The NCSC has published its Active Cyber Defence – The Fourth Year report into the achievements and efforts of the Active Cyber Defence (ACD) programme. It underlines the focus on defending against ‘scale and commodity attacks’, not expecting to prevent every attack but to ‘make life harder for attackers, and raise their costs to a level that is difficult to sustain’. The theme of ACD efforts this year was helping to protect in the context of the pandemic.
The report includes details of the NCSC’s Protective DNS (PDNS) service, delivered by Nominet, which exists to combat malicious activity for public sector users. PDNS prevents the successful resolution of domains associated with malicious activity, while enabling the rest of the internet to remain accessible.
Highlights of the use of PDNS from the Active Cyber Defence – The Fourth Year report, include:
- In 2020, PDNS handled more than 237 billion DNS requests
- Of these, nearly 105 million requests were blocked, corresponding to 0.04% of all requests
- These 105 million blocked requests were for nearly 160,000 distinct domains attributed to cyber crime Organised Crime Groups (OCGs) with ransomware-related malware featuring prominently
- 799 organisations are using PDNS as of the end of 2020, with 302 new organisations onboarded in 2020
- The majority of NHS organisations are now actively using PDNS
- PDNS was offered to the vaccine supply chain, extending the protection of PDNS to private sector organisations for the first time
- The PDNS dataset was a primary data source for analysis, situational awareness and response in the software supply chain compromise of the SolarWinds Orion product