UK’s National Cyber Security Centre’s (NCSC) first annual report shows that the agency has detected and prevented millions of online commodity attacks against the UK. The four Active Cyber Defence (ACD) programmes aim to improve basic cyber security by disrupting cyberattacks that affect UK citizens. The technology, which is free at the point of use, improves defence against threats by blocking fake emails, removing phishing attacks and stopping public sector systems veering onto malicious servers. IT security experts commented below.
Eyal Benishti, CEO and Founder at IRONSCALES:
“The report from NCSC is very encouraging, especially the initial results from its Active Cyber Defence (ACD) programmes [Web Check, DMARC, Public Sector DNS and a takedown service.] However, while national initiatives are welcome and should be applauded, alone they’re not enough.
“As illustration, while DMARC can be effective in filtering out and reducing the number of fraudulent emails that attempt to hit users’ inboxes, it is not the be-all and end-all of email security. Hackers and criminal organisations continually find ways to bypass email security, with the latest way around DMARC is Mailsploit, a phishing method that enables attackers to create a nearly undetectable spoof.
“Mailsploit can sneak past DMARC by exploiting how email servers handle text data differently than operating systems. The exploit ultimately enables them to trick email servers into reading emails heads in a different way from how email client programs do. Exploits can take advantage of how the email sender name is displayed to bypass DMARC. And because Mail Transfer Agents don’t detect or block spoofed email addresses, they will usually relay those emails if the original address seems legitimate.
“NCSC’s efforts might have reduced the number of malicious and phishing messages getting through, but its not stopped them. For that reason, organisations must work to help end users in their workforce be able to spot these kinds of emails that are delivered into the inbox, before they become a problem. Raising employee awareness to phishing indicators so fewer are duped to fall for the scam in the first instance is valuable, but alone is not enough. While training might help some to spot badly created communications, with attackers honing their craft it’s not always easy to determine fact from fiction. In addition, no matter how hard you train people, no one is perfect 100% of the time. Employing mailbox level detection that tracks user behaviour analysis to build a picture of what is deemed normal behaviour so that anomalies in communications are easily spotted and automatically flagged as suspicious, in tandem providing a mechanism for employees that do spot something amiss in a message to report their findings via inmail alerts, which together allows quick reporting via an augmented email experience, helping the user make better decisions that ultimately helps protect the enterprise.”
Leo Taddeo, Chief Information Security Officer at Cyxtera Technologies:
“I applaud the UK government’s efforts to deter cyber threats through the NCSC’s Active Cyber Defence programme. This is exactly the type of leadership needed in this era of ever-present cyber threats. Governments must allocate the right people, processes and technologies as well as collaborate across public and private sectors if we are to successfully address these challenges. The NCSC’s programme smartly addresses common attack vectors like phishing because it is so pervasive. According to a recent report by Easy Solutions, 97 percent of people don’t know how to accurately recognize a phishing email; and, phishing attacks increased by 65 percent in 2016. By publishing its ‘Active Cyber Defence – One Year On’ summary, the NCSC has initiated a call to action to the private sector to help take down phishing sites and implement DMARC solutions. Cooperation is necessary if we are to make cybercrime less profitable and more risky for adversaries.”