CATEGORIES
CyberScotland BulletinsThe CyberScotland Bulletin is designed to provide you with information about the latest threats, scams, news and updates covering cyber security and cyber resilience topics. We hope you continue to benefit from this resource and we ask that you circulate this information to your networks, adapting where you see fit. Please ensure you only take information from trusted sources.
If there are any cyber-related terms you do not understand, you can look them up in the NCSC Glossary.
Please subscribe to our CyberScotland mailing list to be notified by email when a new bulletin is published.
Keep up to date on social media, follow us on Twitter and LinkedIn.
National Cyber Security Centre (NCSC)
Get future ready, set, go: CYBERUK 2024 theme revealed
Details have been released for the CYBERUK 2024 conference. The theme of “Future Tech, Future Threat, Future Ready” was announced by Deputy Prime Minister Oliver Dowden. The flagship cyber security conference will take place from the 13-15th May 2024 at the ICC Birmingham.
It will examine how the cyber community can harness the societal benefits of emerging technologies and crucially, secure them for the future. NCSC CEO Lindy Cameron stated that “coming together around the theme of emerging technology and future threats, CYBERUK24 will provide a forum that empowers global thinkers and decision makers to improve our collective resilience and to pave the way for a connected world that thrives securely.”
Find out more about it here
Visit the official CYBERUK page here
NCSC AND National Crime Agency experts reveal latest insights into world of cyber criminals
A new white paper, published by the NCSC and the NCA, examines how the tactics of organised criminal groups (OCGs) have evolved as ransomware and extortion attacks have grown in popularity. It’s particularly aimed at security professionals and resilience sector leads who need to be aware of changes in cyber criminal activity to better protect their systems and inform security policy.
The report notes that ransomware has been the biggest development in cyber crime since the NCSC published their 2017 report on online criminal activity.
Read more about it here
NCSC CEO and Information Commissioner sign Memorandum of Understanding
NCSC CEO, Lindy Cameron, and the Information Commissioner, John Edwards, have signed a joint Memorandum of Understanding (MoU) that sets out how both organisations will cooperate to improve the UK’s digital resilience.
The MoU recognises that whilst both organisations have distinct responsibilities, there are opportunities to align work on some shared issues and deconflict on others.
These include cooperation on the development of cyber security standards and guidance as well as influencing improvements in the cyber security of organisations regulated by the Information Commissioner’s Office (ICO).
Read more about it here
NCSC Threat Report
The NCSC produces threat reports drawn from recent open-source reporting. View the latest report here.
To ensure you get the most up-to-date information from NCSC, you can sign up for their email service where they are sharing all advisories, threat reports, and urgent communications. Select ‘threat report and advisories’ to receive the most up-to-date content.
Organisations that are proactive in their approach to the management and handling of cyber security should consider joining the Cyber Security Information Sharing Partnership (CiSP).
The NCSC’s Reporting Service
The NCSC is a UK Government organisation that has the power to investigate and take down scam email addresses and websites.
As of January 2023, Suspicious Email Reporting Service (SERS) has received over 17 million reported scams since its launch in 2020, which have resulted in 114,000 scams have been removed across 209,500 URLs.
You can help to play your part in protecting others by reporting suspicious activity online and help make the internet a safer place.
In Scotland, report all scams to Advice Direct Scotland by calling 0808 164 6000 (Mon-Fri 9 am-5 pm) or online at www.consumeradvice.scot. Visit scamwatch.scot to use the Quick Reporting Tool.
In Scotland, report all scams to Advice Direct Scotland by calling 0808 164 6000 (Mon-Fri 9 am-5 pm) or online at www.consumeradvice.scot. Visit scamwatch.scot to use the Quick Reporting Tool.
If you become a victim of cyber crime you can report this to Police Scotland by calling 101.
Trending Topics
Cyber attacks feature on National Risk Register 2023.
The 2023 National Risk Register is the external version of the National Security Risk Assessment, which is the government’s assessment of the most serious risks facing the UK. It provides the government’s updated assessment of the likelihood and potential impact of a broad range of risks that may directly affect the UK and its interests.
Among the risks in this report are various cyber attacks relating to the health and social care system, transport sector, and within telecommunications.
Find out more and read the full National Risk Register here
The CyberFirst Girls Competition with a Revised Format is back.
Planning is underway for the 2023/24 CyberFirst Girls Competition. This year the competition will be one competitive event with the entire competition online for 10 days . The NCSC will announce the 13 regional and home nation top scoring teams across the UK who will be invited to a celebratory event (location and date tbc).
For more information got to https://www.ncsc.gov.uk/cyberfirst/girls-competition
For related cyber knowledge and challenges check out the student Information page.
