Protecting the NHS: NCSC fended off lots of meddling aimed at UK health orgs while ransomware ramped up

The National Cyber Security Centre fended off more than 700 cyber attacks directed against the British state over the last year, of which about a quarter were COVID-19 related.

Of the 723 incidents, the GCHQ offshoot handled between 1 September 2019 and 31 August this year, 194 were related to the coronavirus pandemic – with a significant number targeting the NHS and wider public sector healthcare organisations, as well as academia and government.

Issuing the org's annual report today, NCSC chief exec Lindy Cameron, who formally replaced founding chief Ciaran Martin in the summer, said: "This review outlines the breadth of remarkable work delivered by the NCSC in the past year, largely against a backdrop of the shared global crisis of coronavirus."

"We've added a significant amount of support to healthcare," added NCSC ops director Paul Chichester, referring to a number of incidents, some higher profile than others, during the year. The increased threat against healthcare organisations, which in the UK mainly means the National Health Service, has been well documented during 2020.

As part of its response to everything flung at Britain this year, NCSC took an increasingly active role in defending public sector IT networks against marauding online bands of malicious people, including designing a new NHS-focused backup service as well as its traditional role of incident analysis and advice. This Active Cyber Defence programme is now in place across 235 public-sector health organisations, including NHS trusts, and NCSC also boasted of scanning a million IP addresses "to check for weaknesses".

Espionage played less of a prominent role in this year's annual report than in that of 2019. Russia scored nine mentions in total, all of which related to state-sponsored hackers targeting academic institutions researching a coronavirus vaccine. China did not feature at all and neither did Iran nor North Korea, traditionally the countries whose governments have no qualms about hacking the UK.

Ransomware attacks picked up by NCSC broadly increased in line with what industry has also said during 2020, with this year's report mentioning not-quite-police-force the National Crime Agency as an increasingly important partner when responding to ransomware attacks.

COVID-19 played a large part in NCSC's work, with the organisation claiming the takedown of 15,354 "campaigns which used coronavirus themes in the 'lure'" and which were hosted around the world.

NCSC tech director Dr Ian Levy told The Register: "The vast majority [of these campaigns] are still hosted in normal commercial hosting sites. The ones that everybody uses," explaining that the free tiers of these services make it "easy" for criminals and their mates to set up shop overnight.

On the flip side, Levy added: "The great thing is [the services] respond really well to takedown requests," though "there are what are commonly known as bulletproof hosters."

NCSC is also opening its doors in Manchester as part of an existing GCHQ setup that lets the eavesdropping agency tap into academic research and the city's own tech sector. NCSC's stated interest is in hiring people "with a brief to support its mission on protecting critical national infrastructure." ®