NCSC Reports Record Number of Cyber Incidents Amid COVID-19UK Cyber Agency Responded to Over 700 Cyberthreats Over 12-Month Period
The U.K. National Cyber Security Centre responded to a record-setting 723 cyber incidents over the past 12 months, 200 of which were related to the COVID-19 pandemic, according to the security agency's annual report released Tuesday.
The annual report, which covers the number of cyberthreats the agency responded to between September 2019 and August of this year, notes that the number of incidents increased by about 20% compared to the same period a year ago, when NCSC responded to more than 650 separate incidents.
During this 12 month period, these 723 cyber incidents affected some 1,200 victims across the U.K., according to the report. NCSC, which is the public-facing arm of intelligence service GCHQ, noted that in the months ahead the agency plans to step-up its response to COVID-19 issues such as security threats aimed at vaccine testing and other research related to the pandemic.
This includes providing additional support for Britain's National Health Service, says Lindy Cameron, CEO of the NCSC.
"Expertise from across the NCSC has been surged to assist the U.K.'s response to the pandemic," Cameron notes. "More than 200 of the 723 incidents the NCSC handled this year related to coronavirus and we have deployed experts to support the health sector, including NHS [National Health Service] Trusts, through cyber incidents they have faced."
During this time, NCSC analysts performed threat hunting exercises aimed at 1.4 million NHS endpoints to detect suspicious behavior, according to the report. The cyber agency also scanned more than 1 million NHS IP addresses to help detect security weaknesses and shared over 51,000 indicators of compromise with NHS officials.
Since March, NCSC has responded to an increasing amount of cyberthreats related to COVID-19. This includes more than 15,000 coronavirus-related malicious campaigns dismantled by the agency and its commercial partner Netcraft, according to the report.
"Many of the 22,000 malicious URLs taken down as a result related to coronavirus scams, such as pretending to sell [personal protective equipment] equipment to hide a cyberattack," Cameron says.
NCSC also recorded several phishing email campaigns designed to take advantage of the COVID-19 pandemic. Other security firms and cyber agencies in the U.S. and elsewhere also took note of the increase in these types of malicious messages (see: COVID-19-Themed Phishing Campaigns Diminish).
"Some scams, frequently using phishing emails, claimed to have a 'cure' for coronavirus, or sought donations to bogus medical charities," according to the annual report. "Many users found that clicking a bad link led to malware infection, loss of data and passwords."
The NCSC report also notes one incident involving a Russian-linked hacking group known as APT29 or "Cozy Bear" that happened in July. During the incident, the threat actors deployed spear-phishing emails and various malware variants in an attempt to gather and steal intellectual property related to COVID-19 vaccine testing and research.
This incident resulted in NCSC, along with American and Canadian intelligence officials, sending out a worldwide alert about Russian-linked hacking groups targeting COVID-19 research (see: US, UK, Canada: Russian Hackers Targeting COVID-19 Research).
"This not only exposed the hostile action directly but also demonstrated to a wide range of pharmaceutical companies that they needed to understand more about protecting themselves," according to the report.
When it comes to cybercrime, the NCSC notes that incidents related to ransomware and the exfiltration of data from victims increased threefold during the past 12 months compared to the previous period.
The report notes ransomware attacks have become more targeted during this time, with universities and other academic institutes an increasing in the crosshairs of ransomware gangs (see: Analysis: Online Attacks Hit Education Sector Worldwide).
"Universities are targeted by cybercriminals just as any other organization might be. Criminals seek to access personal information, convince users to install malware and lock or damage data, all with a view to financial gain," according to the report.
In July, the NCSC reported that about 25% of sports clubs were victims of ransomware. In that report, the agency reported that an unidentified English Football League club incurred losses after a targeted ransomware attack crippled the club's corporate and security systems. As a result, CCTV cameras and turnstiles at the stadium failed to operate, which led to the cancellation of a game (see: Hackers Target UK Sports Sector to Steal Millions).
Senior Correspondent Akshaya Asokan contributed to this report.