CyberScotland Bulletin

July 2024

CATEGORIES
CyberScotland Bulletins

The CyberScotland Bulletin is designed to provide you with information about the latest threats, scams, news and updates covering cyber security and cyber resilience topics. We hope you continue to benefit from this resource and we ask that you circulate this information to your networks, adapting where you see fit. Please ensure you only take information from trusted sources.

If there are any cyber-related terms you do not understand, you can look them up in the NCSC Glossary.

Please subscribe to our CyberScotland mailing list to be notified by email when a new bulletin is published.

Keep up to date on social media, follow us on Twitter and LinkedIn.

National Cyber Security Centre (NCSC)

NCSC update guidance for shopping and paying safely online

The NCSC has updated their guidance for shopping online securely with the following tips explained to help you stay safe when shopping online for goods and services:

  • Check the shop is legitimate
  • Use a credit card to pay
  • Only provide required details on checkout
  • Keep your accounts secure
  • Watch out for suspicious links

Included in the guidance is advice for what to do if things go wrong and further resources to help boost your cyber resilience while shopping online.

Read the updated guidance here

NCSC release statement following reports of a Synnovis data breach

In response to a cyber criminal group that has published data which it claims belongs to Synnovis, a provider of pathology services to the NHS, the NCSC has released a statement and published guidance to help people protect themselves from the impacts of data breaches.

Eleanor Fairford, NCSC Deputy Director for Incident Management, stated: “The reports of sensitive data being published online by cyber criminals are very concerning and we are working with Synnovis and partners in the NHS and law enforcement to fully investigate. While investigations to determine whether sensitive data have been leaked are ongoing, we advise people to remain alert to suspicious messages or calls from would-be fraudsters who might try to exploit the situation.

Read the full story here

The NCSC’s Reporting Service

The NCSC is a UK Government organisation that has the power to investigate and take down scam email addresses and websites.

As of January 2023, Suspicious Email Reporting Service (SERS) has received over 17 million reported scams since its launch in 2020, which have resulted in 114,000 scams have been removed across 209,500 URLs.

You can help to play your part in protecting others by reporting suspicious activity online and help make the internet a safer place.

In Scotland, report all scams to Advice Direct Scotland by calling 0808 164 6000 (Mon-Fri 9 am-5 pm) or online at www.consumeradvice.scot. Visit scamwatch.scot to use the Quick Reporting Tool.

If you become a victim of cyber crime you can report this to Police Scotland by calling 101.

NCSC Threat Report

The NCSC produces threat reports drawn from recent open-source reporting. View the latest report here.  

To ensure you get the most up-to-date information from NCSC, you can sign up for their email service where they are sharing all advisories, threat reports, and urgent communications. Select ‘threat report and advisories’ to receive the most up-to-date content.

Organisations that are proactive in their approach to the management and handling of cyber security should consider joining the Cyber Security Information Sharing Partnership (CiSP).

Trending Topics

New Secure Summer campaign launched by CyberScotland Partnership

Summer is a time for relaxation and adventure, but it can also be a prime opportunity for cyber criminals to strike. This is why the CyberScotland Partnership has launched the “Secure Summer: bright days, safe ways” campaign.

As part of the new campaign we have published two new pieces of guidance to help you stay vigilant of the potential cyber threats during the summer months and prevent your plans from being disrupted:

Read the full story here

World Social Media Day

On June 30 we celebrated World Social Media Day, a day dedicated to recognising the impact that social media has had on global communication and connection.

Some tips from our new guidance for using social media safely include:

  • Regularly review your privacy settings
  • Avoid oversharing personal information
  • Monitor account activity for any unusual actions

Enhance your cyber security with our social media tips here

New charity hub launched to support victims of cyber and fraud crime across Scotland

The Cyber and Fraud Centre – Scotland, a CyberScotland partner, have launched the Cyber and Fraud Hub, a pioneering charity dedicated to supporting individuals across Scotland who have fallen victim to cyber and fraud crimes.

