Cybersecurity: Hostile nations responsible for 'significant' number of attacks against UK organisations

The NCSC annual report reveals the number of incidents it has had to help organisations deal with in the past 12 months - and points to nation-state hackers as a major source.
Written by Danny Palmer, Senior Writer on

The National Cyber Security Centre (NCSC) has helped UK organisations fight over 600 cyberattacks over the course of the past year, with hostile nation states blamed for a 'significant' number of the attempts at hacking UK-based targets.

The NCSC Annual Review 2019sheds a light on some of the work the cyber arm of GCHQ has done over the past year to help protect the UK from malicious cyber activity and reveals that it handled 658 incidents in the last 12 months, providing support to almost 900 victims of cyberattacks.

Some of the cyberattacks that have targeted the UK in the past year include a phishing scam posing as an airport refund email that attempted to defraud over 200,000 people, nation-state backed hackers attempting to steal intellectual property from universities, and a ransomware attack against the police.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)

It takes the total number of cyber incidents that the NCSC has dealt with since it opened its doors in 2016 to almost 1,800, as cyber criminals and other malicious threat groups continue to target the UK.

For the first time, the NCSC has detailed the sectors that have been most commonly called on to support in response to incidents. Government is the top target for cyberattacks, followed by academia and tech companies. Managed service providers are the fourth most common organisations that the NCSC has helped with cyber incidents, followed by transport and health in joint fifth place.

"From handling more than 600 incidents – many from hostile nation states – to equipping the public with the tools they need to stay safe online, we are employing our expertise on a number of fronts," said Ciaran Martin, chief executive of the NCSC.

The report lists Russia, China, Iran and North Korea as hostile states actively targeting the UK with cyberattacks, following the NCSC strategy of calling out countries conducting attacks.

The NCSC is also trying to keep individual users safe from cyberattacks and has revealed one way it has been doing so is with something called the Haulster operation, which automates defence of credit cards by flagging fraudulent intention against them.

Haulster takes stolen credit card data collected by the NCSC and its partners and returns information about them to banks – often before being used for crime, allowing financial institutions to protect users from their money being stolen. So far, this operation has flagged fraudulent information against a million stolen credit cards and the NCSC aims to increase the scope of the operation.

The NCSC also continued with its policy of Active Cyber Defence (ACD), a strategy designed to ensure there are fewer cyberattacks in the world, causing less harm to users in the UK and beyond in the process.

A major element of this is a takedown service that stops phishing and other malicious websites from operating as soon as possible by contacting the web host and getting the sites removed from the internet.

According to the annual report, 98% of phishing URLs – 177,335 of them – discovered by the takedown service were successfully forced to stop operating. In 62% of cases, this happened within 24 hours of the website being deemed to be malicious.

The fight against these malicious domains means the UK only accounts for 2% of the websites hosting phishing scams around the world – down from 3% last year and 5% when the NCSC started operating.

SEE: Cybersecurity: Why your suppliers are still your weakest link

However, despite a number of successes from the NCSC, the organisation isn't under any illusion that the fight against cyberattacks and hacking is anywhere near over – and that everyone has a part to play in battle.

"Looking ahead, there is also the risk that advanced cyberattack techniques could find their way into the hands of new actors, through proliferation of such tools on the open market," said Martin.

"Cybersecurity has moved away from the exclusive prevail of security and intelligence agencies towards one that needs the involvement of all of government, and indeed all of society," he added.


Editorial standards