Re: [Covidimpacts-workshop] Some COVID-19 security stats
Stephen Farrell <stephen.farrell@cs.tcd.ie> Thu, 12 November 2020 20:50 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: covidimpacts-workshop@ietfa.amsl.com
Delivered-To: covidimpacts-workshop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5524A3A084D for <covidimpacts-workshop@ietfa.amsl.com>; Thu, 12 Nov 2020 12:50:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z-tNzAvGJN3b for <covidimpacts-workshop@ietfa.amsl.com>; Thu, 12 Nov 2020 12:49:58 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 93FE53A0820 for <covidimpacts-workshop@iab.org>; Thu, 12 Nov 2020 12:49:58 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 1484BBE56; Thu, 12 Nov 2020 20:49:57 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4xAyAIXcpkZF; Thu, 12 Nov 2020 20:49:55 +0000 (GMT)
Received: from [10.244.2.119] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id AF883BE55; Thu, 12 Nov 2020 20:49:54 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1605214194; bh=YCLQk3ub3ubYFhV2t56CJ2/mta0U000rHhR0gCzWHsU=; h=Subject:To:References:From:Date:In-Reply-To:From; b=jZWwMKg/5PwMHNl4Ozqm9qM2Xy/BlPIty/ol6pNzuKRr59kGXmLrT6sEQY6dyQA9z pCn8G0ZU8gv7t37K0uUBt3O9MCKciWueU277vL2CtbGFaX/amW7zWihVxDPzU6l1kS 92YYiM8OUihSKVaeebOYhgfYCGu8wd9iH8mB8ns4=
To: Kirsty P <Kirsty.p=40ncsc.gov.uk@dmarc.ietf.org>, "covidimpacts-workshop@iab.org" <covidimpacts-workshop@iab.org>
References: <LO2P123MB359936C82106E59B4E6FDD07D7E70@LO2P123MB3599.GBRP123.PROD.OUTLOOK.COM>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Message-ID: <bdcfb9be-920c-a892-c486-c46cd182b576@cs.tcd.ie>
Date: Thu, 12 Nov 2020 20:49:54 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.3.2
MIME-Version: 1.0
In-Reply-To: <LO2P123MB359936C82106E59B4E6FDD07D7E70@LO2P123MB3599.GBRP123.PROD.OUTLOOK.COM>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="K3mU6XycQkEHqrgpa6QVzUw70soTiGLBi"
Archived-At: <https://mailarchive.ietf.org/arch/msg/covidimpacts-workshop/LbQI3Sh2D67RNhaCburXYHJgqjs>
Subject: Re: [Covidimpacts-workshop] Some COVID-19 security stats
X-BeenThere: covidimpacts-workshop@iab.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: COVID-19 Network Impacts Workshop <covidimpacts-workshop.iab.org>
List-Unsubscribe: <https://www.iab.org/mailman/options/covidimpacts-workshop>, <mailto:covidimpacts-workshop-request@iab.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/covidimpacts-workshop/>
List-Post: <mailto:covidimpacts-workshop@iab.org>
List-Help: <mailto:covidimpacts-workshop-request@iab.org?subject=help>
List-Subscribe: <https://www.iab.org/mailman/listinfo/covidimpacts-workshop>, <mailto:covidimpacts-workshop-request@iab.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Nov 2020 20:50:00 -0000
Hiya, On 12/11/2020 11:31, Kirsty P wrote: > Stephen asked yesterday if malicious campaigns, scams/fraud overall increased, or if the numbers were the same but it was just a change in lure. > > I think focusing on numbers alone won't describe the full shift in patterns that we saw, but I'll share some stats from our annual review now it's been published (https://www.ncsc.gov.uk/annual-review/2020/docs/ncsc_2020-annual-review_s.pdf - page 98) below. > > It gives an indication of how much effort went to COVID campaigns, the shift in behaviours, and the relative takedown responses: > - 166,710 phishing URLs discovered across all campaigns were successfully taken down. 42,576 URLs were associated with UK Government-themed phishing attacks. The UK-hosted global share of visible phishing attacks further reduced to 1.27 % (from 2.1% last year). > - Since March, the NCSC has taken down 15,354 campaigns which used coronavirus themes in the "lure". These were hosted globally. > -- 8,800 were Advance Fee Fraud (419 scams) > -- 1,156 were associated with fake shops selling bogus PPE, coronavirus products, test kits (and even vaccines) > -- 251 phishing campaigns > -- 2,984 mail servers distributing malware Do you have any info on how that's changed e.g. vs. 2019. Reason to ask is I've seen various claims as to how working from home has affected security but I don't recall any before/after studies. (That may well be because I've not looked though, hard to imagine nobody was doing that.) Ta, S. > > Kirsty > This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk. All material is UK Crown Copyright � > >