Categories: InfoSec News Trending

UK SECURITY AGENCY TO SCAN THE UK FOR VULNERABILITIES

Published by
RiSec.Mitch

The National Cyber Security Centre (NCSC) has launched a new scheme and is now scanning all Internet-exposed devices hosted in the UK for vulnerabilities. designed to help it better understand how vulnerable UK systems are to cyber-attack, in order to enhance resilience.

The agency’s new internet scanning capability is designed to build a data-driven view of “the vulnerability of the UK.”

It will do this by probing any internet-accessible systems hosted in the country for known vulnerabilities, allowing the NCSC to understand how exposed these assets are and track remediation over time.

“We design our requests to collect the smallest amount of technical information required to validate the presence/version and/or vulnerability of a piece of software. We also design requests to limit the amount of personal data within the response,” the NCSC explained.

“In the unlikely event that we do discover information that is personal or otherwise sensitive, we take steps to remove the data and prevent it from being captured again in the future.”

The agency hopes the data it collects will help it to:

  • better understand the vulnerability and security of the UK as a whole
  • advise system owners about their security posture on a day-to-day basis
  • respond faster to incidents like a widely exploited zero-day vulnerability

In a blog explaining the new capability, outgoing technical director, Ian Levy, sought to reassure readers that the agency, which is part of GCHQ, wasn’t trying to find bugs “for some other, nefarious purpose.”

“The NCSC uses the data we have collected to create an overview of the UK’s exposure to vulnerabilities following their disclosure and track their remediation over time.”

NCSC’s scans are performed using tools hosted in a dedicated cloud-hosted environment from scanner.scanning.service.ncsc.gov.uk and two IP addresses (18.171.7.246 and 35.177.10.231).

The agency says that all vulnerability probes are tested within its own environment to detect any issues before scanning the UK Internet.

“We’re not trying to find vulnerabilities in the UK for some other, nefarious purpose,” NCSC technical director Ian Levy explained.

“We’re beginning with simple scans, and will slowly increase the complexity of the scans, explaining what we’re doing (and why we’re doing it).”

He added that the priority would be transparency, rigorous auditing, minimal scanning activity to reduce the impact on target resources and swift processing of any opt-out requests.

“We’re beginning with simple scans, and will slowly increase the complexity of the scans, explaining what we’re doing (and why we’re doing it),” he explained.

The NCSC released new data this week revealing the significant impact it has had over the past year in making the UK a safer place in which to live and do business.

Its Early Warning service provided users with 34 million alerts about attacks, compromises, vulnerabilities and open ports over the period, it said.

How to opt-out of vulnerability probes

Data collected from these scans includes any data sent back when connecting to services and web servers, such as the full HTTP responses (including headers).

Requests are designed to harvest the minimum amount of info required to check if the scanned asset is affected by a vulnerability.

If any sensitive or personal data is inadvertently collected, the NCSC says it will “take steps to remove the data and prevent it from being captured again in the future.”

British organizations can also opt out of having their servers scanned by the government by emailing a list of IP addresses they want to be excluded at scanning@ncsc.gov.uk.

In January, the cybersecurity agency also started releasing NMAP Scripting Engine scripts to help defenders scan for and remediate vulnerable systems on their networks.

The NCSC plans to release new Nmap scripts only for critical security vulnerabilities it believes to be at the top of threat actors’ targeting lists.

Suggest an edit to this article

Cybersecurity Knowledge Base

Latest Cybersecurity News

Cybersecurity Academy

Homepage

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for our Weekly Cybersecurity Newsletter Today.

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
Bookmark
Please login to bookmark Close
Social Comments Box
Share the word, let's increase Cybersecurity Awareness as we know it

This post was last modified on 5 November 2022 11:12 AM

RiSec.Mitch

Just your average information security researcher from Delaware US.

Leave a Comment
Published by
RiSec.Mitch
Tags: NCSC Scan UK

Recent Posts

  • Data Breach News
  • InfoSec News

WH Smith Announces Cyber-Attack: Employee Data Stolen

British high street chain WH Smith has recently revealed that it was hit by a…

2 years ago
  • InfoSec News
  • World Affairs

Voice ID: How Secure is it Really?

As banks worldwide roll out Voice ID as a means of user authentication over the…

2 years ago
  • Cybersecurity Academy
  • InfoSec News

What distinguishes Application Security from API Security?

In the era of digital transformation, cybersecurity has become a major concern for businesses. When…

2 years ago
  • Cybersecurity Academy
  • InfoSec News

The Top 5 Cybersecurity threats facing Businesses Today

In today's digital age, cybersecurity threats have become a significant concern for businesses of all…

2 years ago
  • InfoSec News
  • World Affairs

Enterprise users infected by RIG Exploit Kit thanks to Internet Explorer

The RIG Exploit Kit is currently in the midst of its most productive phase, attempting…

2 years ago
  • Cybersecurity Academy

The Rise and Rise of AI

One of the most transformational technologies of our time, artificial intelligence (AI), has quickly come…

2 years ago