CyberScotland Bulletin

April 2024

CATEGORIES
CyberScotland Bulletins

The CyberScotland Bulletin is designed to provide you with information about the latest threats, scams, news and updates covering cyber security and cyber resilience topics. We hope you continue to benefit from this resource and we ask that you circulate this information to your networks, adapting where you see fit. Please ensure you only take information from trusted sources.

If there are any cyber-related terms you do not understand, you can look them up in the NCSC Glossary.

Please subscribe to our CyberScotland mailing list to be notified by email when a new bulletin is published.

Keep up to date on social media, follow us on Twitter and LinkedIn.

National Cyber Security Centre (NCSC)

NCSC publish updated Defending Democracy guidance

Democratic events such as elections are attractive targets for adversaries, and organisations and individuals must be prepared for threats, old and new. Defending UK democratic institutions and processes is a priority.

In response to this the NCSC has updated their defending democracy guidance. This collection brings together expanded guidance to raise awareness of the cyber threats to democratic processes, institutions, and the people involved in them. The aim is to prevent or reduce related attacks against both organisations and individuals.

Read the full story and guidance here

Top international and UK experts among guest speakers at CYBERUK 2024

Further details have been announced for CYBERUK 2024. GCHQ Director Anne Keast-Butler will be joined by the White House’s National Cyber Director, Harry Coker, Jr., and an array of leading domestic and international experts shaping the world’s online landscape at the flagship summit in the West Midlands in May. 

CYBERUK 2024 will bring together the intelligence community, government, industry, and academia at the ICC Birmingham to explore the entire spectrum of future cyber challenges and solutions – from AI-driven threat detection and quantum computing to secure-by-design principles. 

Find out more information and see a list of speakers here

NCSC Threat Report

The NCSC produces threat reports drawn from recent open-source reporting. View the latest report here.  

To ensure you get the most up-to-date information from NCSC, you can sign up for their email service where they are sharing all advisories, threat reports, and urgent communications. Select ‘threat report and advisories’ to receive the most up-to-date content.

Organisations that are proactive in their approach to the management and handling of cyber security should consider joining the Cyber Security Information Sharing Partnership (CiSP).

The NCSC’s Reporting Service

The NCSC is a UK Government organisation that has the power to investigate and take down scam email addresses and websites.

As of January 2023, Suspicious Email Reporting Service (SERS) has received over 17 million reported scams since its launch in 2020, which have resulted in 114,000 scams have been removed across 209,500 URLs.

You can help to play your part in protecting others by reporting suspicious activity online and help make the internet a safer place.

In Scotland, report all scams to Advice Direct Scotland by calling 0808 164 6000 (Mon-Fri 9 am-5 pm) or online at www.consumeradvice.scot. Visit scamwatch.scot to use the Quick Reporting Tool.

If you become a victim of cyber crime you can report this to Police Scotland by calling 101.

Trending Topics

UK & United States announce partnership on science of AI safety

The UK and US have signed a Memorandum of Understanding which will see them work together to develop tests for the most advanced AI models.

The UK and US AI Safety Institutes have laid out plans to build a common approach to AI safety testing and to share their capabilities to ensure these risks can be tackled effectively. They intend to perform at least one joint testing exercise on a publicly accessible model. They also intend to tap into a collective pool of expertise by exploring personnel exchanges between the Institutes.

Read the full story here

Government survey finds that 75% of UK businesses are failing to uphold cyber security best practices

The recent Cyber security longitudinal (CSLS) survey has found that cyber-resilience in UK organisations is stagnating as attacks are on the rise, pointing to lack of adoption of new technologies and increased personal device usage as key causes.

Three in four UK businesses have experienced a cyber-attack in the last year, with fraudulent emails or attachments being the biggest culprit, according to the UK Government-funded survey.

Read the full story here

‘Policing in a Digital World’ annual report 2024

Police Scotland’s “Policing in a Digital World Programme” (PDWP) was formed with the clear aim to transform how Police Scotland respond to the evolving threat of cybercrime. Following a 4P’s approach (Pursue, Protect, Prepare, Prevent), the programme tackles cybercrime through multiple angles

As part of the Policing in a Digital World Programme the annual report has been published. It provides an overview of the journey since the publication of the Cyber Strategy in 2020, documents the work over the last calendar year in terms of the various project and work streams and the planned deliverables for 2024/25, including the recently approved strategic response to fraud.

