Vulnerability scans are currently being conducted on all devices hosted in the UK that are open to the Internet. The National Cyber Security Center (NCSC), the government agency responsible for the nation’s cybersecurity mandate, is working on this.
Helping owners of internet-connected systems understand their security posture and determine the UK’s susceptibility to cyber-attacks.
According to the group, “the activities cover any internet-accessible system hosted in the UK, and vulnerabilities that are common or particularly significant due to their high impact,”
NCSC collects data from the UK
“The NCSC uses the data we collect to create an overview of UK vulnerability exposures. Following their disclosure, and to track their remediation over time.”
NCSC scans in a dedicated cloud-hosted environment using tools from scanner.scanning.service.ncsc.gov.uk and two IP addresses.
Prior to the investigation, the agency claimed that all vulnerability probes were assessed in its own environment for any issues.
NCSC technical director Ian Levy clarified: “We are not going to try to find vulnerabilities in the UK for some other nefarious purpose,”
“We started with simple scans and slowly increased the complexity of the scans, explaining what we were doing (and why we were doing it).”
Any information returned when connecting to services and web servers. For example, the complete HTTP answer is included in the data obtained from these scans.
Request to get the minimum amount of data required to determine whether a scanned item is vulnerable.
The NCSC said that if any sensitive or personal information was inadvertently collected, it would “take steps to delete the data and prevent it from being captured again in the future”.
UK businesses can also opt out of having their servers scanned by the government by sending an email to [email protected] with a list of IP addresses they wish to exclude.
The cybersecurity group also started disseminating NMAP scripting engine scripts. This started in January and is designed to help defenders find and update vulnerable systems on their networks.
NCSC intends to make new Nmap scripts specifically. This is because it believes that threat actors are likely to target those with serious security vulnerabilities.