You wanna use GCHQ offshoot NCSC's threat intel feeds? Why not, say bosses

Britain's National Cyber Security Centre is prepared to share its cyber defence tech and threat intel feeds with British organisations in need of extra help, it said at the launch of its annual review today.

The GCHQ offshoot said it had shared "tens of thousands of indicators of compromise" across universities, as well as health and scientific institutions during 2020, in addition to sharing threat assessments with more than 80 companies and 14 universities.

You probably don't want the country's DNS being run by GCHQ!

Chief techie Ian Levy highlighted the NCSC's Protective DNS service to The Register as one example of good things the cyber defence organisation has done, with the custom DNS resolver service being used by 1,000 NHS supply chain firms to prevent their devices visiting known malicious web domains.

Levy, however, pointed out that NCSC's PDNS service is of limited use for the wider private sector, adding: "You probably don't want the country's DNS being run by GCHQ!"

Paul Maddinson, NCSC director of national resilience, added: "What we can certainly do is work with the private sector to develop similar capabilities themselves… we're really happy to share both the technology [and] the threat intelligence feeds."

During the last 12 months the NCSC said it played a vital role in fending off cyber attacks directed at the NHS as well as organisations researching and producing COVID-19 vaccines.

In March universities and schools were urged to sort out their security posture after a spate of ransomware attacks directed against them.

We understand the NCSC has an internal "grand challenge" for its staffers to figure out just how vulnerable the UK public sector is to cyber attacks and ransomware, focusing on a data science-driven approach to ascertaining which orgs are most vulnerable to the latter. There's a long chain of UK.gov suppliers stretching deep into the private sector, and in turn many of those are potentially vulnerable to supply chain attacks targeted at their MSPs.

• Russia-based criminals are still the UK's number 1 cyber-foe, NSO Group's wares a 'red flag' says NCSC chief
• Not only MSPs: All cloudy firms are in line for UK security law crackdown
• Money can buy you insurance against network break-ins but investing in infosec hygiene wouldn't go amiss, says new NCSC chief
• UK's National Cyber Security Centre sidles in to help firm behind hacked NurseryCam product secure itself

Active Cyber Defence is the NCSC scheme for blunting common-or-garden cyber attacks by offering threat reduction advice and some simple tools. It's basic stuff compared to what the infosec industry can do (for the right price) but the main advantage, for tools available to the private sector, is that they're free.

Otherwise the NCSC annual review [PDF] boasted that it had managed 777 incidents during the last 12 months – including the Footfallcam kerfuffle where a British-based company was found to be saving user passwords and DVR admin credentials in plaintext. Around a fifth of those incidents concerned healthcare and vaccine-focused organisations.

Chief exec Lindy Cameron said she was "proud" of the GCHQ offshoot, which has played an increasing role in calling for more government intervention, regulation and legislation to tackle ransomware attacks.

"Undoubtedly there are challenges ahead," said Cameron in a statement, "but the upcoming National Cyber Strategy combined with the continued engagement from businesses and the public provides a solid foundation for us to continue reducing the impact of online threats."

Over the past 12 months the NCSC also responded to a rise in ransomware attacks, and a range of services have been provided to businesses over the past year to help protect them from ransomware. These include the Early Warning Service alerting organisations to emerging threats through to cyber security advice for those working in education.

Steve Barclay MP, Cabinet Office minister (aka Chancellor of the Duchy of Lancaster for some constitutionally obscure reason), said: "The government and its agencies will continue to throw every resource at its disposal to stamp out cybercrime and take down cybercriminals but there are things that we can all do to keep us and those in our communities safe. We want to make sure that everyone knows how to avoid threats online, spot scams and where to report wrongdoing."

The latter includes around eight million reports made to the NCSC's suspicious email reporting service resulting in 67,000 takedowns.

"The Active Cyber Defence programme has taken down 2.3 million cyber-enabled commodity campaigns, 442 phishing campaigns using NHS branding, and 80 illegitimate NHS apps hosted and available to download outside of official app stores," concluded a cheerful NCSC.

It's a small dent in the tidal wave of malicious sites and services online but a good one to make. ®