CyberScotland Bulletin

March 2024

CATEGORIES
CyberScotland Bulletins

The CyberScotland Bulletin is designed to provide you with information about the latest threats, scams, news and updates covering cyber security and cyber resilience topics. We hope you continue to benefit from this resource and we ask that you circulate this information to your networks, adapting where you see fit. Please ensure you only take information from trusted sources.

If there are any cyber-related terms you do not understand, you can look them up in the NCSC Glossary.

Please subscribe to our CyberScotland mailing list to be notified by email when a new bulletin is published.

Keep up to date on social media, follow us on Twitter and LinkedIn.

National Cyber Security Centre (NCSC)

NCSC release updated guidance on phishing attacks

The updated guidance suggests mitigations to improve your organisation’s resilience against phishing attacks, whilst minimising disruption to user productivity. The defences suggested in the guidance are also useful against other types of cyber attack, and will help your organisation become more resilient overall.

It is aimed at technology, operations or security staff responsible for designing and implementing defences for medium to large organisations. This includes staff responsible for phishing training.

Read the full guidance here

AI and cyber security: what you need to know

The NCSC has published new guidance to help with understanding the risks and benefits of using AI tools.

Ignited by the release of ChatGPT in late 2022, artificial intelligence (AI) has captured the world’s interest and has the potential to bring many benefits to society. However, for the opportunities of AI to be fully realised, it must be developed in a safe and responsible way, especially when the pace of development is high, and the potential risks are still unknown.

Read more about it here

UK and allies expose evolving tactics of Russian cyber actors

Malicious cyber actors linked to Russia’s Foreign Intelligence Service (SVR) are adapting their techniques in response to the increasing shift to cloud-based infrastructure, UK and international security officials have revealed.

In a new joint advisory, the NCSC and agencies in the United States, Australia, Canada, and New Zealand have detailed how the threat group, which is known as APT29, has adapted its techniques for intelligence gain to target organisations that have moved to cloud-hosted environments.

Organisations encouraged to follow advice to reduce the chance of cloud infrastructure being compromised

Read more about it here

NCSC Threat Report

The NCSC produces threat reports drawn from recent open-source reporting. View the latest report here.  

To ensure you get the most up-to-date information from NCSC, you can sign up for their email service where they are sharing all advisories, threat reports, and urgent communications. Select ‘threat report and advisories’ to receive the most up-to-date content.

Organisations that are proactive in their approach to the management and handling of cyber security should consider joining the Cyber Security Information Sharing Partnership (CiSP).

The NCSC’s Reporting Service

The NCSC is a UK Government organisation that has the power to investigate and take down scam email addresses and websites.

As of January 2023, Suspicious Email Reporting Service (SERS) has received over 17 million reported scams since its launch in 2020, which have resulted in 114,000 scams have been removed across 209,500 URLs.

You can help to play your part in protecting others by reporting suspicious activity online and help make the internet a safer place.

In Scotland, report all scams to Advice Direct Scotland by calling 0808 164 6000 (Mon-Fri 9 am-5 pm) or online at www.consumeradvice.scot. Visit scamwatch.scot to use the Quick Reporting Tool.

If you become a victim of cyber crime you can report this to Police Scotland by calling 101.

Trending Topics

CyberScotland Week plays host to over 160 events

The sixth annual CyberScotland Week proved to be biggest one yet, reaching over 160 events taking place both online and in many locations across Scotland.

Free webinars, resources and learning opportunities took place throughout the week to a wide audience to help people and organisations become more informed about cyber risks and how to become more cyber resilient.

Thank you to everyone that got involved, from hosting events, attending them, or simply raising awareness online.

Read our recap of CyberScotland Week 2024 here

Teaching Children Cyber Security Skills Is An Investment In Our Future

60,000 free copies of ‘The Bongles and The Crafty Crows’ will be distributed to Primary 1 children in Scotland in a bold attempt to bring cyber safety to life for pupils in early years.

The Scottish Government’s aim is for good ‘cyber hygiene’ to become embedded in digital literacy learning and for young learners to continue this good practice at home – vital to fostering a generation of responsible digital citizens.

Read the full story here

‘Most active’ ransomware gang taken down by Britain’s National Crime Agency

Britain’s National Crime Agency has seized the online infrastructure of the ‘most active’ global ransomware gang.

Specialist NCA cyber law enforcement teams have led an effort involving 11 international partners – including the FBI and Europol – to shut down the dark web site of Lockbit. The illicit site, described last year by NCC Group’s Global Threat Intelligence report as one of the world’s best known cybercrime groups, was taken offline following the sting.

