Pressemitteilung · 06 Feb 2018

BT steps up battle against cyber-crime by sharing malware data with ISPs


BT first to share cyber-security data on a large scale and urges other ISPs to follow its lead.

BT has become the first telecommunications provider in the world to start sharing information about malicious software and websites on a large scale with other ISPs, and has urged UK broadband providers to follow its lead.

BT has launched a free collaborative online platform to share its threat intelligence data across the ISP community in a secure and trusted way, as it continues its efforts to protect consumers and businesses from the global cyber-crime industry.

This is in direct response to an initiative led by the National Cyber Security Centre (NCSC) to enable ISPs to share detection events, as outlined in its new report - ‘Active Cyber Defence – One Year On’ - which details its ongoing efforts to disrupt millions of online commodity attacks against the UK.

This development sees BT alert other ISPs in the UK to any malicious domains associated with malware control that it identifies using its advanced threat intelligence capabilities. ISPs can then choose whether to take any action to protect their customers by blocking such harmful malware.

As a result of the growing industrialisation of cyber-crime, and the increasing complexity of malware, BT has identified and shared over 200,000 malicious domains since initiating the sharing of threat information at the end of last year. BT’s global team of more than 2,500 cyber security experts are currently preventing the delivery of 50 million malicious emails with 2,000 unique malicious attachments every month – that’s almost 20 malicious emails every second.

Domain Name System (DNS) filtering is a key plank of the Government’s Active Cyber Defence Strategy, and BT has been supporting this by automatically blocking tens of millions of malware infections which try to cross its infrastructure every week. Such action is preventing millions of BT’s customers from being harmed by malicious code and bogus websites. These everyday cyber threats can often result in the theft of personal data, financial losses, fraudulent activity and users’ computers being infected with ransomware.

BT has taken the step of sharing data relating to malware because it believes that the most effective way to bolster the UK’s defences against cyber-crime is through greater collaboration and the exchange of information. If other ISPs join BT in actively sharing threat intelligence data, this will help the entire industry to develop and strengthen a collective shield which will help to protect all customers by taking action within the UK’s communications networks.

BT combines threat intelligence data provided by the NCSC and its Domain Name System (DNS) security provider partners with its own data generated by its Cyber Security Platform, which uses big data analytics to proactively identify threats before they occur. This provides the business with a comprehensive view of the cyber threat landscape in the UK and globally.

In order to exchange this information with industry, BT has built a Malware Information Sharing Platform (MISP) which enables the data to be shared in a secure and trusted way with its partners and other ISPs. BT will also continue to share this threat information with the NCSC and with law enforcement organisations such as INTERPOL, as announced by the company in October.

“This is an important step in helping the Government achieve its aim of making the UK the safest place to live and do business online. We believe that only by working together with Government and the rest of the telecommunications industry can we collectively succeed in stemming the tide of cyber-crime. That’s why we’re urging other ISPs to join us in sharing threat information in a more open and collaborative way.

“We’ve been taking a more proactive and automated approach to blocking malicious code and harmful website content on our infrastructure for some time, in line with the NCSC’s Active Cyber Defence strategy. This allows us to mitigate a high volume of cyber threats before they have a chance to take hold and impact our customers. By sharing our malware data, we’re empowering other ISPs to provide their customers with the same level of protection, should they choose to take action.”
- Mark Hughes, CEO BT Security

“This is a fantastic initiative that will help provide broader protection of cyber threats facing the UK.

“Networks will be able to exchange detections in real time so that UK citizens can be protected by their ISP by default and for free, as part of the National Cyber Security Centre’s Active Cyber Defence programme.

“This unprecedented level of sharing and exchange will have a positive impact across the whole security community by helping us to collectively understand our adversaries and reduce the impact of cyber attacks.”
- Dr Ian Levy, Technical Director for the National Cyber Security Centre

Notes to editors:

Over the past two years, BT’s security team has intercepted some of the most prolific and damaging malware infections seen around the globe. These have included:

  • Necurs – one of the world’s biggest spam botnets responsible for spreading Trojans which have impacted the banking sector and created ransomware threats around the world.
  • Cryptolocker – ransomware which encrypts files on computers and which is used to extract payments from users in exchange for the return of their data.
  • Mirai – malware which targets unsecured devices connected to the Internet of Things and which has created a massive botnet which attacks ISPs and websites around the globe.

For further information

Aleksander Straunik , Global PR.