The National Cyber Security Centre has dealt with ten cyber incidents a week since it launched two years, and the majority have come from hostile nation states. These are the key findings of the NCSC’s second annual review, which is published today and aims to highlight the “sustained threat” state actors pose to the UK.
The NCSC, a part of GCHQ, declined to provide a breakdown of which countries were behind the attacks or exactly how often they strike. But in the review, it said its operatives had defended the UK from 1,167 cyber incidents over the last two years, and that the majority involved attacks launched by hostile states. This is equivalent to a minimum total of 584, or 5.6 per week.
“We are calling out unacceptable behaviour by hostile states and giving our businesses the specific information they need to defend themselves,” the NCSC’s chief executive Ciaran Martin said in a statement. Over the last twelve months, the government has become more outspoken about the threat states such as Russia and North Korea pose in the cyber sphere.
In December, the government officially blamed North Korea for the WannaCry cyber attack that swept through the NHS and thousands of other organisations in May 2017. Two months later, it turned its attention to Russia, blaming it for NotPetya – an even most disruptive form of malware that followed in WannaCry’s wake. Both attacks leveraged the EternalBlue exploit that had originally been developed by the US National Security Agency.
Earlier this month, the UK government joined forces with its counterparts in the US and the Netherlands to issue the most high profile criticism yet of Russia’s cyber activity. In a series of media appearances and statements, the three countries linked several major cyber attacks to the Russian military agency believed to have carried out the Skripal poisoning.
The agency, known as the GRU, was linked to hits on the US Democratic Party, Ukrainian infrastructure, the World Anti-Doping Agency, the UK Foreign and Commonwealth Office, Porton Down chemical laboratory and the Organisation for the Prohibition of Chemical Weapons. The Russian government denied the claims. “The rich imagination of our colleagues from the UK truly has no limits”, said Russian foreign ministry spokeswoman Maria Zakharova.
NCSC’s annual review also reveals that between September 2017 and 2018 its Active Cyber Defence (ACD) initiative, which aims to protects Britain from “high-volume commodity attacks”, removed 138,398 phishing sites. This prompted the UK’s share of visible global phishing attacks to fall by more than half, from 5.3 per cent to 2.4 per cent.
Commenting on the review, David Lidington, minister for the Cabinet Office, said: “As the minister with responsibility for overseeing the implementation of the National Cyber Security Strategy, I am proud of what NCSC has achieved in just two years of operations.
“Our National Cyber Security Strategy set out ambitious proposals for how this Government will defend our people, deter our adversaries and develop UK capabilities to ensure we remains the safest place to live and do business online.
“NCSC has more than risen to this challenge, defending the UK from over 1,100 cyber attacks and reducing the UK’s share of global phishing attacks by more than half.”
The NCSC was created in October in 2016 as part of the UK’s £1.9bn five-year Nation Cyber Security Strategy. When it launched two years ago, the organisation brought together teams from GCHQ, MI5 and other parts of government.
In September, the Times and Financial Times reported that GCHQ would join forces with the Ministry of Defence to establish a 2,000-strong cyber warfare unit, to take on hostile states and terrorist groups, among others. When NS Tech approached GCHQ for comment at the time, the agency described the reports as “speculative”, but did not deny them.