All devices hosted in the UK open to the Internet are currently being scanned for vulnerabilities. National Cyber Security Centre (NCSC), the government organization in charge of the nation’s cyber security mission, is working on it.
To help owners of Internet-connected systems understand their security posture and to determine the UK’s susceptibility to cyberattacks.
According to the organization, “These activities cover any internet-accessible system that is hosted within the UK and vulnerabilities that are common or particularly important due to their high impact,”
NCSC collected data from the UK
“The NCSC uses our collected data to create an overview of the UK’s vulnerability exposure. Following their disclosure, and track their remediation over time.”
NCSC uses tools from scanner.scanning.service.ncsc.gov.uk and two IP addresses to conduct scans in a specialized cloud-hosted environment.
Before investigating, the agency claims that all vulnerability probes are evaluated in its own environment to find any problems.
NCSC technical director Ian Levy clarified, “We’re not trying to find vulnerabilities in the UK for some other, nefarious purpose,”
“We’re beginning with simple scans and will slowly increase the complexity of the scans, explaining what we’re doing (and why we’re doing it).”
Any information supplied back while connecting to services and web servers. Such as, the full HTTP answers are included in the data acquired from these scans.
Requests are made to get the least amount of data necessary to determine whether the item being scanned is vulnerable.
The NCSC states that it will “take steps to remove the data and prevent it from being captured again in the future” if any sensitive or personal information is unintentionally gathered.
By sending an email to scanning@ncsc.gov.uk with a list of IP addresses they want to be excluded, British enterprises can also choose not to have their servers scanned by the government.
The cybersecurity organization also began disseminating NMAP Scripting Engine scripts. This started in January to assist defenders in finding and updating weak systems on their networks.
The NCSC intends to make new Nmap scripts exclusively. This is because it thinks threat actors will most likely target those available for serious security flaws.