This initiative has been established in response to a significant increase in public concerns and incidents reported through its helpline. The Cyber and Fraud Hub is the first charity of its kind in Scotland, offering comprehensive support tailored specifically to individuals affected by cyber and fraud crimes. 

Read the full story here

Visit the new Cyber and Fraud Hub here

Which? issue guidance on new Facebook account hacking scam

Which? has reported that fraudsters are posting malicious links from compromised accounts on Facebook.

Facebook users will encounter this scam when another hacked account you’re connected to posts something to grab your attention, such as ‘I can’t believe he’s gone.’ Following this, the hacked account will share a link, giving the impression that it provides more information about the post. The links lead to malicious websites that download malware onto your device, infecting it with dodgy pop-ups.

Read the full article for a breakdown of the scam and advice here

New analysis show UK businesses face new cyber-attacks every 44 seconds in Q2 2024

New analysis from Beaming, an internet service provider for businesses, shows that UK businesses are encountering over 180,000 cyber-attacks each in just three months.

The elevated levels of cyber-attack activity experienced in the second quarter of 2024 extend a prolonged period of malicious online activity. The final three months of 2023 were the worst period ever for cyber-attacks on UK businesses, with companies encountering a new attempt to breach their systems online every 40 seconds, on average.

Read the full story from DIGIT here

Phishing scams: Different forms of phishing

The Police Scotland Cybercrime Harm Prevention Team have provided new guidance on some of the various phishing methods used by cyber criminals.

Phishing is when criminals attempt to trick people into doing ‘the wrong thing’, such as clicking a link to a suspect website. Phishing can be conducted via a text message, social media, or by phone, but the term ‘phishing’ is mainly used to describe attacks that arrive by email.

In the new guidance there are explanations of Smishing, which simply uses text messages instead of email, Vishing which is executed over telephone calls and Quishing which is a form of phishing that uses QR codes. Along with the explanations are simple tips to stay protected.

Read the full guidance here

Reflections from the CEO of the UK Cyber Security Council

The UK Cyber Security Council, a CyberScotland Partner, has issued a new article about their CEO, Dr Claudia Natanson MBE, covering her reflections on the year so far in relation to the UK Cyber Security Council and the importance of championing the cyber profession.

The article highlights the UKCSC’s “Cyber Security First” approach to integrate cyber security into business strategies, the importance of awareness and education about diverse opportunities in cyber security, the vitality of forming meaningful collaborations and more. In relation to the UKCSC, Dr. Nathanson MBE states that “our ultimate goal is to elevate the standards for cyber security professionalism across government departments and their supply chains.”

Read the full piece here

Newsletters/Campaigns

CyberByte July: Check your cyber security

This month’s CyberByte focuses on a free government service provided by the NCSC to help UK organisations check for cyber vulnerabilities related to email address domain names.

Domain names can be targeted by cyber criminals to send emails in an attempt at impersonating you and or your business. These can be used effectively and can spread malware and viruses causing reputational and financial damage.

The NCSC service will help identify vulnerabilities around domain name cyber security such as:

  • Email anti-spoofing: Preventing cyber criminals sending emails pretending to be you (known as
    spoofing)
  • Email privacy: Making it harder for cyber criminals to intercept and read your email in transit – in other words, when your emails are being sent

Read more about it in the full CyberByte here

UK Government call for cyber related views extended

The closing date to contribute your views on cyber related initiatives has been extended. At CyberUK 2024, the Department for Science, Innovation and Technology (DSIT) made announcements on cyber resilience and cyber skills: included in these announcements were calls for views on two new codes of practice for software security and the cyber security of AI, and a call for views on the future of the CyberFirst scheme.

They are keen to hear your views on these, which you can submit through the links provided below:

Read the full story here

Cryptocurrency Scams

The Police Scotland Cyber Crime Harm Prevention team have renewed their Cryptocurrency guidance.

