NCSC Active Cyber Defence blocks surge of pandemic scams

by Joseph K. Clark

The National Cyber Security Centre’s (NCSC’s) Active Cyber Defence (ACD) program removed more online scams from the internet during 2020 than in 2016-2019 combined, responding to a 15-fold surge in cybercrime and malicious online activity during the Covid-19 pandemic. The ACD program’s fourth annual report has just been released before the first virtual CyberUK event on 11 May.


Last year saw a significant expansion of the ACD program – partly in response to the transformative impact of the pandemic on personal and organizational cyber security – including the introduction of the Suspicious Email Reporting Service (Sers), a reporting inbox for the public to forward scam or spam emails to for investigation. Sears has been a runaway success, receiving more than four million reports in 2020 and more in 2021.

The program also assisted in the UK’s work with allies (such as the US) to call out hostile nation-state cyber activity, such as attacking cyber attacks on developing Covid-19 vaccines to the Russia-backed APT29, or Cozy Bear, group. It oversaw the move of the NCSC’s CyberFirst skills outreach program online, resulting in record numbers of sign-ups from young people.

“As the cyber security community prepares to gather for CyberUK, the ACD report offers a helpful insight into just some of the ways the NCSC has adapted to protect the UK during the pandemic,” said NCSC CEO Lindy Cameron.

Cyber Defence

“Whether it has been protecting vital research into the vaccine or helping people work from home securely, the NCSC has worked with partners to protect the digital homeland during this unprecedented period.

“I look forward to hearing from thought-leaders at CyberUK as we reflect on this period and look ahead to building a resilient and prosperous digital UK after the pandemic,” she said.

NCSC technical director Ian Levy added: “The ACD program is truly a collaborative effort. Thanks to our joint efforts with partners both at home and internationally, we’ve been able to ramp up our efforts to protect the UK significantly.

“This has never been more important than in the past year, where it was vital for us to do everything we could to protect our most critical services and the broader public during the pandemic.

“The bold defensive approach taken by the ACD program continues to ensure our national resilience, and so I urge public bodies, companies, and the general public to sign up for the services available to help everyone stay safe online,” said Levy.

Among some of the details in the report is that the NCSC’s Takedown Service removed more than 700,000 scams, totaling 1.4 million unique URLs, as it reacted to protect the general public from the surge in pandemic-linked threats and other scams such as celebrity-backed investments.

The report also details how the ACD program protected the NHS by monitoring attacks seeking to harvest health service credentials and compromise critical hospital systems.

It detected over 120 phishing campaigns using NHS brands, up from 36 in 2019, with lures including vaccine roll-out and information and fake or unofficial copies of the Test and Trace mobile app – 43 fake NHS apps were removed from the Apple and Google app stores in 2020.

However, while it was far from the most exploited source of cyber threats in 2020, the pandemic was not the only one. Last year, the ACD program also noted a surge in attacks around TV licensing, corresponding with news of changes to the TV Licence regime for pensioners in July 2020. There were also several attempts to run phishing scams around Brexit.

More information on the services provided by the ACD program – including email and web security for public sector organizations, protective DNS services, and the popular Exercise-In-A-Box training tools, is available from the NCSC.

Related Posts