Read the full story here

CyberFirst Girls scoop prizes following success in national cyber security competition

Girls from across the UK have been recognised for their cyber security skills at an awards ceremony to mark their success in the UK’s flagship cyber security competition.

The CyberFirst Girls Competition aims to inspire girls interested in technology to pursue a career in cyber security. More than 50 girls attended the celebration event hosted in Oxford on the 2nd of March after being crowned champions of their respective finals in the 2023 CyberFirst Girls Competition, run by the National Cyber Security Centre – a part of GCHQ.

Read the full story here

British Libraries publish full report on ransomware attack in October

British Libraries have published a paper about the cyber-attack that took place against the organisation last October.

The report aims to provide an overview of the cyber-attack on the British Library that took place in October 2023 and examines its implications for the Library’s operations, future infrastructure, risk assessment and lessons learned. The purpose is to ensure a common level of understanding of key factors that may help peer institutions and other organisations learn lessons from the Library’s experience.

Read more about it here

Read the full report here

INTERPOL financial fraud assessment: A global threat boosted by technology

A new INTERPOL assessment on global financial fraud highlights how the increased use of technology is enabling organised crime groups to better target victims around the world.

The use of Artificial Intelligence (AI), large language models and cryptocurrencies combined with phishing and ransomware-as-a-service business models have resulted in more sophisticated and professional fraud campaigns without the need for advanced technical skills, and at relatively little cost.

Some key findings of the report, which is for law enforcement use only, include:

  • The most prevalent global trends are investment fraud, advance payment fraud, romance fraud and business email compromise
  • Financial fraud is most often carried out by a network of co-offenders, varying from highly structured to loosely affiliated.

Read more about it here

Which? issues Revolut bank account takeover fraud warning

Which? has issued a warning about bank account takeover attacks after hearing from two Revolut customers who had their business accounts drained by scammers who passed the e-money firm’s ‘selfie’ security checks just two days apart.

Fraudsters pretended to be calling from the Revolut fraud team about suspicious activity and managed to pass a series of security checks to hack into their accounts.

Read the full story here

GCU Cyber Project aims to safeguard Scotland’s critical infrastructure

In a new initiative, academics and undergraduates from Glasgow Caledonian University ‘s Cyber Security and Networking Department have unveiled a new platform aimed at thwarting potential cyber-attacks on the country’s rail network.

The project, which received funding from the Smart Technologies Centre, features a unique model trainset controlled by microprocessors and is monitored by a bespoke website, allowing researchers and students to simulate cyber-attacks on vital systems such as a level crossing and train sensors.

Read the full story here

Newsletters/Campaigns

Scottish Cyber Landscape Survey

Your expertise is crucial in shaping the future of the Scottish cyber sector. ScotlandIS are conducting a comprehensive survey to baseline and benchmark Scotland’s cyber industry trends, identify pain points, and uncover opportunities in the upcoming year.

Your insights play a pivotal role in gauging the health of Scotland’s cyber industry. Your valuable input, as an industry leader, is highly appreciated. They are keen to understand your experiences, opportunities, and challenges.

Please take a quick ten minutes to complete the survey.  It covers company details and business performance, providing a holistic view of our cyber sector.

Rest assured, your responses are confidential and anonymised, complying with privacy regulations. Their commitment to data protection is unwavering.

Should you have any questions, feel free to reach out to Beverly Bowles, Head of Cyber, ScotlandIS, Beverly.Bowles@ScotlandIS.com 

Cyber and Fraud Centre launch Threat Intel App

During CyberScotland Week the nation’s leading institution for building cyber resilience, the Cyber and Fraud Centre – Scotland, unveiled a new app which will deliver cyber and fraud threat alerts to organisations throughout Scotland.

With three threat severity levels, the Cyber and Fraud Centre Threat Intel app helps users to prioritise their response based on the urgency of the threat and allows users to customise their alerts based on their sector of work – with alerts bespoke to the private sector, public sector, third sector and academia. The sophisticated technology also consolidates the latest threat intelligence from multiple sources into a single platform.

Find out more about it here

Digital Skills Third Sector Challenge Fund

The Digital Skills Project is inviting proposals to help support individuals access digital skills training and support businesses to address their skills needs.  

The Digital Skills Third Sector Challenge Fund is for new and innovative pilot programmes, activities, or initiatives to address the digital skills gap in the Tay Cities Region. Funding is available for third sector organisations from £5,000 up to the value of £45,000 to deliver digital skills training taking place between April 2024 – September 2025.  

Applications close Sunday 17th March 2024. The application pack can be downloaded here.