So, get the dates in the calendar for another competition full of fun filled thought proving challenges.
- Registration Opens – 25th September 2023
- Competition Opens – 20th November 2023
- Competition Closes – 29th November 2023
- Celebratory event- TBC
Stopping the scammers who target online jobseekers
With more than 100 job applications submitted per second on LinkedIn, scammers are increasingly targeting jobseekers with fake job opportunities. According to research from security firm NordLayer, nearly two-thirds of British users have been targeted.
Platforms are doing their best to eliminate job scams. LinkedIn says that 99.3% of detected spam and scams are caught by its automated defences, and that 99.6% of detected fake accounts are blocked before members even report them.
Find out more about it here
FBI Dismantles QakBot Malware, Frees 700,000 Computers, Seizes $8.6 Million
A coordinated law enforcement effort codenamed ‘Operation Duck Hunt’ has felled QakBot, a notorious Windows malware family that’s estimated to have compromised over 700,000 computers globally and facilitated financial fraud as well as ransomware.
The cross-border exercise involved the participation of France, Germany, Latvia, Romania, the Netherlands, the U.K., and the U.S., alongside technical assistance from cybersecurity company Zscaler.
The dismantling has been hailed as “the largest U.S.-led financial and technical disruption of a botnet infrastructure leveraged by cybercriminals.” No arrests were announced.
Read more about it here
£880k available for proposals to help reduce cyber risk across defence
The Defence and Security Accelerator (DASA) is pleased to launch a new themed competition Reducing Cyber Risk Across Defence. Cyber attacks are becoming more sophisticated, with potentially more impact on military operations. This Themed Competition seeks proposals that will help to quantify and reduce the cyber risk across Defence, enhance digital resilience and enable Defence to be secure by default.
Key Dates and Funding
- Up to £880k is available for this competition, and DASA expects to fund up to 5 proposals.
- Submission deadline: midday on Tuesday 31 October 2023
To attend on online event to hear a summary of the competition requirements, and to ask your specific questions to the project team, click here
For full details click here
The Evolution of Triple Extortion Ransomware
Ransomware attacks used to involve cybercriminals using encryption to lock up a company’s data, computer systems and technological infrastructure. But lately, these ransomware groups have changed their tactics. Now, they encrypt the data and exfiltrate it and threaten to leak it if ransom demands aren’t met.
Ransomware attacks are becoming more sophisticated and frequent. Already in 2023, there have been more data extortion ransomware incidents than in all of 2022. We expect this escalating trend to continue.
For more information click here
Find out the basics on Ransomware from the NCSC site here
Neurodiversity in cyber
The UK Cyber Security Council have recently updated their Thought Leadership piece on Neurodiversity in Cyber with the help of their Diversity Working Group.
It’s estimated that around 15% of the UK population is neurodiverse, though it’s difficult to know for certain how many are undiagnosed. While the term is often associated with autism, it can also refer to people with ADHD, dyslexia, dyspraxia, Tourette’s syndrome, or many other neurological conditions, making this a broad category that is diverse in itself.
While some neurodiverse people may initially be interested in computing as a career, ensuring that the hiring process is as inclusive as possible is important to make sure capable candidates are given an equal opportunity, particularly given navigating a traditional interview process can often require skills that are not integral to the job itself.
The article explains the many benefits to hiring Neurodivergent people and also the barriers to entry that can exist for them. This page also includes some example scenarios of how you can make your workplace more inclusive.
Read the full article here
Tens of thousands of students receive free training to build cyber skills
As students get ready to go back to school this September, schools are being encouraged to take advantage of free resources to boost cyber skills and set up aspiring young people to aim for careers in cyber.
More than 50,000 students from 2,000 schools around the country have already been signed up to Cyber Explorers, a free learning platform provided by the UK government that introduces 11-14 year-olds to important cyber security concepts, supporting learning objectives for Key Stage 2 and 3.
The government has an ambition to develop a pipeline of talent to meet the growing needs of the UK’s in-demand cyber security industry. Cyber Explorers was launched in February 2022 to equip pupils with the skills and knowledge to pursue computer science courses at Key Stage 4, opening up a range of opportunities for further training and employment.
Read more about it here
Newsletters/Campaigns
Navigating the Cryptocurrency Landscape: How to Spot and Avoid Fake Investment Scams
As cryptocurrency becomes increasingly mainstream and a legitimate form of trading, saving, and conducting business, so does the prevalence of scams and fraudulent schemes designed to exploit unsuspecting individuals. A new article from Cyber and Fraud Centre aims to shed light on the deceptive world of fake cryptocurrency investments, offering guidance on how to identify and avoid falling prey to these scams.
