The world is facing a 50 per cent explosion of phishing attack, but GCHQ in the UK is taking a bold stance against the wave of threats.
GCHQ has announced its 2017 success in shutting down over 120,000 fake websites and repelling in the region of 54 million cyberattacks.
Standing guard for Britain against the cybercrime onslaught the world is facing, GCHQ has reflected on the effectiveness of its ‘active defence programme’, the approach it leveraged in taking down 121,479 unique phishing sites in 2017.
An important aspect of this achievement is the shutting down of 18,067 unique phishing sites across 2,929 attack groups masquerading as brands of the UK government. The result of this assault has meant that the median availability of a phishing site physically hosted in the UK has been reduced from 42 hours to just 10.
Overall the work of GCHQ has had a global impact, with the global share of the UK hosted phishing reduced from 5.5 per cent to 2.9 per cent despite a massive 50 per cent global increase.
Rob Wilkinson, Corporate Security Specialist at Smoothwall, said: “On a bigger scale, attacks by foreign countries and governments are usually the ones that make the headlines in the UK. But in fact, it is usually the smaller, more common and far more infectious malware and phishing cyber attacks that cause the most damage to the population as a whole. The “Great British Firewall”, as it has been dubbed in a report released by the GCHQ today, is said to have prevented 54m online attacks in the UK alone last year – but when you consider that their “active defence program” has led to only a 2% reduction, the scale of the problem is there for all to see.
Month by month analysis indicates that hackers are being driven away from trying to use the UK government brand, and there are also fewer malicious sites being hosted within UK infrastructure.
“While the Government is certainly best equipped to tackle many of the online threats in 2018, there is a case to be made for many companies and institutions training their staff to know how to recognise signs of a cyber attack. Businesses should already have the latest defence systems in place to combat cyber attacks in the form of ongoing threat monitoring. However, an added layer of protection in the form of employee training is a sure-fire way of keeping workers – and the companies which they are employed by – safeguarded from malicious attempts at stealing sensitive information, infiltrating systems and generally causing chaos,” Wilkinson said.
Some have been left unimpressed by the 54 million attacks that GCHQ claims to have deflected, taking into account the vast figures associated with today’s threat landscape, particularly in terms of phishing.
Mark James, security specialist at ESET, said: “I think to most people 54 million attacks sounds high but in the digital world it’s not a figure that surprises me. Cyberattacks are relentless, they don’t need to rest, they can be triggered from anywhere in the world and will continue until successful or stopped. For many high profile organisations it is part and parcel of having a digital footprint.”