The British Broadcasting Corporation (BBC) receives over a quarter of a million malicious email attacks every day, according to official figures.
Data revealed under the Freedom of Information (FOI) Act by the Parliament Street think tank’s cyber security team, showed that an average of 283,597 malicious emails were blocked by the organisation every day over the first eight months of 2020.
On a monthly basis, the data shows that the BBC receives an average of 6,704,188 hostile emails classed as scam or spam. Additionally, an average of 18,662 malware attacks such as viruses, ransomware and spyware are blocked. Across the eight-month period of January 2020 to August 2020, a total of 51,898,393 infected emails were blocked by the BBCs systems.
The highest month of attacks was July with a huge total of 6,801,227 incidents recorded. Of these 6,787,635 were spam and 13,592 were malware. The second highest month was March, when the COVID-19 outbreak was at its worst in the UK. The BBC received 6,768,632 spam attempts and 14,089 malware attempts, totalling 6,782,721.
In the past the BBC has experienced been multiple incidents when it comes to cyber attempts and potential breaches. In 2013 the BBC twitter feed was subject to a phishing hack, by what appeared to be sympathisers of Syrian President Bashar Assad. The BBC said the “phishing” emails contained what appeared to be links to The Guardian newspaper or Human Rights Watch online and bring users to a fake webmail portal.
In 2016 there was another hack, with an anti-Isis hacking group who claimed responsibility for downing BBC websites and services on New Year’s Eve.
Additionally there was another attack in December 2015, when all the BBC’s websites were unavailable because of a large web attack. It is believed that a web attack technique known as a “distributed denial of service” was causing the patchy response. This aims to knock a site offline by swamping it with more traffic than it can handle.
The data suggests that it is an ongoing struggle for the BBC to obstruct these malware, phishing and spam attempts so that a major breach can be avoided.
Tim Sadler, CEO, Tessian said: “The global pandemic has become a ripe opportunity for hackers’ phishing scams, and we can clearly see that in reflected in the spike of malicious attacks on the BBC. In the wake of the outbreak, journalists and employees would have been busier and more distracted than usual. Using clever social engineering techniques, cybercriminals prey on people’s desire for information during uncertain times, and bank on the fact that busy, distracted and stressed employees may miss the signs of a phishing email and fall for their scams. Organisations, therefore, must have security measures in place to automatically predict such email threats and warn people before they click or download an attachment.”
Read the latest edition of PCR’s monthly magazine below: