The head of the GCHQ has said the UK needs to boost its cyber defences amid a growing threat from Russia – after the security agency took down a record number of online scams in 2021.
On Tuesday, Sir Jeremy Fleming told the CyberUK conference in Newport that the current ‘serious global economic situation’ means ‘the need to make the UK the safest place to live and do business online is ever more relevant’.
The UK and other countries are at risk from Russia’s cyber operatives for the simple reason that they are standing with Ukraine against Russia’s ongoing invasion, he said.
GCHQ’s National Cyber Security Centre (NCSC) has also revealed today that it took down a record 2.7 million online scams last year.
The hefty figure is four times higher than the amount removed in 2020 – a more modest 700,595.
A record 2.7 million online scams were taken down last year by the National Cyber Security Centre. Scammers tried to trick people with fake messages about the vaccine rollout and certificates
Strong cybersecurity is needed to protect the UK, now more than ever, because of global economic concerns and Russia’s war in Ukraine, Sir Fleming said.
GCHQ has seen indications that ‘Russia’s cyber operatives continue to look for targets in countries that oppose their actions,’ according to the GCHQ boss.
‘There’s plenty of cyber about, including a range of activity we and partners have attributed to Russia,’ Sir Fleming told the CyberUK conference, which kicked off today in Newport.
‘We’ve seen what looks like some spillover of activity affecting other countries.
‘That’s why we have increased our efforts to ensure UK businesses and Government urgently improve levels of cyber resilience.
‘And why, with our allies, we will continue to support Ukraine in shoring up their cyber defences.’
Sir Jeremy Fleming told the CyberUK conference in Newport that the current ‘serious global economic situation’ means ‘the need to make the UK the safest place to live and do business online is ever more relevant’. Sir Fleming is pictured here in 2019
Speaking at the two-day conference, the intelligence chief said the UK is constantly working at domestic level to protect the public and businesses from cybercriminals.
‘Alongside our partners, we have mounted operations to undermine their networks, and prevent them from profiting from their crimes, as well as denying them access to their cyber tools and malware,’ he said.
‘In real life, this means tens of millions of pounds in potential fraud against the UK economy avoided, hundreds of thousands of stolen credit cards made worthless to the criminals, and countless potential victims of crime around the world with their data and accounts safeguarded. That’s cyber power on an immense scale.’
According to the new NCSC figures, a record number of scams were removed from the internet in 2021 thanks to the agency’s Active Cyber Defence programme.
Celebrity scams and bogus extortion emails were the most commonly removed, but other themes used by scammers included NHS vaccines and vaccine passports.
The NCSC said more than 1,400 phishing schemes themed around the NHS were taken down last year – an 11-fold increase on 2020 – as scammers looked to prey on public concern around the pandemic.
National Cyber Security Centre (NCSC) acts as a bridge between industry and government, providing advice, guidance and support on cyber security. Its parent organisation is GCHQ
Amazingly, one brazen scam that was expunged last year involved criminals posing as NCSC chief executive Lindy Cameron.
The scammer claiming to be Cameron sent an email informing the recipient that the NCSC had stopped £5 million of their money being stolen and to get the funds back they were required to reply with personal information.
‘As we kick off CyberUK, the latest ACD figures shine a light on how the NCSC has responded to emerging cyber threat trends and security issues to keep the UK safe at scale,’ Cameron said.
‘We know that scammers will go to great lengths – and indeed my name has been used to try to trick people – but as we continue to expand our defences we can see the tangible impact this is having.’
Fake celebrity endorsements and extortion emails were named as the most common type of scams taken down.
Meanwhile, more than 1.2 million domains linked with the Android malware Flubot were blocked.
This malware was distributed to the public via fraudulent ‘missed delivery’ messages or notifications, which might impersonate Royal Mail and tell victims they need to pay a delivery fee.
NCSC said the rise from 2020 to 2021 was the result of it expanding its services to tackle a broader range of scams, including fake celebrity endorsements, rather than an overall increase in malicious content targeting the UK public.
The agency’s efforts were helped by reports from the public of suspicious emails, texts and websites.
Dr Ian Levy, the NCSC’s technical director, said the statistics show the ‘crucial interventions’ the organisation can make to ‘take down online threats, deter attackers and improve our collective cyber resilience’.
He encouraged more businesses to ‘work even more closely with us’ to improve the NCSC’s services that ‘take down and block malicious websites’.
NCSC has also announced a new online tool designed to help organisations check whether their email security is adequate.
Called Email Security Check, it analyses a user’s email domain and recommend any security measures to stop scammers and protect privacy.