Ahead of the opening of its two-day flagship CYBERUK conference, the UK official National Cyber Security Centre – NCSC, a part of the Government listening agency GCHQ – has reported that more than 2.7 million scam campaigns were stamped out in 2021, nearly four times more than in 2020.
The NCSC puts this down to its expanded services to take down malicious online content, such as fake celebrity endorsement scams, rather than an increase in scams overall. The public besides has reported to the Centre suspicious emails, texts and websites, which have enabled the NCSC to remove more. The celebrity scams and bogus extortion emails were the most commonly removed but other themes used by scammers included NHS vaccines and vaccine passports and even in one instance impersonating NCSC CEO Lindy Cameron.
She said: “As we kick off CYBERUK, the latest ACD figures shine a light on how the NCSC has responded to emerging cyber threat trends and security issues to keep the UK safe at scale. We know that scammers will go to great lengths and indeed my name has been used to try and trick people, but as we continue to expand our defences we can see the tangible impact this is having.
“I look forward to discussing common approaches to boosting cyber resilience in the coming days at CYBERUK as we explore how to drive forward a whole-of-society approach to cyber security.”
The CYBERUK conference was online last year due to the covid pandemic; hence, the keynote speakers will also be streamed on the CYBERUK YouTube channel, including Lindy Cameron and GCHQ director Sir Jeremy Fleming. About 1,500 from industry, academia and government are due to attend CYBERUK, at the International Convention Centre (ICC), Newport, South Wales.
The NCSC has meanwhile published updated Cloud Security Guidance; first released in 2014. Paul Maddinson, Director of National Resilience and Strategy at the NCSC, said: “The cloud plays an increasingly vital role in the functioning of online services across the UK, and this trend will continue into the future. Our refreshed Cloud Security Guidance has the philosophy of security-by-design at its heart, meaning that organisations can have confidence when choosing a provider.
“I’d strongly encourage network defenders at organisations of all sizes to make use of the actionable advice set out in our refreshed Cloud Security Guidance.”
Comments
Steve Ritter, CTO at Mitek said: “All too often, industry experts are quick to blame consumers for “falling” for scams – but this blame game needs to stop. The onus should now be on technology and finance organisations to step up to the challenge.
“Consumers might not notice a dubious link, or the unknown number it’s sent from – but their phone, messaging service, or network could. A simple flag (‘This link could be fraudulent’) would go a long way to protecting consumers. And all it takes is AI and machine learning algorithms that are trained to spot scams before they reach the consumer.
“In the future, technologies like behavioural biometrics could be used to track fraudsters’ behaviour and movements around the web, to build a digital footprint of their activity and figure out if they’re really who they say they are. Legislation also plays a role, and initiatives like the UK’s Online Safety Bill are a welcome step forward. For now, however, we have to rely on the tools we already have at our disposal – and use them to stamp out scams before they hit our inboxes.”
And Mike Newman, CEO of the authentication product company My1Login said phishing is showing no signs of decline and it continues to be a major problem for all businesses.
“When it comes to these attacks, the initial ‘phish’ is only the start of a long path criminals will take to monetise their scams. Once a user has clicked on a malicious link, the next target will be to steal login credentials and passwords, as these provide attackers with the keys to the digital kingdom to carry out further attacks and make money through account takeovers, ransomware and data breaches.
“It is vital that businesses fight back against phishing, but when the numbers are this high, user awareness training is not enough. Instead, what many forward-thinking businesses are realising is that to tackle phishing, you need to address the root of the problem – passwords. These organisations are removing passwords from their users now and transitioning to passwordless security. Simply, if users don’t have passwords, or don’t know them, how can they be phished of them?”
