The National Cyber Security Centre has said it handled a record 723 cyber incidents between September 2019 and August this year, 200 of which were related to the coronavirus, and also removed 22,000 malicious URLs that were set up to target individuals and organisations.
In its latest annual report, NCSC highlighted how online fraudsters and cybercriminals have chosen to exploit public concern over the COVID-19 pandemic to carry out malicious cyber campaigns targeting individuals and organisations. Out of 723 cyber incidents handled by the cybersecurity watchdog in a twelve-month period, over a quarter were related to the coronavirus.
Considering that cybercriminals will certainly exploit the COVID-19 pandemic to target healthcare organisations, NCSC also proactively scanned more than 1 million NHS IP addresses for vulnerabilities leading to the detection of 51,000 indicators of compromise. It also worked with international partners and the UK’s allies to raise awareness of the threat of vaccine research targeting.
A major success of NCSC was the setting up of the ‘Suspicious Email Reporting Service’ which enabled it to identify and remove up to 22,000 malicious URLs that were set up by cybercriminals to target individuals and organisations in multiple sectors.
The new scam reporting service was set up to enable citizens to report fake, fraudulent, and suspicious emails to the NCSC, including those that offered coronavirus-related services. Within 30 days after the service was launched, NCSC said it received over 5,000 complaints concerning suspicious emails for investigation and successfully shut down 83 malicious web campaigns.
NCSC also claimed that it removed more than 2,000 online scams related to coronavirus that included:
- 471 fake online shops selling fraudulent coronavirus related items
- 555 malware distribution sites set up to cause significant damage to any visitors
- 200 phishing sites seeking personal information such as passwords or credit card details
- 832 advance-fee frauds where a large sum of money is promised in return for a set-up payment
In its annual review published earlier this week, NCSC said the public used the Suspicious Email Reporting Service to report around 2.3 million suspicious emails. This enabled the watchdog to remove 22,000 malicious URLs that were being used by cybercriminals to perpetrate online scams.
“From handling hundreds of incidents to protecting our democratic institutions and keeping people safe while working remotely, our expertise has delivered across multiple frontiers. This has all been achieved with the fantastic support of government, businesses and citizens and I would urge them to continue contributing to our collective cybersecurity,” said Lindy Cameron, Chief Executive of the NCSC.
According to Rich Vibert, the CEO and co-founder of data privacy and ethics startup Metomic, the NCSC’s report and the announcement of a fresh wave of COVID-related NHS hacks is another indication that the health service and public sector can’t protect our data. More than 160 instances of critical vulnerabilities as well as 51,000 indicators of health data compromises are simply not acceptable when consumer privacy is at risk.
“Companies and institutions need more visibility and control over the data they have, how it is used and the form that it is stored. Whether it’s GDPR compliance or protecting against ransomware or vaccine hackers, it is time for the government to step up and put the solutions in place that put privacy first. This isn’t something that can be solved overnight, but it’s about businesses, governments and institutions working together to ensure they have the power of data, without the risk,” he said.
