One-fifth of NCSC-supported cyber incidents linked to Covid-19

National Cyber Security Centre has helped to thwart multiple cyber incidents that could have seriously disrupted the UK’s response to the pandemic

An attempted ransomware attack against University of Oxford researchers working on Covid-19 vaccine research was among hundreds of incidents thwarted with help from the National Cyber Security Centre (NCSC) in another busy year for the organisation, which publishes its latest annual report today.

The NCSC provided “wrap-around” support for 777 cyber incidents during the past 12 months, up from 723 in 2019, about 20% of them attacks on healthcare sector organisations or those involved in Covid-19 vaccine research, distribution and supply chains.

“I’m proud of the way the NCSC has responded to what has been another hugely challenging year for the country as we all continue to navigate our way through the pandemic,” said NCSC CEO Lindy Cameron. “The support and expertise we have provided for stakeholders from government all the way through to the general public during the pandemic has been vital to keeping the country safe online.”

The NCSC said its services had protected NHS, healthcare and vaccine supplier IT systems from malicious domains billions of times. Since this time last year, its protective domain name system (PDNS) service – part of its Active Cyber Defence (ACD) programme – has been extended to over 1,000 additional organisations in the health and social care sector via the Health and Social Care Network (HSCN), protecting between two and three million additional employees.

Also, the ACD programme took down 2.3 million cyber-enabled commodity campaigns, 442 phishing campaigns exploiting NHS branding, and 80 fake NHS apps.

The situation could have been far worse, said the NCSC, had it not engaged extensively with the sector during the early phases of the pandemic, with its response based on shared experiences from the 2017 WannaCry incident. It issued guidance and threat assessments to more than 80 companies and 14 universities and shared tens of thousands of indicators of compromise (IoCs).

The scope of the intensive NCSC pandemic response also went far beyond the health sector as most people would understand it, to offer support to thousands of other essential organisations, including manufacturers of personal protective equipment (PPE), ventilators, and even supermarkets. These organisations range from well-known brands through to small businesses, but each was deemed vital in supporting either the health sector, or the functioning of daily life during lockdown.

“I’m really proud of the way this organisation pivoted to protecting the health mission at a time when it, and vaccine research and supply, were under sustained attack from ransomware operators who were putting people’s lives at risk,” said NCSC technical director Ian Levy.

“We didn’t wilt under the pressure of helping, with others, to protect the country under the Covid-19 pandemic.”

From ransomware to supply chain security

But the past 12 months have been notable for far more than just pandemic-related threats, with a surge in ransomware attacks bringing cyber security issues to worldwide mainstream attention. The NCSC has responded to this on multiple fronts, from providing support to victim organisations to advice and guidance to others, as well as taking a lead role in elevating global conversations around ransomware.

Meanwhile, a series of major vulnerability disclosures and significant global incidents such as the Russian state-backed attack on SolarWinds have also tested the NCSC’s resources – prompting an investigation in which the NCSC had significant input, using data from its ACD services to estimate the extent of the incident and inform and support those affected.

The organisation has also continued its drive to increase security awareness and resilience among the general public and support education initiatives; to widen diverse participation in the UK’s cyber security sector; to further professionalise the sector through changes to its certification schemes; and to support emerging innovators in the security industry working in areas such as artificial intelligence (AI) and quantum cryptography.

“Undoubtedly there are challenges ahead, but the upcoming National Cyber Strategy, combined with the continued engagement from businesses and the public, provides a solid foundation for us to continue reducing the impact of online threats,” said Cameron.

“This year, we have seen countless examples of cyber security threats, from state-sponsored activity to criminal ransomware attacks. It all serves to remind us that what happens online doesn’t stay online – there are real consequences of virtual activity.

“In the face of rising cyber attacks and an evolving threat, this year’s NCSC Annual review shows that world-class cyber security, enabled by the expertise of the NCSC as part of GCHQ, continues to be vital to the UK’s safety and prosperity.”

Read more on Data breach incident management and recovery