The UK National Cybersecurity Centre (NCSC) has published its latest report into the threat landscape, titled “Active Cyber Defence – The Fourth Year”. This is a report into the achievements and efforts of the Active Cyber Defence (ACD) program.
The report underlines the focus on defending against ‘scale and commodity attacks’. The report adds a degree of realism in that it is not expecting to prevent every attack but to ‘make life harder for attackers and raise their costs to a level that is difficult to sustain’.
The theme of ACD efforts for 2020 was helping to protect consumers and financial institutions in the context of the coronavirus pandemic. To a degree this has been successful, with a fifteen-fold success rate reported.
The report also includes details of the NCSC’s Protective DNS (PDNS) service, delivered by the provider Nominet. Protective DNS (PDNS) is any security service that analyzes DNS queries and takes action to mitigate threats, leveraging the existing DNS protocol and architecture.
Specifically, this service exists to combat malicious activity for public sector users. PDNS prevents the successful resolution of domains associated with malicious activity, while enabling the rest of the internet to remain accessible.
The report provides an indication of the extent of the problem, noting how in 2020, PDNS handled more than 237 billion domain name system (DNS) requests. Of these, nearly 105 million requests were blocked, corresponding to 0.04 percent of all requests. These 105 million blocked requests were for nearly 160,000 distinct domains attributed to cybercrime Organized Crime Groups (OCGs) with ransomware-related malware featuring prominently.
In terms of coverage, the report finds that 799 organizations are using PDNS, as of the end of 2020, with 302 new organizations onboarded during the year. The majority of these are in the health sector and National Health Service (NHS) organizations are now actively using PDNS.
Further in relation to health, PDNS has been taken up within the coronavirus vaccine supply chain, extending the protection of PDNS to private sector organizations for the first time.
Looking into these trends and the report findings, for Digital Journal, is David Carroll, Managing Director of Nominet Cyber Security.
Carroll begins by congratulating the NSCC for its success: “The fourth year of Active Cyber Defence was remarkable. Seeing PDNS come to the fore at a time when it was most needed – during the pandemic – is a source of pride.”
Carroll considers the take-up by NHS intuitions to be of particular importance, given the frequency that the health sector is targeted by rogue actors.
Carroll says: “Not only were we able to deliver PDNS to the majority of NHS organizations but, for the first time, PDNS protection was extended to the private sector as it was offered to protect the vaccine supply chain.”
Turning to a different but related topic, Carroll adds: “Another key milestone for PDNS was the response to SolarWinds. Proving to be a treasure trove for cyber analysts, the PDNS dataset was able to help NCSC identify the scope of vulnerability across the public sector to inform its incident response.”