybercrime infrastructure.

“For the most part it’s business as usual for cybercriminals,” Zeki Turedi, CrowdStrike’s EMEA CTO, told The Daily Swig.

Much is written about attacks leveraging zero-day vulnerabilities, but the main modus-operandi of cybercriminals remains scanning the networks and cloud-environments of enterprises for known vulnerabilities, according to Turedi.

Turedi said: “There’s been a huge increase in attacks against low hanging fruit” such VPNs, firewalls and web apps.

This year’s CyberUK is taking place in Newport, Wales. The Daily Swig will be back with more coverage throughout the week.

 

Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?

If you want to express your idea in an article contact us here for a quote: [email protected]

 

 

 

See Also: Write up: Find hidden and encrypted secrets from any website

 

Source: portswigger.net

Source Link

 

 

 

 

 

Merch

Share This