BT becomes first UK ISP to share real-time threat intelligence with others to protect customers
Telecom major BT has decided to share threat intelligence data with other ISPs to ensure consumers and businesses are protected from malicious software and sophisticated cyber-attacks.
BT intends to share detailed data about malicious software and websites with other ISPs using its new collaborative online platform which will be available for free.
The initiative by BT has now made it the first in the industry to take active measures to ensure the safety and privacy of consumer and enterprise data. It is expected that other leading ISPs will wholeheartedly support the initiative and share threat intelligence data on their own to ensure consumers across ISPs will be equally protected from the latest threats.
‘This development sees BT alert other ISPs in the UK to any malicious domains associated with malware control that it identifies using its advanced threat intelligence capabilities. ISPs can then choose whether to take any action to protect their customers by blocking such harmful malware,’ BT said.
Before BT made the announcement, that fact that such an initiative was in the works was announced by the National Cyber Security Centre in a report that featured the results of its one-year-old Active Cyber Defence Strategy.
According to the report, the new programme helped NCSC remove 121,479 phishing sites hosted in the UK and 18,067 hosted in the rest of the world that spoofed UK government websites. It also blocked a total of 515,658 fake e-mails from bogus ‘@gov.uk’ accounts.
NCSC also announced that an average 4.5 million malicious emails per month were blocked from reaching end users and that the number of such emails peaked at 30.3 million in June last year. More than 1 million security scans and 7 million security tests were also carried out on public sector websites to detect threats, and this helped reduce UK’s share of global phishing attacks from 5.3% in June to 3.1% in November last year.
‘We’re working with BT to build a community BGP monitoring platform that will be free for all UK ISPs to use so that we can collectively run some analytics on the collected routing path data.
‘We’ve written analytics for all sorts of things that could happen in the world of BGP and we’re expecting all the big BGP talkers in the UK to use this platform to help the community understand what’s really going on – both in terms of attacks and how their peering relationships actually work,’ the report said.
‘If ISPs filtered traffic coming into their networks from the edge – something called ingress filtering – then we could make it harder to spoof source addresses. Luckily, there’s an internet standard called BCP38 that explains how to do just that. If implemented correctly on UK networks it would make it much harder to generate lots of traffic from UK networks that can’t be easily filtered. To be totally clear, this would make it harder for UK based infrastructure and machines to be used to DDOS others.
‘The great news is that most of the big UK ISPs have told us they’ve now implemented BCP38. The even better news is that the Centre for Applied Internet Data Analysis (CAIDA31) runs a programme to generate data about which ISPs allow spoofing,’ it added.
So far, BT has identified and shared over 200,000 malicious domains with other ISPs since the end of last year and its security teams across the globe are now preventing the delivery of 50 million malicious emails with 2,000 unique malicious attachments every month.
The network is also leading efforts to ensure that Domain Name System (DNS) filtering is implemented by ISPs. This approach has also helped it block tens of millions of malware infections which try to cross its infrastructure every week, thereby protecting consumers from malicious code and bogus websites.
‘This is an important step in helping the Government achieve its aim of making the UK the safest place to live and do business online. We believe that only by working together with Government and the rest of the telecommunications industry can we collectively succeed in stemming the tide of cyber-crime. That’s why we’re urging other ISPs to join us in sharing threat information in a more open and collaborative way,’ said Mark Hughes, CEO of BT Security.
“We’ve been taking a more proactive and automated approach to blocking malicious code and harmful website content on our infrastructure for some time, in line with the NCSC’s Active Cyber Defence strategy. This allows us to mitigate a high volume of cyber threats before they have a chance to take hold and impact our customers. By sharing our malware data, we’re empowering other ISPs to provide their customers with the same level of protection, should they choose to take action,’ he added.