It also outlines their ethical approach to technology, which led to the creation of the Rights Based Pathway, designed to support decision making and to maintain public trust and confidence in the organisation in respect of IT adoption and use of technology.

Read the full report here

Charities come together to renew their focus on cyber resilience

On the 28th of February, as part of CyberScotland Week 2024, ScotlandIS and SCVO hosted a free cyber resilience conference for over 100 representatives from across the third sector. The aim of the day was to support organisations in understanding more about cyber resilience, why it is important to everyone and highlighting resources and support to help organisations on their journey to becoming more cyber resilient.  

The event was designed specifically for the third sector with real-world insights from the UK’s NCSC, some Scottish charities, as well as industry experts, who led a variety of interactive workshops highlighting simple steps that can help reduce and manage cyber risk.

Read the full article here

Calls to Cyber and Fraud Centre cybercrime helpline more than double in a year

The Cyber and Fraud Centre Incident Response Helpline, a collaboration between leading Scottish cyber security organisation the Cyber and Fraud Centre, Police Scotland and the Scottish Government, with technical and legal incident response support from various Scottish companies, provides expert advice to help affected organisations mitigate the effects of a cyberattack.

Statistics show that the number of calls received by the helpline has more than doubled, from 123 calls in 2022/23 to 263 in 2023/24. This is expected to grow even further over the next year. The figures also highlight a rise in ransomware attacks, with Black Basta, Lockbit and Akira amongst the most common ransomware programmes being reported to the helpline.

Read the full story here

Holiday Fraud

With the summer approaching many people will be planning for their holidays ahead.  However, amidst the excitement and anticipation, each year fraudsters target innocent holidaymakers which results in a monetary loss of millions of pounds.

For anybody considering booking a holiday online, Police Scotland has provided some top tips to avoid falling victim to holiday fraud. Some of the tips include:

  • If you are offered flights or a holiday that are significantly cheaper than other websites, you should be suspicious.
  • Look out for official logos, they are a good tell-tale sign that the company is genuine.
  • If you are asked to pay by bank transfer then you should be suspicious, especially if you are being asked to pay into a bank account in an individual’s name.

Read the full detailed guidance here

53% of malware-infected devices are corporate according to new research

The share of corporate devices compromised with data-stealing malware is on the rise, according to Kaspersky Digital Footprint Intelligence. Data extracted from data-stealing malware log-files available on the dark web showed that the share of corporate users compromised with such malware increased by 34 percentage points since 2020.

After infecting a single device, cybercriminals can gain access to all accounts, both personal and corporate. According to Kaspersky statistics, one log file contains credentials with a corporate email as a login to an average of 1.85 corporate web applications, including web mail applications, customer data processing systems, internal portals, and more.

Read the full story here

Ransomware gang threatens to release 3 terabytes of NHS Dumfries and Galloway data following ‘focused cyberattack’

The INC ransomware group posted a ‘proof pack’ on its dark web site claiming to have infiltrated the health board’s systems.

The ‘announcement’ comes after NHS Dumfries & Galloway – one of Scotland’s 14 regional health boards – reported a cyber incident on March 15.

Read the full story here

Newsletters/Campaigns

Scotland IS are seeking views from cyber companies

ScotlandIS are looking to gauge a holistic view of the cyber landscape in Scotland, by surveying the experiences, opportunities and challenges of the sector.

By benchmarking industry trends, pain points and potential opportunities, we can better understand how to serve the sector – your insights as an industry leader are invaluable to achieving this.

Complete the short survey here; all responses are anonymous and confidential. Your expertise is crucial in shaping the future of the Scottish cyber sector.

If you have any questions, please contact, ScotlandIS Head of Cyber Beverly Bowles Beverly.bowles@scotlandis.com

Cyber Byte April: ‘Cyber Spring Clean Your Personal Accounts’

This months Cyber Byte from Police Scotland covers the importance of cyber hygiene. This year is the first time since 1896 that spring has started so early. So why not continue with some early cyber spring cleaning and de-clutter your data whilst improving your online security.

