Malware and phishing sites cause harm to UK citizens and brands. Takedown services aim to reduce the return on investment for attackers by removing sites and blocking any attack infrastructure to limit the harm that these attacks can cause.
About the NCSC Takedown Service
The NCSC works with Netcraft to provide the Takedown Service. The NCSC focuses the Takedown Service predominantly on the "HMG brand" - which is very broadly defined. Departments automatically benefit from the service without having to do anything.
Eligibility for the NCSC Takedown Service
The Takedown Service covers UK Government brands and services. The NCSC provides this service centrally.
How the NCSC Takedown Service works
The service discovers attacks in a variety of ways:
Spam and phishing feed scanning - it takes spam and phishing feeds and scans them for sites pretending to be UK Government brands
Suspicious Email Reporting Service (SERs) submissions - organisations help augment the service by forwarding emails (including any attachments) or the URL of any site pretending to be theirs to firstname.lastname@example.org.
SERs then automatically forwards these submissions to the Takedown service.
If applicable, the service then issues takedown notices to various hosting providers to get live attacks blocked. To further mitigate harm the service adds the sites to various safe browsing lists so modern browsers will not allow access.
Benefits of the NCSC Takedown Service
Benefits of the NCSC Takedown Service include:
URLs associated with UK Government themed phishing attacks, which are often targeted at UK based users, are removed and hence the harm caused by these campaigns is reduced
HMG brand is protected which in turn safeguards the UK's reputation
the timely removal of malicious sites further reduces any potential harm