Find out more information here

Free online tool from the NCSC prevents cyber criminals using your email to conduct cyber attacks

The free online tool from NCSC helps you to check your email security, and protect your customers

Regardless of the size of your organisation – or the sector you work in – cyber attacks and data breaches pose a real threat to your business, your brand, and your customers. 

The online tool runs a number of quick technical checks in seconds. You don’t need to provide any personal information, or install any software. Simply enter your email domain, and the tool will instantly identify any vulnerabilties in your email setup that a criminal could exploit.

Find out more about it here

Neighbourhood Watch Scotland

Sign up for the Neighbourhood Watch Alert system to receive timely alerts about local crime prevention and safety issues from partners such as Police Scotland.

Trading Standards Scotland, Scam Share Newsletter

Other scams to be aware of are identified in the latest Trading Standards Scotland Scam Share newsletter. You can sign up for the newsletter here.

Check out their #ScamShare Spotlight PDFs focusing on frequently reported email, phone, text and cyber scams in Scotland.

Training and Webinars/Events

CYBERUK 2024

Join the NCSC for CYBERUK 2024, where international leaders and technical experts will explore this year’s theme on how to react and respond to rapidly developing technology, quickly.

The event will convene over 2,000 cyber security leaders and professionals for networking, knowledge exchange, and collaboration. The programme for the event is available to view on the official CYBERUK website

  • Date: 13 – 15 May 2024
  • Location: ICC Birmingham

Find out more about CYBERUK 2024 here

Widen your talent pool by inclusive recruitment

ScotlandIS, in partnership with Equate Scotland and Skills Development Scotland, are delighted to be providing a free online session about inclusive recruitment practices specifically designed for small and medium enterprises within the tech ecosystem.

This training will be hosted online and split across two sessions to allow time for self-reflection. Participants should attend both sessions:

  • Tuesday 19th March, 10am – 11.30am
  • Tuesday 26th March, 10am – 11.30am

Find out more information here

Webinars and online training from the Cyber and Fraud Centre – Scotland

The Cyber and Fraud Centre – Scotland will be running a diverse range of free online training courses and webinars over the next month.

Webinars:

Online training:

Each online training session will cover a different area of Exercise in a Box. Exercise in a Box is an online tool from the NCSC which helps organisations test and practise their response to a cyber attack.

FUTURESCOT: Cloud, Data and AI -Transforming public services 2024

Join FutureScot at Cloud, Data & AI – Transforming Public Services – the leading public sector learning forum for cutting-edge service technologies, including artificial intelligence, data analytics and cloud.

Date: 21 March 2024

Location: Technology & Innovation Centre, Strathclyde University, Glasgow

Find out more information here

CENSIS virtual coffees

These informal hour-long virtual coffees from CENSIS have no fixed agenda, and they aim for a forum that is open, friendly and encourages conversation. The direction of the discussion always follows whatever people on the call want to talk about, and the conversations are never recorded.

14 March 2024 – Digital Product Passports – supporting the circular economy

  • Led by CENSIS Business Development Manager, Natalia Łukaszewicz, this coffee break will explore the EU Digital Product Passport (DPP), a tool designed to create transparency and support the circular economy by sharing information about a product across its entire lifecycle and the entire value chain, including data on raw material extraction, production, recycling, etc.

20 March 2024 – Virtual coffee: Virtual Reality at work

  • Led by CENSIS Business Development Manager, Natalia Łukaszewicz, this coffee break will explore the benefits and applications of Virtual Reality technologies in the workplace. CENSIS are pleased to be joined for this discussion by Jo Ann Lim, Enterprise Client Partner – Reality Labs (EMEA), Meta

9 May 2024 The Digital Health Validation Lab – pathways for medtech

  • Led by CENSIS’s Business Development Manager Ally Longmuir, this session introduces the Digital Health Validation Lab (DHVL), part of the University of Glasgow’s Living Laboratory for Precision Medicine, a £38M investment from the UKRI Strength in Places Fund to address the adoption of healthcare innovations into clinical practice for the benefit of patients.

Find more Censis events here

AI Masterclass from SCVO

Join SCVO’s Artificial Intelligence (AI) masterclass to make sense of the latest opportunities in AI for your organisation. The events are aimed at any organisation looking to explore the opportunities of AI and starting to include it in their strategic plans. No prior technical knowledge is needed.

Both sessions will have a focus on generative AI tools, which are rapidly reaching millions of users.

In this first session, they will cover an overview of AI, and look at what you will need to know in order to start framing your AI strategy.

In this second session, they will dive into practical examples to help you spot issues and sharpen your skills.

Back to top of the page