Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Physical Security

05:00 PM
Ron Alalouff, Freelance Journalist
Ron Alalouff, Freelance Journalist

Global Pandemic Fuels Cyber-Threat Workload for National Cyber Security Centre, Shows Annual Review

From securing the Nightingale hospitals to tackling threats to vaccine research and production, a large part of the National Cyber Security Centre's (NCSC) recent work in the UK has been related to the coronavirus pandemic, as Ron Alalouff discovered when reporting on its Annual Review.

Combatting online threats exploiting the COVID-19 pandemic, building resilience into National Health Service's IT systems and protecting the setting up of a virtual parliament are just some of the projects the National Cyber Security Centre has been involved in, according to its latest annual review.

Much of the recent activity of NCSC — established in 2016 and a part of GCHQ — has been directly or indirectly concerned with the pandemic. This includes building NHS resilience, protecting vaccine and medicine research, supporting remote working, securing the NHS COVID-19 app and large-scale data, and helping essential service providers.

Throughout a year of change, where the NCSC welcomed new CEO, Lindy Cameron to replace the departing Ciaran Martin, the division deployed analysts to analyse NHS threat data and supported the health sector through cybersecurity incidents. As a result, more than one million NHS IP addresses were supported, over 160 high-risk and critical vulnerabilities were identified and shared and threat hunting was performed on 1.4 million endpoints.

In addition, the NCSC worked to protect vaccine and medicine research by supporting the government's Vaccine Taskforce, which controls decision-making on research funding and purchasing through to manufacturing and distribution. In July, the NCSC revealed that Russian cyber actors were targeting organisations involved in the development of coronavirus vaccines.

With the ability to share Indicators of Compromise (pieces of data which identify potentially malicious activity on a system or network) in a matter of seconds, the NCSC exponentially increased the number of tips to the NHS, with 51,910 shared by the end of August.

Cyber Threats to Remote Working
The Centre also helped businesses and individuals as they moved to remote working by providing advice on working securely from home, and providing guidance on how to spot and deal with suspicious emails, calls and texts. It helped the Government Security Group and the Government Digital Service to provide advice for civil servants on accessing official IT when working remotely.

NCSC's Pandemic Response in Numbers:

  • Working with the Centre for Protection of National Infrastructure on the secure building of seven Nightingale hospitals
  • Sharing with NHS Trusts more than 160 instances of high-risk and critical vulnerabilities
  • Responding to around 200 coronavirus-related incidents
  • Rolling out active cyber- defense services to 235 frontline health bodies
  • Sharing 51,000 Indicators of Compromise with the NHS
  • Blocking 260 SMS sender IDs used, or likely to have been used, in malicious coronavirus-related campaigns, such as spoofing legitimate government or healthcare IDs.
  • Taking down more than 15,000 coronavirus-related malicious campaigns

The NCSC says it has disrupted thousands of attempts to trick people, from fake lures of personal protective equipment (PPE), testing kits and cures, to sham key worker badges.

In setting up the virtual parliament — which includes enabling remote participation in proceedings and online voting — the NCSC worked with parliamentarians to raise awareness and upgrade training in cybersecurity. Other actions included protecting the electoral process in the 2019 general election responding to incidents and triaging threats, investigating leads and providing advice when needed, protecting the Register to Vote website, and supporting the Government's Brexit negotiations and preparations.

Suspicious Email Reporting
The NCSC has also continued its work to defend citizens, businesses and charitable institutions and to safeguard Critical National Infrastructure (the mounting cyber threat to this arena has ramped up countermeasures), defense and security assets and operations. In the public arena, this includes setting up of the Suspicious Email Reporting Service which received an average of 133,000 reports a week. Emails are analysed and if malicious content is found, a takedown notice is issued to the hosting provider requesting it removes the content. In parallel, malicious URLs are added to a block list which is provided to browser, anti-virus and firewall vendors. Work has also included tackling the growing incidence of fake celebrity-endorsed investment scams, taking down 300,000 malicious URLs created to trick people into parting with their money.

Last year, the NCSC launched Exercise in a Box, an online tool enabling businesses to test their resilience to cyber attacks, while in July 2020 a Home and Remote Working exercise was launched in response to the increased number of people working remotely. The latter focussed on how employees can safely access networks, what might be needed for secure employee collaboration, and managing a cyber incident while working remotely.

Sports Cyber Incidents
The NCSC published its first analysis of the sports industry in July, which revealed that 70% of sports institutions had suffered a cyber incident in the past year – double the average for UK businesses. Examples include an English Football League club suffering a ransomware attack which crippled its CCTV system and turnstiles, a racecourse employee losing £15,000 in a spoof eBay scam, and a Premier League club's managing director being hacked prior a £1m transfer negotiation.

"The COVID-19 pandemic continues to affect how we live and work," said Penny Mordaunt, the Paymaster General. "In a year of complex challenges, the NCSC has continued to react to swiftly-evolving cyber threats.

"This review shows how the NCSC has taken decisive action against malicious actors in the UK and abroad who saw our digital lifelines as vectors for espionage, fraud and ransom attacks. It is vital that cybersecurity remains a priority for government, industry and the public in building UK resilience to a spectrum of risks."

Lindy Cameron, CEO of the NCSC, explains more in the video below.

This story first appeared on IFSEC Global, part of the Informa Network, and a leading provider of news, features, videos, and white papers for the security and fire industry. IFSEC Global covers developments in long-established physical technologies — like video surveillance, access control, intruder/fire alarms, and guarding — and emerging innovations in cybersecurity, drones, smart buildings, home automation, the Internet of Things, and more.

Ron Alalouff is a journalist specializing in the fire and security markets, and is a former editor of websites and magazines in the same fields.

IFSEC Global, part of the Informa Network, is a leading provider of news, features, videos and white papers for the security and fire industry. IFSEC Global covers developments in long-established physical technologies – like video surveillance, access control, ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Visit the Web's Most Authoritative Resource on Physical Security

To get the latest news and analysis on threats, vulnerabilities, and best practices for enterprise physical security, please visit IFSEC Global. IFSEC Global offers expert insight on critical issues and challenges in physical security, and hosts one of the world's most widely-attended conferences for physical security professionals.

COVID-19: Latest Security News & Commentary
Dark Reading Staff 11/19/2020
New Proposed DNS Security Features Released
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/19/2020
How to Identify Cobalt Strike on Your Network
Zohar Buber, Security Analyst,  11/18/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: A GONG is as good as a cyber attack.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-11-23
A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to authenticate with the Ceph...
PUBLISHED: 2020-11-23
A flaw was found in rhacm versions before 2.0.5 and before 2.1.0. Two internal service APIs were incorrectly provisioned using a test certificate from the source repository. This would result in all installations using the same certificates. If an attacker could observe network traffic internal to a...
PUBLISHED: 2020-11-23
A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \gset when querying a compromised server, the attacker can execute arbitrary code as the operating sy...
PUBLISHED: 2020-11-23
TYPO3 is an open source PHP based web content management system. In TYPO3 from version 10.4.0, and before version 10.4.10, RSS widgets are susceptible to XML external entity processing. This vulnerability is reasonable, but is theoretical - it was not possible to actually reproduce the vulnerability...
PUBLISHED: 2020-11-23
prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters.