For the first time in six years, the UK’s National Cyber Security Centre (NCSC) reported a decline in cybercrime activity. Based on their latest annual Active Cyber Defence (ACD) report, the NCSC dismantled 1.8 million nefarious campaigns and deactivated 2.4 million malicious URLs in 2022, marking a 33% and 22.5% reduction from 2021, respectively.
Since the inception of its ACD reports in 2017, each year had shown an escalation in takedowns until now. The substantial decrease is primarily attributable to fewer shutdowns of extortion mail servers and cryptocurrency investment scams. In 2022, the number of dismantled extortion mail servers plunged to 528,000 from a staggering 1,867,439 in the previous year, while the takedowns of cryptocurrency investment scams decreased to 459,278 from 610,621.
The NCSC, a division of GCHQ, refrained from providing a concrete explanation for the decrease in takedowns. An examination of the data on a campaign-by-campaign basis yields inconsistent conclusions. While the frequency of certain attacks, such as extortion mail servers, has decreased, others, such as malware-associated URL takedowns, have skyrocketed.
The most notable increases were in the takedowns of malware infrastructure URLs, which escalated to 18,337 in 2022 from 5,270 in 2021, and web-inject malware URLs, which climbed to 6,287 from 1,466 over the same period.
One plausible reason for the decrease in takedowns is the relatively short lifetimes of the campaigns. According to the ACD report, the median availability of mail servers and cryptocurrency investment scams is 25.5 and one hour, respectively. In comparison, the next top five attack types have a combined median availability of 56.29 hours.
The ACD report also indicates a 25% reduction in UK-hosted attacks. Despite phishing attacks remaining prevalent, the number of these attacks dropped significantly from 113,457 in 2021 to 77,471 in 2022, and their median availability fell from ten to seven hours.
The report further included brute force attacks, reporting 40,890 takedowns since the ACD started using honeypots in August 2022. The most takedowns occurred through the SSH protocol, with over 32,000 recorded from August to December 2022, followed by RDP, WordPress, and Exchange.
The ACD’s Takedown service, designed to identify and remove malicious sites before they cause significant harm, focuses on threats that could severely affect UK interests. Initially developed for UK government organizations, the service has expanded to cover a wider range of users over the years. Notably, it started tackling cryptocurrency investment scams in 2020, reaching a peak in January 2021, followed by a consistent downward trend into December 2022.
Source: ITPro.
