UK’s new ‘cyber nerve centre’ tackled 480 major incidents in its first 8 months
The UK’s new National Cyber Security Centre (NCSC) had a busy first eight months of operation contending with a total of 480 major incidents, from global ransomware outbreaks to smaller breaches at British businesses. Officials say the pace shows no sign of slowing.
Launched in October 2016, the NCSC is a fork of British intelligence agency GCHQ tasked with investigating hacking, malware outbreaks and data leaks. It serves as the nerve centre for tech savvy analysts who aim to combat online crime, terror groups and nation-state adversaries.
The existence of the NCSC has coincided with a spike in the reporting of digital crimes over the past few months, John Noble, a director of incident management at the agency, told attendees at the Cyber Security Summit in London on Tuesday 4 July.
“This increase in major attacks is mainly being driven by the fact that cyberattack tools are becoming more readily available, in combination with a growing willingness to use them,” he said, as reported by ComputerWeekly. He warned that too many firms are still “not getting the basics right”.
The foundation of online security, including the use of anti-virus software, routine vulnerability patches and the management of administrator controls, is still lacking, Noble asserted.
The NCSC director revealed the majority of incidents the agency responded to – 451 to be exact – were lower level attacks typically related to a single organisation. The rest, classified as “C2-level attacks”, demanded more attention alongside a “cross-government” response.
The one incident which almost veered into a top-level (C1) attack was WannaCry, a ransomware pandemic that spread to hundreds of thousands of computers in more than 150 countries back in May. In the UK, it caused widespread disruption at the National Health Service (NHS).
Most recently, the NCSC was forced to respond to an attempted hack against the British parliament, with attackers using brute-force tactics to try and force their way into politicians’ email accounts.
It was ultimately stopped, but not before up to 90 inboxes were ransacked.
In its first month of operation alone, the NCSC responded to nearly 70 hacking incidents including seven cases of ransomware. Conservative MP Mike Penning said at the time the UK is “regularly targeted by criminals, foreign intelligence services and other malicious actors”.
In February this year officials revealed the UK was being hit with roughly 60 significant cyberattacks every month. Ciaran Martin, head of the NCSC, told The Sunday Times in an rare interview that some of the incidents involved state-sponsored hackers vying for government secrets.
“There has been a step change in Russian aggression in cyberspace,” he said at the time. “Part of that step change has been a series of attacks on political institutions, political parties, parliamentary organisations and that’s all very well evidenced by our international partners.”
Martin was speaking a month after US intelligence published its analysis of the hacking campaign that targeted the 2016 US presidential election, believed to be the work of two cybercrime units, dubbed Fancy Bear (APT28) and Cosy Bear (APT29), each with alleged links to Russian spies.