New UK system will see ISPs benefit from same protections as government networks

BIRMINGHAM, United Kingdom — Britain’s National Cyber Security Centre (NCSC) has announced a new platform to help disrupt cybercrime and online fraud across the entirety of the country.

Launched at the CyberUK conference in Birmingham, the Share and Defend system will provide a list of malicious domains to a range of communications providers so the domains can be added to blocklists.

These domains are obtained from a range of sources, including from banks and commercial threat intelligence companies alongside certain feeds only accessible to the intelligence agencies.

The feeds are currently used to prevent government networks from connecting to known phishing and credential-harvesting pages, as well as malware command-and-control servers. Extending access to the value derived from them to the public is seen as an effective way to raise resilience across the whole of the country.

NCSC has several other programs intended to benefit the general public based on the use of the intelligence gained from these feeds. As previously reported by Recorded Future News, these include detecting the beginnings of ransomware attacks and then tipping off the target so that defensive measures can be put in place.

Another service launched at CyberUK will allow high-risk individuals to configure their mobile devices to run through the same Protective DNS system used to stop cyberattacks from impacting government networks, including candidates in the expected general election later this year.

Under Share and Defend, the same blocklists used to protect high-risk individuals and networks will be shared with internet service providers (ISPs) and other organizations who can add the domains to their own DNS platforms, hopefully providing the same level of security for ordinary internet users across the entirety of the country.

“If a defending partner is using our data to protect their customers, access to malicious content (such as a fake shop, a phishing site, or a malicious link in an email or text message) is automatically blocked,” explained NCSC.

“Although customers don’t need to do anything to benefit from this protection, we encourage all members of the public to remain vigilant when using online services, accounts and devices as the service can only offer protection against known malicious threats.”

Share and Defend remains a voluntary system, and it will be up to individual ISPs to implement it.The first organizations to be enrolled are BT and Jisc, a not-for-profit used by most of the higher education sector in Britain. NCSC said it was also working closely with Vodafone and TalkTalk to help them be able to receive the blocklists.

The move is part of NCSC’s attempts to make the United Kingdom a hard operating environment for cybercriminals. Officials stress it is not a replacement for customers being vigilant, but that it is expected to raise the costs for attackers and reduce the burden on those being targeted.