Criminals benefit from the lack of technical knowledge surrounding cryptocurrency transactions, pressuring people to make decisions without due diligence or consideration. Digit recently covered a new report from TRM Labs, a blockchain intelligence platform, stating that more than £1bn in crypto has been stolen already this year by cyber criminals, showing the importance of becoming familiar with the risks involved.

Read the new guidance here

New cyber security booklet aims to empower asylum seekers and refugees

As a part of the CyberScotland Partnership funding initiative, the Central and West Integration Network (CWIN) have produced a new cyber security booklet, designed specifically to enhance the cyber resilience of asylum seekers and refugees.

The comprehensive booklet, produced in collaboration with Scottish Government, compiles key digital safety topics presented to asylum seekers and refugees during CWIN’s Cyber Security Project classes and workshops in 2023 and 2024

Read more here

A free digital copy of the booklet is available on their website here

Neighbourhood Watch Scotland

Sign up for the Neighbourhood Watch Alert system to receive timely alerts about local crime prevention and safety issues from partners such as Police Scotland.

Trading Standards Scotland, Scam Share Newsletter

Other scams to be aware of are identified in the latest Trading Standards Scotland Scam Share newsletter. You can sign up for the newsletter here.

Check out their #ScamShare Spotlight PDFs focusing on frequently reported email, phone, text and cyber scams in Scotland.

Training and Webinars/Event

Cyber Webinars from the UK Cyber Security Council

The UK Cyber Security Council will be hosting multiple cyber related events in the coming months.

  • Professional registration and the cyber talent pipeline – 30 July: In this webinar for HR professionals, recruiters and managers they will help you understand what professional registration in cyber security means for you. This is ideal for anyone currently working in the cyber security space or looking to make the switch.
  • Specialisms Webinar: Security Testing – 6 August: Hear from Chartered Cyber Security professional William Wright, as he takes you through what it looks like to work in the Security Testing specialism and how he got there. 
  • Defence against the dark web – 10 September: In this webinar, Vodafone’s Threat Intelligence expert, Emma Lemin, explores the importance of cyber security for your business while unveiling the top current threats, also covering Emma’s background and how she got into this exciting field of cyber security.

For more events see the UKCSC events page

DigiShift 82: What you can do to protect your organisation against cyber attacks

This month, the Scottish Council of Voluntary Organisations (SCVO) will be discussing common cyber threats within the voluntary sector and what you can do, whatever your role or expertise to make things better.

This session will provide valuable insights and practical tips to help enhance your organisation’s cyber resilience, guided by two professionals in the field, Alison Brogan (Cyber Resilience Co-ordinator at SCVO) and Chris Oladogba, (Global Senior Manager of Information Technology at Centre for Public Impact).

Date and time: 24 July 2024, 10.00 – 11.00

Find out more information here

Check out our new Third Sector page for more third sector cyber-related events here

Scot Secure West – Cyber Security Conference

Now in its 10th year, Scotland’s largest annual cyber security summit will host a sister event in Glasgow, Scot-Secure West. The event brings together senior InfoSec personnel, IT leaders, academics, security researchers and law enforcement, providing a unique forum for knowledge exchange, discussion and high-level networking.

The programme is focused on improving awareness and best practices through shared learning: highlighting emerging threats, new research and changing adversarial tactics, and examining practical ways to improve resilience, detection and response.

  • Date and time: 11 September 2024, 8.30 – 4.30pm
  • Location: Hilton Hotel, 1 William Street, Glasgow

Find out more information here

ScotSoft 2024

ScotSoft is back! Scotland’s leading and most anticipated tech conference will return to the EICC on Thursday 26th September 2024. Join to hear from a fantastic range of speakers bringing future trends, opportunities and strategies that will ensure Scotland’s digital community continues to grow and prosper.

Find out more information here

Back to top of the page