The UK’s National Cyber Security Center (NCSC) said its experts regularly scan all internet-accessible devices in the country to detect vulnerabilities.
Let me remind you that we also wrote that the FBI and NSA release a statement about attacks by Russian hackers, and also that Hackers scan network for vulnerable Microsoft Exchange servers.
The purpose of the NCSC is to assess the UK’s vulnerability to cyberattacks, as well as to help owners of Internet-connected devices assess their security.
It is reported that scanning is carried out using tools hosted in a dedicated cloud environment at scanner.scanning.service.ncsc.gov.uk, from two IP addresses (22.214.171.124 and 126.96.36.199). It is emphasized that before scanning the British Internet, all vulnerability scanners are pre-tested in the NCSC’s own environment to identify any possible problems.
The information collected during these scans includes any data that may be transmitted in response to connecting to various services and web servers, such as full HTTP responses (including headers). NCSC queries are designed to collect the minimum amount of information needed to test for vulnerabilities.
If any sensitive or personal data is collected during the scans, NCSC assures that it will “take steps to delete the data and prevent it from being collected again in the future.
Also, UK organizations can opt out of having their servers scanned by emailing the authorities a list of IP addresses they wish to exclude.