CyberScotland Bulletin

October 2022

Menu

National Cyber Security Centre (NCSC)
Trending Topics
Newsletters / Campaigns
Training and Webinars / Events
Technical Annex
CATEGORIES
CyberScotland Bulletins

The CyberScotland Bulletin is designed to provide you with information about the latest threats, scams, news and updates covering cyber security and cyber resilience topics. We hope you continue to benefit from this resource and we ask that you circulate this information to your networks, adapting where you see fit. Please ensure you only take information from trusted sources.

If there are any cyber-related terms you do not understand, you can look them up in the NCSC Glossary.

Please subscribe to our CyberScotland mailing list to be notified by email when a new bulletin is published.

Keep up to date on social media, follow us on Twitter and LinkedIn.

Scottish Cyber Winner 2021
Section National Cyber Security Centre (NCSC)

National Cyber Security Centre (NCSC)

New guidance for retailers to protect themselves and their customers online

The NCSC has launched two pieces of guidance to help retailers, particularly those with an online presence, to protect themselves and their customers.

The guidance covers advice for choosing authentication methods, by adding an extra layer of security on top of passwords, to authenticate customers.

Additionally, it provides steps that organisations can take for removing malicious websites which have spoofed their brand.

Supply Chain

Cyber security experts have issued a fresh warning over the threat of supply chain attacks following a rise in the number of incidents. NCSC has published new guidance to help organisations effectively assess and gain confidence in the cyber security of their supply chains.

the-nix-company-4Hmj9gkyM6c-unsplash
Section

NCSC Threat Report

The NCSC produces threat reports drawn from recent open-source reporting. View the latest report here.

To ensure you get the most up-to-date information from NCSC, you can sign up for their email service where they are sharing all advisories, threat reports, and urgent communications. Select ‘threat report and advisories’ to receive the most up-to-date content.

The NCSC are not aware of any specific, targeted cyber threats to the UK as a result of the Russian invasion of Ukraine but is encouraging organisations to remain vigilant and follow their advice to improve your security. NCSC’s CEO Lindy Cameron discusses the cyber dimension of the Russia-Ukraine conflict in her keynote speech, at the Chatham House security and defence conference 2022.

Organisations that are proactive in their approach to the management and handling of cyber security should consider joining the Cyber Security Information Sharing Partnership (CiSP).

The NCSC’s Reporting Service

The NCSC is a UK Government organisation that has the power to investigate and take down scam email addresses and websites. As of September 2022, the NCSC has received over 14 million reported scams which have resulted in 100,000 scams being removed across 184,000 URLs.

You can help to play your part in protecting others by reporting suspicious activity online and help make the internet a safer place.

In Scotland, report all scams to Advice Direct Scotland by calling 0808 164 6000 (Mon-Fri 9 am-5 pm) or online at www.consumeradvice.scot. Visit scamwatch.scot to use the Quick Reporting Tool.

If you become a victim of cyber crime you can report this to Police Scotland by calling 101.

Section Trending Topics

Trending Topics

Energy Rebate Scams

The public is being warned about a significant rise in energy scams linked to the cost-of-living crisis and increased consumer vulnerability.

Scam text messages are circulating offering rebates and offers to apply for grants. Criminals are attempting to trick you to click on the malicious links, which will take you to an ‘official’ booking platform that asks you to submit personal information. Other scam examples include impersonating Ofgem, or your council, and asking for card details.

It’s important to remember that you do not need to apply for the discount as this will be applied automatically to your bills for 6 months from October.

Advice Direct Scotland said:

  • No household will be asked for their bank details to process payments, or to receive the rebates, and should not supply this information.
  • Consumers should also avoid clicking on any links in emails or text messages, as these can take them to cloned websites that have the intention of stealing our personal or financial information. These links can also sometimes install malware on devices when clicked.
  • More information on the Energy Bill Support Scheme can be found at www.energyadvice.scot

You can report suspicious text messages to 7726, emails to report@phishing.gov.uk and delete the message.

Trading Standards Scotland hosted a webinar on how to recognise and avoid energy scams and where consumers can find legitimate and impartial information and advice on installing and upgrading energy efficiency measures in their homes.

UK Gov – scam email energy crisis
Example Scam Text Message
Example Scam Text
Section

Cyber Security Awareness Month

October is Cyber Security Awareness Month #CyberSecMonth, with a wide range of activity happening across the community which aims to help change our behaviours online and improve the way we act when faced with cyber security threats. This year celebrates the 10th anniversary of European Cybersecurity Month.

This month the campaign focuses on the themes of phishing and ransomware, with a series of activities taking place all over Europe. Phishing is one of the most common forms of cyber threats. Check out our blog for tips for spotting the tell-tale signs of a phishing attack.

Ransomware is one of the most expansive cyber threats affecting people and organisations. Ransomware is a type of malware which prevents you from accessing your device and the data stored on it, usually by encrypting your files. NCSC has produced a guide to ransomware to explain how you can prevent this type of attack.

