Criminal networks peddling stolen credit cards worth “tens of millions of pounds in potential fraud” have been thwarted by a government cybersecurity task force, Sir Jeremy Fleming, head of GCHQ, revealed today. It demonstrates the UK government’s focus on cyber defence is bearing fruit, with the revelation coming on the same day it was revealed that more than two million online scams were taken down by the government’s Active Cyber Defence (ACD) programme last year.
In a rare insight into the cyber defence tactics used to combat criminal gangs, delivered during a speech at the government’s CyberUK conference this morning, Sir Jeremy said that the National Cyber Force (NCF), a partnership established in 2020 between defence and intelligence agencies to counter major cyber threats, had played a key role in stopping fraudsters, with analysts working for the NCF rendering hundreds of thousands of stolen credit cards worthless to stop them being used fraudulently.
The NCF “mounted operations to undermine [criminals’] networks, and prevent them from profiting from their crimes as well as denying them access to their cyber tools and malware,” Fleming said.
“Through the NCF, we are actively undermining the cybercriminals’ assumption that they can act with impunity on the internet. We have disrupted criminals, making it clear that they are being observed, and going after their ability to profit from illegal activities.”
NCSC takes down two million online scams
The NCF is not the only cyber defence agency to have enjoyed significant successes in recent months. More than two million online scams were taken down by the government’s ACD last year, according to figures released by the National Cyber Security Centre (NCSC) today. According to the agency, these figures reflect an expansion of the organisation’s capabilities in targeting an ever-increasing range of malicious online content, rather than a general increase in scams.
The number of online scams detected and taken down last year was nearly four times the amount in 2020, with public reports of suspicious online behaviour contributing to the increase, the NCSC said.
While celebrity scams and extortion emails were among the most commonly removed campaigns, criminals also used the NHS vaccines and vaccine passports to try to con unsuspecting citizens, according to the NCSC. The organisation also said that the Covid-19 pandemic caused a surge in NHS-related scams, with more than 1,400 related phishing campaigns removed last year - an eleven-fold increase from 2020.
The ACD programme provides a range of free cybersecurity services to public and private sector organisations to tackle “high-volume commodity attacks that affect people’s everyday lives” instead of more sophisticated and targeted attacks that the NCSC handles itself. Such services include early warning alerts that notify organisations of malicious activity detected in information feeds, and a Suspicious Email Reporting Service which analyses emails with malicious links and removes them from the internet.
The NCSC itself has been used in an attempted scam
One campaign involved emails sent by scammers impersonating the NCSC's CEO Lindy Cameron. Recipients of these emails were informed that £5m was stolen from them and that they had to provide their personal information to get their money back.
“We know that scammers will go to great lengths, and indeed my name has been used to try and trick people, but as we continue to expand our defences we can see the tangible impact this is having,” said Cameron.
Over 1.2 million domains linked to the Android malware Flubot were also blocked last year, in which the malware was distributed through fraudulent ‘missed delivery’ scams. Dr Ian Levy, NCSC’s technical director also said that since its inception in 2017, the ACD programme has been “central” to preventing millions of cyberattacks in the United Kingdom.
“As ACD continues to grow and innovate, we strongly encourage the private sector to work even more closely with us to enhance the effectiveness of our services to take down and block malicious websites,” he added.