A digital spring clean can help keep your devices and information safe and secure. It can also help improve the performance and speed of devices and reduce the risk that a hacker could access old information that you’ve forgotten about.

The piece provides 8 easy tips, described in detail in the link below, to support your cyber spring clean:

  • Review your online accounts
  • Update your devices.
  • Refresh browsers.
  • Throw out your trash.
  • Lock down your login
  • Review your online presence.
  • Back up your files
  • Dispose of electronic devices securely

Read the full in-depth Cyber Byte here

The Cyber Standard Podcast

The UK Cyber Security Council and ISACA have joined to collaborate on a new cyber related podcast.

Episode One of the podcast titled “The Vision” consists of the two organisations, in a compelling discussion about the standardisation of specialisms in cybersecurity. Don’t miss this insightful conversation that sets the stage for the podcast’s journey into the world of cyber security standardisation.

Find out more about it here

‘Women Do Cyber’ programme accelerating access for women into digital and cyber careers

GCU, Cisco and Scotland Women in Technology (SWiT) have established a partnership to inspire and encourage women to keep learning and grow career options in digital and cyber security. This critical skills initiative is funded by the Scottish Funding Council.

The 2024 Women Do Cyber programme offers 40 fully-funded reskilling places to help women progress into Cyber Security careers. They are reaching women from a range of backgrounds and circumstances who seek to start a new career, increase their earning power, change career direction and make a difference in the Scottish tech sector.

Find out more information here

Trading Standards Scotland, Scam Share Newsletter

Other scams to be aware of are identified in the latest Trading Standards Scotland Scam Share newsletter. You can sign up for the newsletter here.

Check out their #ScamShare Spotlight PDFs focusing on frequently reported email, phone, text and cyber scams in Scotland.

Neighbourhood Watch Scotland

Sign up for the Neighbourhood Watch Alert system to receive timely alerts about local crime prevention and safety issues from partners such as Police Scotland.

Training and Webinars/Events

CYBERUK 2024

Join the NCSC for CYBERUK 2024, where international leaders and technical experts will explore this year’s theme on how to react and respond to rapidly developing technology, quickly.

The event will convene over 2,000 cyber security leaders and professionals for networking, knowledge exchange, and collaboration. The programme for the event is available to view on the official CYBERUK website

  • Date: 13 – 15 May 2024
  • Location: ICC Birmingham

Find out more about CYBERUK 2024 here

Online training, roadshows and webinars from the Cyber and Fraud Centre – Scotland

The Cyber and Fraud Centre – Scotland will be running a diverse range of free online training courses and webinars over the next month.

Online training:

Each online training session will cover a different area of Exercise in a Box. Exercise in a Box is an online tool from the NCSC which helps organisations test and practise their response to a cyber attack.

Roadshows:

Webinars:

‘This is Early Level Digital’ cyber related webinars for educators

Education Scotland are running a series of ‘This Is Early Level Digital’ sessions over the coming weeks. The webinars are suitable for practitioners working with children at early level across a range of ELC settings and schools.

This series of three webinars will explore how you can support early level learners to gain knowledge and confidence in Cyber Resilience and Internet Safety

Cyber Security Professional Titles and Your CPD

The UK Cyber Security Council will be hosting the 2nd Professional Registration Titles webinar of the year, this time focusing on Continuing Professional Development and the requirements and expectations around (CPD) for those who are looking to gain a Professional Registration Title.

You will be hearing from Council staff and those involved in the CPD process and they will be covering the following:

  • What is CPD
  • What are the requirements of CPD in relation to maintaining Professional Registration
  • Types of CPD
  • How to record and submit CPD
  • Assessment of CPD

Find out more information and register for the event here

Scottish OT Cyber Summit

Join Cyber News Global at the Scottish OT Cyber Summit at the Ardoe House Hotel in Aberdeen, on May 30.

Learn to identify your most valuable data assets with discussions of collaboration, development, industry standards, employee awareness, and more.

Find out more information and register for the event here

Back to top of the page