Freedom of Information request reveals 250,000-plus malicious e-mail attacks on BBC every day

On a monthly basis, the data shows that the BBC receives an average of 6,704,188 hostile e-mails classed as scam or spam. Additionally, an average of 18,662 malware attacks such as viruses, ransomware and spyware are blocked. Across the eight-month period running from January to August this year, a total of 51,898,393 infected e-mails were blocked by the BBC’s cyber defence systems.

The worst month for attacks was July with a huge total of 6,801,227 incidents recorded. Of these episodes, 6,787,635 were spam and 13,592 malware. The second highest month was March, when the COVID-19 outbreak was exhibiting its initial worst stages here in the UK. At that time, the BBC received 6,768,632 spam attempts and 14,089 malware attempts (totalling 6,782,721).

In the past, the BBC has experienced multiple incidents when it comes to cyber attempts and potential breaches. In 2013, the national broadcaster’s Twitter feed was subject to a phishing hack by what appeared to be sympathisers of Syrian President Bashar Assad. The BBC said that the phishing e-mails contained what appeared to be links to The Guardian newspaper or Human Rights Watch online and directed users to a fake webmail portal.

In 2016 there was another hack, with an anti-Isis hacking group claiming responsibility for downing BBC websites and services on New Year’s Eve.

Prior to this, there was cyber incident in December 2015 when all of the BBC's websites were unavailable because of a large web attack. It’s believed that a web attack technique known as Distributed Denial of Service (aka DDoS) was employed on this occasion. This form of attack aims to knock a site offline by swamping it with more traffic than it can handle.

The data obtained from the Freedom of Information request strongly suggests that it’s an ongoing struggle for the BBC to obstruct these malware, phishing and spam attempts in order to avoid a major breach of its digital systems.

Commenting on the news, Tim Sadler (CEO at Tessian) told Security Matters: “The global pandemic has presented the perfect opportunity for hackers’ phishing scams. We can clearly see this reflected in the spike of malicious attacks on the BBC. In the wake of the outbreak, journalists and employees would have been busier and more distracted than usual. Using clever social engineering techniques, cyber criminals prey on people’s desire for information during uncertain times and bank on the fact that busy, distracted and stressed employees may miss the signs of a phishing e-mail and fall for their scams. On that basis, organisations must have security measures in place to automatically predict such e-mail threats and warn people before they click on or download an attachment.”