Active Cyber Defence – The Second Year

17th July 2019


Simon Whitburn
Senior Vice President Cyber Security Services

The NCSC has just released its report on the second year of the Active Cyber Defence (ACD) programme: Active Cyber Defence – The Second Year. The programme aims to improve the security of the UK public sector and the wider UK cyber ecosystem, and the NCSC’s Technical Director Ian Levy has summarised the outcomes of the second year of operation in this interesting report.

In particular, the report positions the importance of the PDNS Service which by the end of 2018 was protecting an estimated 1.4 million employees across the UK public sector. In total across 2018, the service answered 68.7 billion queries with the peak query rate being 27,109 queries per second, seen in November.

Last year in Protective DNS:

  • Of the 68.7 billion queries, 57.4 million were blocked for 117,527 unique reasons
  • 28 million of the queries blocked were for Domain Generation Algorithms (DGAs), including 15 known DGAs. They included Ramnit, Suppobox, TinyBanker, Matsnu, Bedep, Fobber and Conficker19
  • 13,800 queries were blocked for at least 20 named botnet command and control systems, including Betabot, Graybird, Katrina, Lokibot, StealRat and Godzilla
  • A number of exploit kit related indicators were blocked, including 796,000 queries for 16 unique indicators of exploit kits including Magnitude, RIG, SweetOrange and Neutrino
  • Ransomware continued to be an issue globally as more than 450,000 WannaCry related queries were blocked from 15 different PDNS customers and more than 230,000 queries related to the BadRabbit ransomware

It’s great to see the importance of the DNS and the work of the Nominet cyber team mentioned in the latest ACD report. We’re proud to work with the NCSC and Government Digital Services (GDS) to provide the Protective DNS services.