War in Ukraine and ransomware trends top the agenda at this year’s NCSC conference

More than 2.7 million scams were removed from the internet in 2021 thanks to an expansion of the UK government’s Active Cyber Defence (ACD) program.

Led by GCHQ’s National Cyber Security Centre (NCSC), successful ACD action has increased by a factor of four over the past 12 months.

This is according to preliminary figures in the latest ACD annual report, which was released today (May 10) on the first day of the NCSC-organized CyberUK conference.

Behind the scenes

During a directors’ panel session at CyberUK today, Ian Levy, technical director of NCSC, said the volume of scams blocked by the agency has increased by a factor of almost four, thanks in part to the inclusion of new categories of fraud.

For example, the NCSC has started blocking extortion-based scams against individuals and parcel delivery firms, along with ‘celebrity endorsed investment scams’.


RECOMMENDED Russia behind cyber-attack on satellite internet network that disrupted Ukrainian infrastructure


Themes used by scammers included fake coronavirus vaccines and vaccine passports. One campaign was even discovered to be impersonating the CEO of the NCSC, Lindy Cameron.

For example, the NCSC removed more than 1,400 NHS-themed phishing campaigns last year – an 11-fold increase on 2020.

The ACD program – which works alongside the disruption of cybercrime forums such as the recent takedown of Hydra – to “increase costs and reduce opportunities for cybercriminals”, according to the NCSC.

Levy added that the agency was working with telecommunications providers to make it more difficult for criminals to spoof the phone number of reputable firms, a trick sometimes used by scammers to make frauds more credible.

Eastern front

The preliminary results from the annual report on the ACD program were released on the first day of CyberUK 2022. The full version is due to be published next week.

Other key topics topping the agenda at the event included Russia’s invasion of Ukraine and the ongoing threat from ransomware.


Read more of the latest cybercrime news from around the world


Western government agencies including GCHQ have blamed Russia for a series of attacks in the run up to and during its invasion of Ukraine.

These have included the deployment of destructive wiper-style malware, as well as the February 24 attack against ViaSat – an attack primarily aimed at the Ukrainian military that also hit wind farms in central Europe and internet users outside Ukraine.

“We’ve seen spill over from some of the attacks on Ukraine but nothing on the scale of NotPetya,” commented the NCSC’s Lindy Cameron.

NCSC operations director Paul Chichester added that the war in Ukraine has been accompanied by the “most offensive set of cyber operations one country has launched against another country” and the only reason they have not had a bigger effect is because of the “resilience of Ukraine”.

Disrupting cybercrime

The war in Ukraine has been accompanied by a raft of sanctions, including banking restrictions against Russia.

These restrictions have impeded the ability of Russian-based cybercriminals to buy or rent internet infrastructure as well as their ability to cash out the proceeds of ransomware scams, according to senior NSA advisor Rob Joyce.

UK government officials were reluctant to endorse these findings while private sector experts told The Daily Swig it was too early to say definitively whether the war in Ukraine was disrupting cybercrime infrastructure.

“For the most part it’s business as usual for cybercriminals,” Zeki Turedi, CrowdStrike’s EMEA CTO, told The Daily Swig.

Much is written about attacks leveraging zero-day vulnerabilities, but the main modus-operandi of cybercriminals remains scanning the networks and cloud-environments of enterprises for known vulnerabilities, according to Turedi.

Turedi said: “There’s been a huge increase in attacks against low hanging fruit” such VPNs, firewalls and web apps.

This year’s CyberUK is taking place in Newport, Wales. The Daily Swig will be back with more coverage throughout the week.


YOU MIGHT ALSO LIKE EU targets standardization as key to bloc-wide cyber-resilience