“Record number of cyber incidents mitigated in 2021” reports NCSC

Wrap-around support has been delivered for an unprecedented 777 cyber incidents (that’s up from 723 in the previous 12 months), including attacks on Coronavirus vaccine research, distribution and supply chains. Indeed, around 20% of those organisations supported are linked to the health sector and vaccines. Importantly, the Annual Review also outlines the damaging effect of growing ransomware attacks, including against UK councils and Ireland’s healthcare system.

The growth in the number of incidents handled by the NCSC this year is partially reflected in the organisation’s ongoing work to proactively identify threats through the work of its threat operations and assessment teams.

As mentioned, the health sector and, in particular, the vaccine roll-out was a major focus for the NCSC, with the organisation’s world-leading services protecting NHS, healthcare, and vaccine supplier IT systems from malicious domains on billions of occasions.

Over the past 12 months, the NCSC has also responded to a rise in ransomware attacks. In line with this, a range of services have been provided to businesses over the past year to help protect them from ransomware. These include the Early Warning Service designed to alert organisations to emerging threats and also offering cyber security advice for those working in education.

These efforts have been delivered against a backdrop of responding to significant global incidents, including the attack on the SolarWinds IT management platform by Russia’s Foreign Intelligence Service – itself one of the most serious cyber intrusions of recent times – and a major ransomware attack on the American software firm Kaseya.

Hugely challenging year

Lindy Cameron, CEO of the NCSC, noted: “I’m proud of the way in which the NCSC has responded to what has been another hugely challenging year for the country as we all continue to navigate our way through the pandemic.”

Cameron continued: “The support and expertise we have provided for stakeholders from Government all the way through to the general public during the pandemic has been vital to keeping the country safe online.”

Further, Cameron observed: “Undoubtedly there are challenges ahead, but the upcoming National Cyber Strategy combined with the continued engagement from businesses and the public at large provides a solid foundation for us to continue reducing the impact of online threats.”

In 2020, the NCSC surged its efforts towards protecting healthcare in the wake of the pandemic outbreak. Since then, it has channelled further resources towards those involved in the roll-out of the vaccine by providing the necessary intelligence and tools to respond to the threats they faced.

This included the extension of the organisation’s Protective Domain Name System service to over 1,000 additional organisations within the Health and Social Care sector in order to support vaccine development and supply chain organisations.

This extension represented the protection of an additional three million employees in the sector, from essential workers providing and supporting front line care right through to those working to develop and deliver vaccines to citizens across the country.

Countless threats

Jeremy Fleming, director of GCHQ, commented: “This year, we have seen countless examples of cyber security threats: from state-sponsored activity to criminal ransomware attacks. It all serves to remind us that what happens online doesn’t stay online. There are very real consequences of virtual activity.”

In addition, Fleming observed: “In the face of rising cyber attacks and an evolving threat, this year’s Annual Review from the NCSC shows that world class cyber security, enabled by the expertise of the NCSC as part of GCHQ, continues to be vital in terms of the UK’s safety and prosperity.”

Steve Barclay, Chancellor of the Duchy of Lancaster, stated: “The NCSC’s Annual Review illustrates the incredible effort of our security services in keeping the public safe over the last year, foiling more cyber attacks than ever before. It also makes clear that cyber crime is taking place on an unprecedented scale with criminals seeking to take advantage of people as they move more of their lives online as a direct result of the pandemic.”

Barclay added: “The Government and its agencies will continue to throw every resource at its disposal to stamp out cyber crime and take down cyber criminals, but there are things that we can all do to keep us and those in our communities safe. We want to make sure that everyone knows how to avoid threats online, spot scams and then report wrongdoing.”

The NCSC has also played a major role in protecting the public from scams as they continue to rely on technology through the pandemic. This year, the NCSC’s pioneering Suspicious e-Mail Reporting Service (SERS) received nearly  six million reports, leading to the removal of more than 53,000 scams. Since launching in April 2020, the SERS has received more than eight million reports, with more than 67,000 scams taken down as a result.

