CATEGORIES
CyberScotland BulletinsThe CyberScotland Bulletin is designed to provide you with information about the latest threats, scams, news and updates covering cyber security and cyber resilience topics. We hope you continue to benefit from this resource and we ask that you circulate this information to your networks, adapting where you see fit. Please ensure you only take information from trusted sources.
If there are any cyber-related terms you do not understand, you can look them up in the NCSC Glossary.
Please subscribe to our CyberScotland mailing list to be notified by email when a new bulletin is published.
Keep up to date on social media, follow us on Twitter and LinkedIn.
National Cyber Security Centre (NCSC)
NCSC warns that the global ransomware threat is expected to rise with AI
The NCSC has published a new assessment focusing on how AI will impact the efficacy of cyber operations and the implications for the cyber threat over the next two years.
The near-term impact of AI on the cyber threat assessment concludes that AI is already being used in malicious cyber activity and will almost certainly increase the volume and impact of cyber attacks – including ransomware – in the near term.
To tackle this enhanced threat, the Government has invested £2.6 billion under its Cyber Security Strategy to improve the UK’s resilience, with the NCSC and private industry already adopting AI’s use in enhancing cyber security resilience through improved threat detection and security-by-design.
Read the full story here
Vulnerability management
The NCSC has published new guidance on vulnerability management. In it they provide advice, guidance and other resources aimed specifically at those with an interest in the subject.
An effective vulnerability management process allows your organisation to understand, and validate on a regular basis, which vulnerabilities are present in your technical estate, where updates are failing, and to actively reduce the impact of both. It also allows you to react quickly when a critical vulnerability is disclosed, by helping you understand your organisation’s exposure to it.
Read the full guidance here
Unleashing the power of cloud with containerisation
New NCSC guidance describes how organisations can make the most of containerisation.
A common question that the NCSC gets asked, is whether to use containers in the cloud. It’s a straightforward question, but the answer is quite nuanced, as there are many ways that containerisation can be used, some of which work much better than others.
Therefore they have released security guidance on using containerisation, which covers how to build and use containerised applications securely, and also an article in which they discuss how to get the most from it, and how it fits into using a cloud platform.
Read the full article here
NCSC Threat Report
The NCSC produces threat reports drawn from recent open-source reporting. View the latest report here.
To ensure you get the most up-to-date information from NCSC, you can sign up for their email service where they are sharing all advisories, threat reports, and urgent communications. Select ‘threat report and advisories’ to receive the most up-to-date content.
Organisations that are proactive in their approach to the management and handling of cyber security should consider joining the Cyber Security Information Sharing Partnership (CiSP).
The NCSC’s Reporting Service
The NCSC is a UK Government organisation that has the power to investigate and take down scam email addresses and websites.
As of January 2023, Suspicious Email Reporting Service (SERS) has received over 17 million reported scams since its launch in 2020, which have resulted in 114,000 scams have been removed across 209,500 URLs.
You can help to play your part in protecting others by reporting suspicious activity online and help make the internet a safer place.
In Scotland, report all scams to Advice Direct Scotland by calling 0808 164 6000 (Mon-Fri 9 am-5 pm) or online at www.consumeradvice.scot. Visit scamwatch.scot to use the Quick Reporting Tool.
If you become a victim of cyber crime you can report this to Police Scotland by calling 101.
Trending Topics
Romance Fraud
Romance Fraud is a financially driven crime designed to take advantage of victims for money. It is carried out by criminals who exploit victims by convincing them they are in a genuine romantic relationship.
Be extra cautious online this Valentine’s Day! Protect your privacy by remembering to avoid oversharing personal information and never send or receive money to someone you haven’t met in person, no matter how charming they seem online.
New guidance provided by Police Scotland gives a break down of the important information relating to romance fraud, including what signs to look out for, a case study illustrating how it can play out, and how to respond if you’ve become a victim, including the support systems available. View the full resource here
Also check out our new CyberScotland guidance about romance fraud here
NCSC and partners issue warning about state-sponsored cyber attackers hiding on critical infrastructure networks
The UK and allies have issued a fresh warning to critical infrastructure operators about the threat from cyber attackers using sophisticated techniques to camouflage their activity on victims’ networks.
The NCSC assesses it is likely this type of activity poses a threat to UK critical national infrastructure and so all providers are urged to follow the recommended actions to help detect compromises and mitigate vulnerabilities.
