Malware incidents make up 25% of CERT-UK's work in first 100 days

Over half the incidents reported to CERT-UK in the first three months of its operation were not related to critical national infrastructure

Over half of the incidents reported to the UK’s new national computer emergency response team (CERT-UK) in the first three months of its operation were not related to critical national infrastructure (CNI), according to the organisation’s first quarterly report.

CERT-UK’s main purpose is to support the CNI, which includes the government/public sector, energy, water, defence, transport, financial services, academia, supply chain and professional services.

Announced in December 2012 as a key element of the government’s £650m cyber security strategy, CERT-UK was initially set to launch by the end of 2013, but was later rescheduled for 2014.

“The vast majority of [non-CNI] incidents were ‘abuse’ reports (relating to phishing websites, networks sending spam emails, and so on),” said the report.

In terms of CNI sectors, government (13%) and finance (11%) reported the most incidents.The first quarterly report, which covers April to June, revealed that 25% of incidents involved malware. 

“Some organisations are able to handle the incident through existing capabilities, while others decide to bring in a cyber incident response-certified company to assist them,” said CERT-UK.

The report revealed that denial of service (DoS) attacks were low. This indicates better responses to these attacks and that organisations no longer need assistance, said CERT-UK. “DoS attacks have risen in prominence over the last few years, and the mitigation advice relating to them is well established,” it said. 

“The low level of incident reports received by CERT-UK could be indicative that businesses are now well prepared to mitigate this attack, and so no longer need to seek assistance if afflicted by a DoS attack.”

CERT-UK said that during the three-month period, the Heartbleed bug highlighted the importance of an accurate inventory of software and keeping up to date with vulnerabilities in it.

Reports to CERT-UK relating to social media account compromises and data loss were very low, the report said, “presumably because these are normally reported to law enforcement and the Information Commissioner's Office”.

CERT-UK expects malware to continue to be the main threat in the coming months and calls on businesses to get the message across to senior executives that cyber security is important.

“There are measures businesses can take to prevent (or at least limit) the frequency and impact of these events,” it said. “One important strategy is to ensure that the board or senior executives are aware of cyber security and understand why it is important to their business.”

Read more on Security policy and user awareness