The UK was targeted by a large number of significant cyber-threats last year, according to new government figures.
A wide-ranging phishing campaign that used spoof emails from a major UK airport to try and steal customer details was revealed as one of the biggest threats blocked by GCHQ’s National Cyber Security Centre (NCSC) last year.
The specific airport targeted has not been named, but the criminals used fake gov.uk emails to try and target victims, sending out 200,000 emails claiming that recipients would receive a payout upon paying a small deposit.
The news was revealed in the NCSC’s Active Cyber Defence report – the second such time it has released such findings.
Overall, the NCSC disclosed said it had stopped 140,000 separate phishing attacks in 2018, as well as taking down 190,000 fraudulent sites – nearly two-thirds (64 percent) of which were offline within 24 hours of being detected.
Many fraudulent email campaigns took the form of HMRC communications, spoofing official messages from the organisation to offer tax returns if victims provide details of their bank account.
The NCSC also noted a number of other major campaigns it helped shut down, including a primary school being involved in the spread of a large-scale malware infection because its anti-virus system was not working, and an unnamed public sector organisation that deals with sensitive information getting breached because its employees had downloaded unauthorised software.
“Organisations are specifically at risk (of attack), with their valuable data ensuring there is a target firmly placed on their back at all times,” said David Mount, Director, Europe at Cofense. “Yet, while software and firewalls have been put in place, technology is not enough to keep out the phishing threats.”
“As important as technology is in the fight against those with malicious intent, it should be allied with employee awareness and education to keep businesses secure. By deploying their most adaptable and intelligent resource – employees – businesses can build a risk-aware culture and stand strong in the fight against threat actors.”
“By combining real time intelligence from security-aware humans, with leading-edge technology, organisations can identify both vulnerabilities and active attacks in progress more quickly with fewer resources, leading to a more successful outcome.”