The UK National Cyber Security Centre (NCSC) has revealed it thwarted more online scams during the pandemic than it had done in the previous three years combined. COVID and NHS-themed cyber crime fuelled the increase, with security experts recording a 15-fold rise in the removal of online campaigns in 2020 compared to 2019.
The findings were included in the NCSC’s annual Active Cyber Defence (ACD) report, a service which protects the UK from millions of cyber attacks and was released ahead of the organisation’s CYBERUK event this week.
It reported a significant jump in the number of phishing attacks using NHS branding to trick victims, while the COVID vaccine rollout was used as a lure in email and text messages to gain people’s personal information for fraud. Around 43 fake COVID apps were also taken down by the security organisation.
“The big increase in Covid-19 related scams, fake vaccine shops, fake PPE shops, show – to me anyway – that criminals have no bounds on what they will abuse and the fear that they engender to try and harm and defraud people,” said Dr Ian Levy, Technical Director of the NCSC.
The ACD programme also includes a ‘Suspicious Email Reporting’ service which the NCSC said had been “hugely successful” since its launch in April 2020. The service received nearly four million reports of malicious emails from members of the public in its first year. The organisation also worked with a number of allies to call out hostile state activity, which includes help exposing Russian-state sponsored attacks on COVID vaccine facilities.
“The ACD programme is truly a collaborative effort, and it’s thanks to our joint efforts with partners both at home and internationally that we’ve been able to significantly ramp up our efforts to protect the UK,” Dr Levy continued. “This has never been more important than in the last year, where it was vital for us to do everything we could to protect our most critical services and the wider public during the pandemic.”
In addition, the report showed that in the last year more than 700,000 online scams totalling 1.4 million URLs were removed by the NCSC – a massive increase on previous years due largely to the expansion of the Takedown Service.
One particular area of focus for ACD last year was protecting the NHS, and the report detailed efforts to monitor for attacks that sought to harvest NHS credentials and potentially compromise critical systems. In 2020 ACD detected 122 phishing campaigns using NHS branding, compared to 36 in 2019.
Lindy Cameron, Chief Executive of the NCSC, said: “Whether it has been protecting vital research into the vaccine or helping people work from home securely, the NCSC has worked with partners to protect the digital homeland during this unprecedented period.
“I look forward to hearing from thought-leaders at CyberUK as we reflect on this period and look ahead to building a resilient and prosperous digital UK after the pandemic.”