+44-7916-314620
The UK’s leading cybersecurity agency has called on the country’s organizations to deploy cyber-deception technologies at scale to assess their efficacy.
National Cyber Security Centre (NCSC) CTO Ollie Whitehouse said in a blog post this week that the aim is to “establish an evidence base for use cases” of cyber-deception at a national scale to see how the technology might be adopted as part of its Active Cyber Defence 2.0 initiative.
He claimed two prominent use cases currently stand out:
The plan is an ambitious one. It aims to deploy a minimum of 5000 low- and high-interaction solutions on the UK internet, across IPv4 and IPv6, plus 20,000 low-interaction solutions inside internal networks.
In addition, Whitehouse wants to deploy 200,000 low-interaction solutions in cloud environments and two million honeytokens – fake IT resources designed to detect criminal activity.
He said the research aims to answer several key questions: how good are cyber-deception technologies at helping to detect latent and new compromises, and does knowledge of the presence of such technologies change threat actor behavior?
“We recognize the potential value of using cyber-deception technologies and techniques to support cyber defence in certain situations,” said Whitehouse. “We are keen to work with UK public and private sector organizations who have deployed solutions as described above. If this is you, we want you to get in touch.”
The initiative follows a “first-of-its-kind” conference of international and UK government partners and industry representatives at the NCSC’s headquarters.
The NCSC set out its plans for Active Cyber Defence 2.0 earlier this month, claiming it will usher in a new generation of cybersecurity tools and services to fill gaps in the commercial market.
The aim is for government departments or private sector organizations to take over these services in time.
Read more on cyber deception: Insurer’s UK Honeypots Attacked 17 Million Times Per Day.
- Cicada3301 Ransomware Targets Critical Sectors in US and UK
A new ransomware group, Cicada3301, has emerged as a significant threat since its discovery in June 2024. It targets businesses in critical sectors across the US and UK. In just three months, the group has reportedly published data from 30 companies on their dedicated leak sites, underscoring the severity of the threat. Multi-Platform Ransomware and… Read more: Cicada3301 Ransomware Targets Critical Sectors in US and UK - #CyberMonth: Software Updates, A Double-Edged Sword for Cybersecurity Professionals
Software updates are critical in protecting systems from cyber threats and providing new and improved functionality to software products. They are necessary to patch vulnerabilities that can be exploited by malicious actors, ensuring that systems remain secure. Software updates are one of the four pillars of the 2024 International Cybersecurity Awareness Month campaign. As part… Read more: #CyberMonth: Software Updates, A Double-Edged Sword for Cybersecurity Professionals - Universal Music Group Admits Data Breach
Universal Music Group (UMG), one of the world’s largest music corporations, disclosed a data breach in mid-July 2024. According to a filing with the Maine Attorney General’s Office, the breach may have exposed the personal information of 680 US residents. In the filing, UMG said it detected unauthorized activity in one of its internal applications on July 15,… Read more: Universal Music Group Admits Data Breach - Get Safe Online Launches New Scam Detector
Get Safe Online has launched a new tool that uses the power of AI technology to flag potential digital scams to users. Ask Silver is a smartphone-based tool that interacts with users via WhatsApp. Once they sign up, users receive a one-time email with a QR code to scan, which opens the WhatsApp chat. All… Read more: Get Safe Online Launches New Scam Detector - Sellafield Fined for Cybersecurity Failures at Nuclear Site
Sellafield Ltd. has been fined £332,500 ($437,440) for cybersecurity failures at the Sellafield nuclear facility in Cumbria, North-West England. Westminster Magistrates Court issued the fine following a prosecution brought by the Office for Nuclear Regulation (ONR), the UK’s independent nuclear regulator. Sellafield Ltd has also been ordered to pay prosecution costs of £53,253.20 ($70,060). The offences… Read more: Sellafield Fined for Cybersecurity Failures at Nuclear Site