The new ‘Identifying and Mitigating Living Off The Land’ guidance warns that China state-sponsored and Russia state-sponsored actors are among the attackers that have been observed “living off the land” on compromised critical infrastructure networks.
Read the full story here
Britain’s security minister backs Scotland’s efforts to combat business cyber fraud
Tom Tugendhat, MP, visited the new offices of the Cyber and Fraud Centre – Scotland where he met staff and senior officers from Police Scotland to discuss areas of support for protecting Scottish businesses from online crime.
Mr Tugendhat learned of the initiatives supported by the Cyber and Fraud Centre, including a ‘triage hub’ launched last May. The hub aims to bring cyber security partners, including Police Scotland, leading financial institutions and the Cyber Fraud Centre’s incident response team together to collaborate, share intelligence, disrupt large criminal gang activity, deliver support to victims and recover stolen funds.
During its trial period, the hub worked on cases totalling almost £10 million of fraudulently obtained money by collaborating and liaising with high street banks including Barclays, NatWest, Lloyds, Metro and HSBC.
Read the full story here
Cyberflashing, epilepsy-trolling and fake news to put online abusers behind bars
New offences have been introduced to criminalise cyberflashing, fake news intended to cause non-trivial harm and other online abuse.
Abusers, trolls, and predators online now face a fleet of tough new jailable offences from 31 January 2024, as offences for ‘cyberflashing’, sending death threats, and ‘epilepsy-trolling’ are written into the statute book after the Online Safety Act gained Royal Assent.
These new criminal offences will protect people from a wide range of abuse and harm online, including threatening messages, the non-consensual sharing of intimate images known as ‘revenge porn’, and sending fake news that aims to cause non-trivial physical or psychological harm.
Read the full story here
QR Codes – what’s the real risk?
QR codes are widely used today for things like quickly directing users to websites, logging into devices that lack keyboards (such as online video services on smart devices), or ordering or paying for goods and services.
Reports of QR-enabled fraud in the UK can be found online, but this type of scam is relatively small compared to other types of cyber fraud. However, QR codes are increasingly being used in phishing emails, a technique sometimes called ‘quishing.’ The NCSC has seen an increase in these quishing attacks and recommends that people exercise caution if they receive an e-mail with a QR code that asks you to scan it.
Read the full article here
Learn more about preventing quishing attacks from the CyberScotland guidance here
Breached user account hit 300 million last year
A comprehensive yearly recap by VPN services provider Surfshark revealed that 300 million user accounts were breached globally in 2023, with the UK taking a spot in the top 10 most breached countries, with 3.3 million breached accounts.
In response to data breaches, Surfshark recommends immediate actions for affected users, including changing passwords, enabling two-factor authentication, and scanning devices for malware. It is also advised for users to remain vigilant for potential scams and to contact their bank if credit card information was compromised.
Read the full article here
Newsletters/Campaigns
New DIGI Ken? videos launched for CyberScotland Week
To kick off CyberScotland Week 2024 CyberScotland’s DIGI Ken? campaign has returned showcasing three new videos focused on password safety and securing data.
The new DIGI Ken? videos are based on the NCSC’s Cyber Aware guidance related to backing up your data, saving passwords in your browser or using a password manager, and the importance of using a strong and separate password for your email.
Each video breaks down the simple ways in which you can strengthen your cyber security
Watch the new videos here:
- Email Password – https://youtu.be/SHGkf2XThYo
- Password Manager – https://youtu.be/swti2c0_68k
- Backing Up Your Data – https://youtu.be/W7df40z0zls
‘Stop! Think Fraud’ new campaign launched by the UK government
Fraud is the most common type of crime in the UK. The new major campaign from UK government, with strong support from organisations across the UK, is aiming to transform the fight against fraudsters.
The evidence led campaign draws on the expertise of leading counter-fraud experts and includes an online fraud hub which will provide concise, simple to follow advice. It also signposts victims to relevant organisations for further advice and support.
By staying vigilant and always taking a moment to stop, think and check whenever we’re approached, we can help to protect ourselves and each other from fraud. Stop! Think Fraud takes the fight to criminals, giving you the skills to spot fraud and protect you from its devastating impacts
Find out more about the new campaign here
Cyber Byte February: passwords
This months Cyber Byte from Police Scotland covers the dangers of weak passwords and the importance of having different passwords for different accounts.