Key statistics

Some of the key statistics from the NCSC’s Annual Review are as follows:

*Handling an unprecedented 777 incidents in the year under review, representing a rise from 723 the preior year and an average of 643 since the organisation was introduced back in 2016

*5.9 million reports of malicious content to the SERS over the last 12 months leading to the removal of more than 53,000 scams and 96,500 URLs

*Engagement with around 5,000 organisations providing an essential service during the pandemic, from well-known brands through to small businesses

*Issued guidance and threat assessments to over 80 companies and 14 separate universities

The Active Cyber Defence programme has taken down 2.3 million cyber-enabled commodity campaigns, 442 phishing campaigns using NHS branding and 80 illegitimate NHS apps hosted and available to download outside of official app stores.

Support for academic institutions conducting vaccine research was one of the key interventions for the NCSC during the pandemic response. As a result of implementing the NCSC’s services, the University of Oxford protected itself from an attempted ransomware attempt that had the potential to cause significant disruption.

The organisation also offered support to the devolved administrations, for example through providing technical advice to the home nations on their vaccination booking systems.

Elsewhere, the NCSC’s Annual Review details the NCSC’s continued drive to increase cyber security skills and diversity in the industry, including through the pioneering CyberFirst programme. Now in its fourth year, this has introduced over 56,000 11- to 17-year-olds to the world of tech and cyber security. That includes more than 6,500 pupils from 600 schools who entered the NCSC’s pioneering CyberFirst Girls Competition this year. The competition, which was set up in 2017 to help address gender diversity in the sector, has witnessed more than 43,000 pupils from across the UK take part since its inception.

Industry comment

Practising professionals David Carroll (managing director of Nominet Cyber) and Rick Jones (CEO at DigitalXRAID) have made comment on the NCSC’s latest Annual Review.

Carroll informed Security Matters: “As the NCSC announces its 2021 Annual Review, we are reminded that the past year has not only been a challenge in the physical world, but also that there has been an ongoing battle across digital lines. The NCSC dealt with a record number of incidents this year and saw ransomware become the most significant cyber threat facing the UK. We have been told explicitly about the threat emanating from Russia and warned of China’s interest in UK commercial secrets. What’s more, with the financial impact of attacks being as much as £442 million in the case of the Irish Health Service Executive, we also face a very real threat from cyber economically.”

He went on to state: “For our part at Nominet, we’re proud to deliver PDNS for the UK. It has protected vital public services at a critical juncture of heightened threat and exposure. PDNS played an active role in the response to one of the most significant security incidents of 2021, namely SolarWinds, when it was breached by the Russian Foreign Intelligence Service. It protected the NHS, healthcare and vaccine providers from accessing malicious domains 4.4 billion times and generated 12.2 million blocks against COVID-19 phishing specific domains. No mean feat.”

In addition, Carroll said: “The road ahead presents significant challenges, but the UK has made great progress with the single authority model and with the NCSC’s Active Cyber Defence measures in particular. PDNS can disrupt ransomware that makes it through the first lines of defence. It prevents it from operating by blocking connections to known ransomware domains. This simple and effective capability will remain critical as attackers adapt their tools, techniques and processes over time.”

By way of conclusion, Carroll explained: “Collaborative efforts like PDNS involve Governments, the cyber security industry and end users to deliver benefits at the national scale. We fully support this ‘whole of society’ approach to cyber security and very much look forward to the role Protective DNS is going to play within it for years to come.”

Managed Security Service Providers

Rick Jones of DigitalXRAID has commented: “Managed Security Service Providers and cyber experts across the UK will not be surprised at the findings of the NCSC’s latest Annual Review and the news that attacks targeting the healthcare sector and vaccine research centres have increased. In fact, our own team supported Hammersmith Medicines Research (HMR) when it was targeted while working closely with the Government to develop life-saving vaccinations. Fortunately, the organisation adopted a proactive approach towards mitigation and recovery by promptly contacting cyber security experts following a breach by The MAZE Group.”

Jones added: “Cyber criminals see healthcare as an easy target because the latter often have legacy IT systems or limited budget to spend on cyber security. Hackers also know that the data they possess is highly sensitive and could bring in a small fortune if they were to gain access. Just like in the attack on HMR, a fast-acting, proactive response to ensure network protection is key.”

On that note, Jones urged: “Breached healthcare organisations must rapidly develop and agree on a security action plan. At the very minimum, penetration testing should be used to ascertain current security postures and potential exposure to further attack. However, in order to truly protect these types of businesses from further threat actors, SecOps teams should look at implementing a 24/7 threat detection service, like a Security Operations Centre, in order to constantly monitor activity, identify breaches and proactively improve security.”