One of Britain’s market-leading broadband suppliers has become the first telecommunications provider in the world to start sharing information about malicious software and websites on a large scale with other ISPs. BT has launched a collaborative online platform to share its threat intelligence data across the ISP community in a secure and trusted way, describing the move as a continuation of its efforts to protect consumers and businesses from the global cyber-crime industry.
The move is in direct response to an initiative led by the National Cyber Security Centre (NCSC) to enable ISPs to share detection events, as outlined in its new report -‘Active Cyber Defence – One Year On’ – which details its ongoing efforts to disrupt millions of online commodity attacks against the UK.
This development sees the former communications monopoly alert other ISPs in the UK to any malicious domains associated with malware control that it identifies using its advanced threat intelligence capabilities. ISPs can then choose whether to take any action to protect their customers by blocking such harmful malware.
As a result of the growing industrialisation of cyber-crime, and the increasing complexity of malware, BT reports that it has identified and shared over 200,000 malicious domains since initiating the sharing of threat information at the end of last year. The firm’s cyber security experts boast that they are currently preventing the delivery of 50 million malicious emails with 2,000 unique malicious attachments every month – that’s almost 20 malicious emails every second.
Domain Name System (DNS) filtering is a key plank of the government’s Active Cyber Defence Strategy, and ISPs have been supporting this by automatically blocking tens of millions of malware infections which try to cross its infrastructure every week. Such action is preventing millions of customers from being harmed by malicious code and bogus websites. These everyday cyber threats can often result in the theft of personal data, financial losses, fraudulent activity and users’ computers being infected with ransomware.
Mark Hughes, CEO of BT Security, said: “We’ve been taking a more proactive and automated approach to blocking malicious code and harmful website content on our infrastructure for some time, in line with the NCSC’s Active Cyber Defence strategy. This allows us to mitigate a high volume of cyber threats before they have a chance to take hold and impact our customers. By sharing our malware data, we’re empowering other ISPs to provide their customers with the same level of protection, should they choose to take action.”
Cyber-security leaders have welcomed the move. Dr Ian Levy, Technical Director for the National Cyber Security Centre, said: “This is a fantastic initiative that will help provide broader protection of cyber threats facing the UK. Networks will be able to exchange detections in real time so that UK citizens can be protected by their ISP by default and for free, as part of the National Cyber Security Centre’s Active Cyber Defence programme. This unprecedented level of sharing and exchange will have a positive impact across the whole security community by helping us to collectively understand our adversaries and reduce the impact of cyber attacks.”
BT says that it has taken the step of sharing data relating to malware because it believes that the most effective way to bolster the UK’s defences against cyber-crime is through greater collaboration and the exchange of information. If other ISPs join BT in actively sharing threat intelligence data, this will help the entire industry to develop and strengthen a collective shield which will help to protect all customers by taking action within the UK’s communications networks.
The new approach sees BT combine threat intelligence data provided by the NCSC and its Domain Name System (DNS) security provider partners with its own data generated by its Cyber Security Platform, using big data analytics to proactively identify threats before they occur. This provides the business with a comprehensive view of the cyber threat landscape in the UK and globally.
In order to exchange this information with industry, BT has built a Malware Information Sharing Platform (MISP) which enables the data to be shared in a secure and trusted way with its partners and other ISPs. Announcing the new platform, BT pledged that it will also continue to share this threat information with the NCSC and with law enforcement organisations such as INTERPOL.