The piece provides guidance on passwords and gives a detailed breakdown of some of the methods cyber criminals can use to crack a users password such as: Phishing and Social Engineering, Brute force attack, Dictionary attacks and more.
Read the full Cyber Byte here
‘Dot’ magazine
Digital Skills Education have released a magazine for older people that shows them the best ways to protect themselves from online scams and discusses ways we can improve our digital wellbeing.
‘Dot’ magazine helps you be smart, safe, and connected. Drawing inspiration from popular lifestyle magazines, it features eye-catching layouts, captivating how-to articles to stay safe online, and stories.
The magazine is accessible to all readers, with a particular focus on women aged 50+, ensuring that cyber resilience is accessible and engaging for everyone. It is being distributed to community groups across Scotland.
This magazine is available for free thanks to funding from The Scottish Government as part of the CyberScotland Partnership Funding Initiative.
Order Dot magazine for your community group here: https://form.jotform.com/232542207329351
Neighbourhood Watch Scotland
Sign up for the Neighbourhood Watch Alert system to receive timely alerts about local crime prevention and safety issues from partners such as Police Scotland.
Trading Standards Scotland, Scam Share Newsletter
Other scams to be aware of are identified in the latest Trading Standards Scotland Scam Share newsletter. You can sign up for the newsletter here.
Check out their #ScamShare Spotlight PDFs focusing on frequently reported email, phone, text and cyber scams in Scotland.
Training and Webinars/Events
CyberScotland Week events
With CyberScotland week fast approaching, the official CyberScotland Week page is the best place to visit to find regularly updated cyber-related events coming up soon.
With a wide variety reaching all age groups and technical levels, there is something for everybody at CyberScotland Week. Take part by attending events, or even organise and register an event of your own on the official page.
Keep an eye on the official social media channels for regular updates:
CYBERUK 2024
Join the NCSC for CYBERUK 2024, where international leaders and technical experts will explore this year’s theme on how to react and respond to rapidly developing technology, quickly.
The event will convene over 2,000 cyber security leaders and professionals for networking, knowledge exchange, and collaboration. The programme has just been announced and is available to view on the official CYBERUK website
- Date: 13 – 15 May 2024
- Location: ICC Birmingham
Apply to attend the event here
Exercise in a box and Securing the future – upcoming online events
Boost your cyber knowledge by taking part in the upcoming online events from the Cyber and Fraud Centre:
This event for for Public and Third sector organisations involves using the Sensitive Data Leak scenario from the NCSC’s Exercise in a Box toolkit, the Cyber and Fraud Centre’s team of Ethical Hackers will challenge your data protection policies and processes in a discussion based exercise aimed at improving your organisation’s resilience to extortion and sensitive data leaks.
This is an online roundtable event designed to provide comprehensive insights and strategies for strengthening cyber security defenses in the housing sector. Given the increasing sophistication of cyber threats such as ransomware attacks, data theft, and service disruptions, this event is particularly timely and relevant.
Widen your talent pool by inclusive recruitment
ScotlandIS, in partnership with Equate Scotland and Skills Development Scotland, are delighted to be providing a free online session about inclusive recruitment practices specifically designed for small and medium enterprises within the tech ecosystem.
This training will be hosted online and split across two sessions to allow time for self-reflection. Participants should attend both sessions:
- Tuesday 19th March, 10am – 11.30am
- Tuesday 26th March, 10am – 11.30am
Find out more information here
CENSIS virtual coffees
These informal hour-long virtual coffees from CENSIS have no fixed agenda, and they aim for a forum that is open, friendly and encourages conversation. The direction of the discussion always follows whatever people on the call want to talk about, and the conversations are never recorded.
22 February 2024 – Virtual coffee: retrofitting legacy equipment – sensing, imaging and IoT perspectives
- This coffee break explores the Industrial Internet of Things, in particular the retrofitting of sensors onto existing equipment to automate the collection of data, analysis and health monitoring of machinery.
28 Febraury 2024 – Cybersecurity for IoT devices – legislation changes and getting ready for the PTSI Act
- This session will be delivered by CENSIS and IASME, in it they will look at the new Product Security and Telecommunications Infrastructure (PTSI) Act, including how best to prepare for it via the right assessment and certification processes.
8 March 2024 – Cyber security exporting
- Led by CENSIS Business Development Director, Cade Wells, this session explore cyber security exporting – including products, services and expertise.
Find more Censis events here