The UK’s government’s leading agency for cyber security missions, The United Kingdom’s National Cyber Security Centre (NCSC) is currently scanning for vulnerabilities on all devices in the UK that are connected to the internet.
The NCSC has started this move to assess the exposure of UK internet-based devices to cyber-attacks and create awareness of security for people using internet-connected systems.
The agency said that activities being undertaken will “cover any internet-accessible system that is hosted within the UK and vulnerabilities that are common or particularly important due to their high impact.” The agency also added that the (NCSC) “uses the data we have collected to create an overview of the UK’s exposure to vulnerabilities following their disclosure and track their remediation over time.”
NCSC performs these tasks by using tools that are hosted in a devoted cloud-hosted environment from scanner.scanning.service.ncsc.gov.uk and two IP addresses (18.171.7.246. and 35.177.10.231).
The agency has highlighted that the search for internet exposure is being done within its own environment as a way of detecting any problems before scanning the UK internet.
According to Ian Levy, the NCSC’s technical director the agency is “not trying to find vulnerabilities in the UK for some other, nefarious purpose. We’re beginning with simple scans, and will slowly increase the complexity of the scans, explaining what we’re doing (and why we’re doing it.”
How to go out of vulnerability probes
Data put together from the NCSC scans will even include data that has been sent back when users are connecting to internet services and web servers. This will include the full HTTP responses (even headers).
Requests are planned to collect a minimal amount of information necessary to check if the scanned device has been affected by the vulnerability.
In the instances that a device was exposed and sensitive or personal information was unintentionally gathered, the agency has assured users that it will take necessary “steps to remove the data and prevent it from being captured again in the future.”
While all devices in the UK are susceptible to these scans by the agency, some British organizations can go off from the probe list so that their servers do not get scanned by the UK government. They can do this by emailing the UK government on scanning@ncsn.gov.uk a list of all IP addresses that the organizations want to be exempted from the probes.
The UK government through its cyber security agency has been beefing up its internet security for months. For instance, in January the NCSC started making available NMAP Scripting Engine scripts to assist defenders to scan their systems for vulnerability and help them repair any vulnerability issues on their networks.
The agency is expected to go ahead with its plan to make available new Nmap scripts which will only be used for highly vulnerable security issues that the agency believes to be at the very start of the target list for those attacking the systems.
The agency will notify users of any discovered vulnerabilities to their devices while the agency will use any information gathered to analyze the strength of their systems and understand what they are capable of.
The agency is also expected to hold a CYBERUK conference in April next year and it will use the data gathered to provide more information to the public.
The post made by the agency explained why the agency has embarked on this road. “As part of the NCSC’s mission to make the UK the safest place to live and do business online, we are building a data-driven view of the vulnerability of the UK.”
The newly launched program will help NCSC discover the overall state of cyber security of the whole country. The program will involve sending connection requests to the individual device and organizational servers and then logging all types of responses that have been received. The responses along with the time, date, and involved IP address. The agency will then probe this collected data to check for any forms of vulnerabilities. The agency is hoping that with regular scans it will have a collective idea of how the country is prepared against potential cyber-attacks.
The agency has likened the scans under this new program to those that are done by private firms for cyber security.
Previously, about 113,000 people lost their data when they were victims of a cyber attack that happened in 2020. The company responsible for this cyber security issue was Interserve a Construction group that was fined £4.4 million for letting the cyber attack happen. The company was fined by the Information Commissioner’s Office (ICO).
Interserve was given the fine because the cyber attack had originated from one of its employees through a phishing email that was not stopped in time. After all, the company did not follow up on an antivirus alert that was generated following the attack. It was faulted for not having updated systems that could stand that attack and for not having the right people on the job that could have helped the people that were cyber-attacked.
The 2020 cyber attack happened in May and led to the stealing of the personal data of previous and current employees that the government supplier company. The phishing emails stole information that could have been used to further commit other crimes like stealing from people’s pensions and payrolls and salaries.
The phishing email was shared among workers at the Interserve Group which resulted in one worker unknowingly downloading the malware that stole the personal information of 113,000.
With this in mind, the British government through its cyber security agency has started this program to conduct cyber security regular checks and scans for servers and devices for individuals and organizations. The NCSC hopes that more cyber attacks can be avoided using this new program that will help identify vulnerabilities in internet-based systems. The agency also hopes to alert users of cyber dangers and prepare them against any cyber security attacks.