The guidance includes understanding the threat landscape, spotting the red flags and thevarious ways in which you can protect yourself
Read the full article here
Grants of up to £15k available through new CLD Device Fund
A new fund has been launched to improve the digital capacity of community learning and development organisations across Scotland, with grants of up to £15,000 available for qualifying organisations.
The Community Learning and Development Device Fund is provided by the Scottish Government and managed by SCVO.
The objective of the fund is to provide capital funding to CLD organisations across Scotland to purchase digital devices, including laptops, tablets and cameras, that can be used by learners to support their learning.
The application closing date is the 29 September 2023, 12:00 pm and the deciding date is the 16 October 2023.
Read more about it at YouthLink Scotland
Check out the Fund Guidance here
Apply for the funding here
CyberFirst Bursary for Undergraduate Study
It’s that time of year when students are thinking about the next steps to continue their education journey and applying to university so this a timely reminder for students to apply for the 2024 CyberFirst Bursary scheme.
The scheme offers £4000 a year as well as a paid cyber security summer placements with one of the 240 CyberFirst Industry and Government members. Students will need to have (or expect to have) 3 ‘A’ levels in any subject at Grade B or above (or equivalent) and have an offer (or be applying) to study an Undergraduate Degree or Integrated Masters in any subject at a UK University from September 2024.
ROI opens for on 21st August
Bursary Applications open: 18th September 2023
Bursary Applications close: 27th November 2024 For more information please visit https://www.gchq-careers.co.uk/cyberfirst.html
Trading Standards Scotland, Scam Share Newsletter
Other scams to be aware of are identified in the latest Trading Standards Scotland Scam Share newsletter. You can sign up for the newsletter here.
Check out their #ScamShare Spotlight PDFs focusing on frequently reported email, phone, text and cyber scams in Scotland.
Neighbourhood Watch Scotland
Sign up for the Neighbourhood Watch Alert system to receive timely alerts about local crime prevention and safety issues from partners such as Police Scotland.
Training and Webinars/Events
Exercise in a Box ‘Ransomware’ Session via MS Teams
Exercise in a Box is an online tool from the NCSC which helps organisations test and practise their response to a cyber attack. It is completely free, and you don’t have to be an expert to use it. The service provides exercises based on the main cyber threats, which your organisation can do in your own time, in a safe environment, as often as you want.
With the rise of ransomware attacks, organisations must be prepared in case they suffer an attack. Effectively securing an organisation can be difficult as you are only as secure as your weakest link. With the ever-changing face of cyber security, it is difficult to prepare for possible attacks.
Date and Time:
- 28 September – 09:30 – 11:00
To find out more about this free opportunity to strengthen the cyber resilience of your organisation or to join the session click here
IoT Legislation : A guide for businesses
This informative online event will shed light on the intricacies of IoT legislation and its impact on businesses. The event is a must for entrepreneurs, tech enthusiasts, and anyone interested in the Internet of Things.
During this session, expert speakers will provide a comprehensive overview of the legal landscape surrounding IoT, helping you navigate the complexities and ensure compliance. From data protection and privacy regulations to liability issues, everything will be covered.
Don’t miss this opportunity to gain valuable insights and stay ahead of the game in the ever-evolving world of IoT. Register now and secure your spot!
Date and Time:
- 3 October – 13:30
For more information and to register click here
ScotSoft 2023
ScotSoft is back! Scotland’s leading and most anticipated tech conference will once again be held in person at the EICC on Thursday 28th September 2023. Join to hear from a fantastic range of speakers bringing us future trends, opportunities and strategies that will ensure Scotland’s digital community continues to grow and prosper.
As one of the Scotland’s biggest software conferences for over 25 years, ScotSoft allows you to connect, learn, and innovate while meeting new talent at the Young Software Engineer of the Year Awards. This year, the event offers an unparalleled opportunity to gain invaluable insights from industry leaders, collaborate with peers, and explore the latest industry trends.
Check out the ScotSoft2023 official website for more details.
Digital Inclusion webinars from the Scottish Council for Voluntary Organisations
The SCVO is running a series of bitesize sessions to help improve your understanding of and capacity for digital inclusion.
The webinars are varied and include titles such as:
- Doing digital inclusion with limited resources which concerns keeping digital inclusion at the forefront of your services at a time when resources are tight across the board.
- Introduction to Digital Inclusion which covers why digital inclusion is important and how your organisation can easily build capacity and capability to support your service users to make better use of your online services
Many more webinars like Social media fundamentals are available on the SCVO’s events page here
Linking Cyber and Accessibility Webinars
Learn more about making your online presence accessible and staying safe online with Lead Scotland’s public webinars. Sign up today, everyone welcome to attend.
The free webinars being offered include ‘Setting up strong defences’, ‘Scams’ and more.
Find out more and register for the events here