You can help prepare yourself and your organisations for the most common cyber threats by putting some basic cyber steps in place. Explore the Cyber Aware actions you can take to keep yourself, your family and your business secure.

ECSM phishing – ransomware
Section

CyberFirst Girls Competition

The NCSC is running its CyberFirst Girls’ Competition which provides a fun but challenging environment to inspire the next generation to consider computer science at school and as a future career path.

The competition is designed for girls and those identifying as female in S2 in Scotland as a way to introduce them to cyber security, why it matters and where it could take them. Pupils are supported by a responsible adult appointed by the school who acts as the team guardian (no prior cyber experience is required and you don’t have to be an IT/Computing Science teacher to be one).

Teachers can find an information pack with videos, posters and details on how to register a team on the NCSC website.

CFGC-2022-got-what-it-takes-light-blue
Section Newsletters / Campaigns

Newsletters / Campaigns

Charity Fraud Awareness Week, 17th – 21st October

Learn how to protect your organisation from fraud and cyber crime as part of Charity Fraud Awareness Week (17 – 21 October). Now in its seventh year, the week brings together everyone within the sector to talk about fraud. There are lots of great ways for individuals and organisations to get involved in the week to help #StopCharityFraud Find out more

Gif 1 Stop Charity Fraud (Post its)
Section

Charity Cyber Essentials Awareness Fortnight 7th – 18th November 2022

November 7th marks the start of the Cyber Essentials Charity Campaign where registered charities and clubs receive a discount on their Cyber Essentials assessment.

98% of charities believe cyber security is important or very important but often feel overwhelmed or don’t know where to start. IASME will be offering support and guidance as well as a discount on the price of certification to help registered charities achieve Cyber Essentials. By using the free Cyber Essentials Readiness Tool, reading their guidance for charities, or talking to a Certification Body, charities can take an important first step towards certification. Visit iasme.co.uk/cyber-essentials-for-charities for more information.

Charity Banner 2022
Section

Trading Standards Scotland, Scam Share Newsletter

Other scams to be aware of are identified in the latest Trading Standards Scotland Scam Share newsletter. You can sign up for the weekly newsletter here. Check out their #ScamShare Spotlight PDFs focusing on frequently reported email, phone, text and cyber scams in Scotland.

Their Cost of Living Scams Awareness campaign aims to raise awareness of different issues which is likely to affect Scottish consumers.

Neighbourhood Watch Scotland

Sign up for the Neighbourhood Watch Alert system to receive timely alerts about local crime prevention and safety issues from partners such as Police Scotland.

Section Training and Webinars / Events

Training and Webinars / Events

Fraud on Scottish Charities, 19th & 21st October

Police Scotland will host a free webinar as part of Charity Fraud Awareness Week, to share the latest frauds affecting charities in Scotland.

5 CFAW22 Fraud on Scottish Charities
Section

Exercise in a Box Workshop – exercising your response to a cyber incident, 9.30 – 11am

Scottish Business Resilience Centre is facilitating workshops taking Scottish public and third sector organisations through using NCSC’s Exercise in Box security tool. They are offering in-person workshops alongside their virtual sessions covering ‘Ransomware’, ‘Digital Supply Chain’, and ‘Micro Exercises’. The newly launched ‘Sensitive Data Leak’ scenario will help improve your organisation’s resilience to extortion and sensitive data leaks.

This is a great opportunity for you to test the resilience of your organisation.

  • Exercise in a Box ‘Micro Exercises’ MS Teams 25th October 9.30 am – 11am
  • Exercise in a Box ‘Sensitive Data Leak’ MS Teams 10th November 9.30 am – 11am
  • Exercise in a Box ‘Micro Exercises’ MS Teams 29th November 9.30 am -11am

If you work in health, social care, housing, charitable or public sector organisation in Scotland looking to strengthen your cyber defences, sign up below.

Find out more details and book ongoing Exercise in a Box events

Section

Safer Internet Day Planning Event, 22nd November

Join the biggest online safety campaign in the UK, reaching over half of UK children!  At this hybrid event for Scotland, you’ll hear from UK Safer Internet Centre, Internet Watch Foundation and Ofcom about the Safer Internet Day campaign, free educational materials and the latest trends and research into children’s online lives.  Book your ticket to watch the livestream or attend in person in Edinburgh on 22nd November:  https://SIDscotland2023.eventbrite.co.uk.

SID2023Theme
Section Technical Annex

Technical Annex

The CyberScotland Technical Intelligence Bulletin is designed to provide information about emerging or escalating cyber threats and is created in conjunction with SBRC’s Cyber Incident Response team. You can sign up to receive the technical bulletin.

Read the latest bulletin here

SBRC has launched a new Threat Intelligence webpage where they will share the latest threat alerts from their cyber and business resilience teams. Check here for new alert notifications.

Scottish Government
Police Scotland
Cyber and Fraud Centre – Scotland
Back to top of the page