Although many businesses use configured DNS filters to prevent cyberattacks, UK ISPs tend to blanket-block complete categories of websites to limit access to those most likely to be harboring malware. This hit-and-miss approach to online security often blocks genuine websites, or exposes consumers who opt out of DNS filtering to every type of online threat.
However, plans have now been announced that will see the UK´s spy agency – GCHQ – partner up with leading ISPs in the UK in order to develop a more finely-tuned approach to consumer security. Effectively GCHQ will advise the ISPs on how to configure their DNS filters to prevent cyberattacks on consumers based on individual sites known to harbor malware.
By preventing consumers from accessing “bad addresses” that appear to be legitimate domains, GCHQ hopes to reduce the number of malware and phishing attacks launched on the UK public each year. The organization is reported to routinely use DNS filtering to filter out some parts of the internet that the government asks to be banned, and this new initiative is an extension of its existing service.
The plans were announced by Ciaran Martin – head of GCHQ and the recently formed National Cyber Security Centre (NCSC) – at the Billington Cyber-Security Summit. Martin told Summit attendees, “We’re exploring a flagship project on scaling up DNS filtering: what better way of providing automated defenses at scale than by the major private providers effectively blocking their customers from coming into contact with known malware and bad addresses?”
A few years ago, former UK Prime Minister David Cameron attempted to introduce legislation that would require ISPs to block pornography. While legislation was not passed, ISPs entered into a voluntary agreement to block pornography by default. Since 2013, all new customers have been prevented from accessing online pornography by their ISPs unless they choose to opt out and lift the DNS filter. Under this voluntary arrangement, UK citizens are protected from inappropriate content, yet their civil liberties are not violated.
There would likely be considerable backlash if the government was to introduce legislation to block the accessing of certain websites, even if those sites were known to contain threats such as malware or ransomware. Martin is well aware of the potential problems that could arise. He told Summit attendees, “The government does not own or operate the Internet,” explaining that any move to use DNS filters to prevent cyberattacks would need to come from the private sector.
Martin explained that, as with ISPs blocking pornography, consumers would be given a choice to opt out of using DNS filters to prevent cyberattacks. He said “addressing privacy concerns and citizen choice is hardwired into our program.”
The plan to use DNS filters to prevent cyberattacks on consumers and UK businesses has been applauded. “The Great Firewall of Britain” will help to protect consumers from cybercriminal activity and keep electronic devices free from malware and ransomware.
There are currently millions of malicious websites that have been set up with the sole purpose of spreading malware such as banking Trojans, ransomware, spyware, or to commit online fraud. Data from the Information Commissioner’s Office (ICO) shows the number of reported online security incidents has doubled in the past year and cyber-infection rates are growing at an exponential level around the globe.
The use of DNS filters to prevent cyberattacks should go some way towards preventing consumers from inadvertently downloading malware or falling victim to a phishing campaign. However, while this is a step in the right direction, when the plan is implemented it will not spell an end to malware and ransomware attacks.
ISP DNS filters can only block websites that are known to be malicious or have been discovered to host exploit kits or malware. Cybercriminals are constantly changing tactics and are using ever more sophisticated methods of attacking individuals, businesses, and governments. The use of ISP DNS filters to prevent cyberattacks will help to deal with low level attacks, but organizations should not rely on their ISPs to block online threats.
It will still be essential for organizations to carefully control the website content that can be accessed by their employees, and to do that they will need their own web filtering solution.