Online scams soared by 1,500 per cent in the last year as criminals exploited crises from Covid to the chaotic aftermath of Brexit, a cyber security watchdog has reported.
More such attacks were taken down by the National Cyber Security Centre (NCSC) in the last 12 months than the previous three years combined. Hostile states as well organised crime gangs targeted government departments, businesses and the public in sustained hacking offensives, celebrity investment cons, and sextortion.
Criminals as well as foreign intelligence agencies also took advantage of the pandemic to target medical facilities. The NCSC’s Active Cyber Defence Programme dealt with 122 phishing campaigns involving the NHS last year, compared to 36 in 2019.
The HMRC was the most targeted by phishing attacks among government departments. Some of the attempted fraud sought to take advantage of the government’s furlough scheme introduced for businesses affected by Covid and income support schemes.
There was also a substantial rise in fake endorsement scams in which celebrities promoted lucrative endorsement schemes in newspapers, with financial expert Martin Lewis and Sir Richard Branson the figures most impersonated. The NSCS took down 730,000 of these attempts at fraud, described as “really convincing” and “really damaging”.
The NCSC also took down 180,000 mail servers used for sextortion, a form of blackmail in which the victim is threatened with public humiliation after being allegedly filmed secretly on webcam, or by a gang supposedly tracking their use of the internet for sexual purposes.
The criminals often try to convince targets that their secrets have been revealed by demonstrating that they have access to private passwords and browsing history. The enforced isolation of lockdowns, say analysts, added to internet traffic as well as the vulnerability of victims.
Members of the public, however, helped expose more than 84,000 scams, some of them large scale, by reporting more than 5.5 million messages to the suspicious email reporting service.
Activities of hostile states have also continued. Last Friday, Russian intelligence was accused by America and Britain of carrying out cyber attacks using new techniques, after it was exposed for hacking targets ranging from Covid vaccine supply chains to the US agency safeguarding nuclear stockpile.
The Russian foreign intelligence service, SVR, was blamed for the cyber attacks last year, described as the worst ever in the US, with seven other countries including the UK also targeted. According to American and British agencies, Russian agents started changing their techniques after they it was revealed in July last year that the group APT29 has targeted organisations involved in Covid vaccine developments in the UK, US and Canada.
Ian Levy, technical director of NCSC, said, “There was a massive rise in this year was fake endorsement scams preying on the vulnerable. We took down 730,000 of them last year, they are really convincing, using fake newspaper sites. We also took down 180,000 mail servers that we use for sextortion scams. These are well organised, very damaging, and have huge effect on people.
“People used the suspicious email reporting service in their thousands. The interesting thing for me is the stuff we didn't know about before a member of the public told us about 84,000 scams. That's pretty cool.”
The NCSC report is published prior to the annual CyberUK summit, which will be held online this year on Tuesday and Wednesday. Speakers are to include Jeremy Fleming, the director general of GCHQ, the foreign secretary, Dominic Raab, and the home secretary, Priti Patel.