Takedowns of Fraudulent Web Services

The UK National Cyber Security Centre (NCSC) has released its report on the 6th year of its Active Cyber Defence Programme (ACD).  This is a summary of their initiatives in 2022, comparing figures with data from previous years.

A key section deals with active attempts to take down websites used for fraud or malicious activity.  This involves contacting the website host and requiring them to take the site off-line.  The criminals could be the owners of that webspace or might have used malicious scripts to create web shells to gain unauthorised access to otherwise legitimate sites.  Protecting against web shells partly depends on the controls set up by legitimate users and partly on the provider to notify registered users when suspect activity is detected. The 3 most prevalent providers noted by the NCSC as targeted by web shells in 2022:

  1. Newfold Digital; 4,666
  2. Cloudfare; 2,074
  3. GoDaddy; 1,787

Popular recent themes for fraud included cryptocurrency investments, spoofing government brands, energy bill ‘rebates’ and financial ‘support’ lined to the Ukraine war.  In 2022 the NCSC reported a total of 1,800,000 campaigns spread over 2,400,000 urls.  These are massive totals but the actual number of distinct frauds will be considerably less because of a constant juggling of launching sites, being taken down and starting again from another host.  The most common web server based scams of 2022; extortion mail servers (528,000) and crypto currency investment scams (459,000) only stayed on-line for a median availability of 25.5 hours (mail) and 1 (crypto) hour.  This should be seen against the median total for the next 5 most common attacks being 56.29 hours.

The ability of bodies such as the NCSC to control data hosted on the Internet depends on the willingness of the server owners to cooperate and reactions do appear to be swift.  In the case of UK hosts phishing was the most common activity requiring a server take down. In 2022 there were 77,471 instances with a median availability of 7 hours.  This is nearly 7x the next most prevalent case, 9,020 web shell compromised servers with median uptimes of 31 hours.

The NCSC is unlikely to discover even a fraction of fraudulent sites on its own but relies on information from the general public.  An easy way to register such a complaint is through their scam email, text, phone call and website reporting service.

While compliance is almost guaranteed within the UK some foreign sites will be impossible to control.  There is however the option to leave the site live but blocking access from the UK through enforcing blocking restrictions upon UK Internet Service Providers.  These can be overcome by using engines such the TOR browsing engine but such services are used ‘at your own risk’ and are unlikely to be required for casual browsing or shopping.  Government or other critical services will be accessing the Internet through a Protective Domain Name Service (PDNS) through which suspect IP addresses are blocked.  Certainly the NCSC activities do seem to be pushing criminal web host activities away from the UK with global phishing hosted on a UK webspace dropping from 5.3% in June 2016 to 1.7% in December 2022.

More from Security

03/09/2024

Google and Facebook Single Sign On (SSO)

Single Sign On (SSO) options are commonly seen through providers such as Google, Facebook and to a lesser extent Apple.  There are also less …

Read post

13/08/2024

Ransomware in Healthcare

The ThreatLabz 2024 Ransomware Report highlights the relative susceptibility of the healthcare industry to ransomware attacks.  312 attacks on the Healthcare industry were reported …

Read post

29/07/2024

Bad Bots

Kindus has discussed the role of bots on the Internet and how webmasters can use ‘robots.txt’ to control them.  Unfortunately many bots do not …

Read post

22/07/2024

Lessons from the Cloudstrike Outage

On July 19, 2024 at 04:09 UTC, CrowdStrike released an update for ‘Falcon Sensor 7.11’ or above to Windows systems.  This caused a system …

Read post

Sign Up

Sign up to our newsletter list here.

    Successful sign up

    Thank you for signing up to our newsletter list.

    Check your inbox for all the latest information from Kindus

    Categories