CATEGORIES
CyberScotland BulletinsThe CyberScotland Bulletin is designed to provide you with information about the latest threats, scams, news and updates covering cyber security and cyber resilience topics. We hope you continue to benefit from this resource and we ask that you circulate this information to your networks, adapting where you see fit. Please ensure you only take information from trusted sources.
If there are any cyber-related terms you do not understand, you can look them up in the NCSC Glossary.
Please subscribe to our CyberScotland mailing list to be notified by email when a new bulletin is published.
Keep up to date on social media, follow us on Twitter and LinkedIn.
National Cyber Security Centre (NCSC)
NCSC and allies reveal most common cyber vulnerabilities exploited in 2022
In a new joint advisory, the NCSC and agencies in the US, Australia, Canada and New Zealand, are providing details on the Common Vulnerabilities and Exposures (CVEs) routinely and frequently exploited by malicious cyber actors in 2022 and the associated Common Weakness Enumeration(s) (CWE)
The advisory highlights how threat actors exploited a larger number of older software vulnerabilities rather than more recently disclosed flaws last year and it also has revealed a list of the top 12 vulnerabilities that were routinely exploited last year.
Among the advice for mitigating the risk of compromise, UK organisations are encouraged to sign up for the NCSC’s Early Warning service to receive alerts about potential issues, including vulnerabilities, affecting their networks.
Read more about it here
Spotlight on shadow IT
Shadow IT is the name given to those unknown IT assets used within an organisation for business purposes.
Whatever format it takes, if shadow IT is prevalent, then risk management becomes very difficult because your organisation won’t have a full understanding of what you want to protect. To help with this, the NCSC’s new guidance shines a light on shadow IT. The guidance helps system owners and technical staff to better mitigate the presence of unknown (and therefore unmanaged) IT assets within their organisation.
Read more about it here
How to spot scammers claiming to be from the NCSC
The NCSC have received reports of criminals impersonating NCSC officials in order to scam members of the public. These scams, usually conducted by phone, try and trick people into transferring money, or revealing sensitive information.
The NCSC will never email you for your:
- Login details, or
- Send unsolicited emails with attached files
- Ask for remote access
- Direct you to another organisation to verify the identity of the NCSC.
The guidance explains:
- how to verify an NCSC contact
- how to spot common scams
- what to do if you think you’ve been scammed
Read the full guidance here
Trending Topics
Cyber Security skills in the UK labour market
The Department for Science, Innovation and Technology of the UK Government have released their 2023 report detailing skills, needs and job vacancies across the UK cyber security sector.
This research into the UK cyber security labour market explores the nature and extent of cyber security skills gaps (people lacking appropriate skills) and skills shortages (a lack of people available to work in cyber security job roles)
The findings of this year’s report include:
- 50% of all UK businesses have a basic cyber security skills gap, while 33% have an advanced cyber security skills gap. These figures are similar to 2022 and 2021.
- There were 160,035 cyber security job postings in the last year. This is an increase of 30% on the previous year. 37% of vacancies were reported as hard-to-fill (down from 44% in 2022, but same as 2021).
- Only 17% of the cyber sector workforce is female (down from 22% last year, but similar to 2021 and 2020) and 14% of senior roles are filled by women.
- There is an estimated shortfall of 11,200 people to meet the demand of the cyber workforce (down from 14,100 last year, largely due to slower growth of the sector).
Through the £2.6 billion National Cyber Strategy the government is working to increase the number and diversity of skilled people in the cyber security profession. This includes encouraging young people to develop their cyber and tech skills, and take subjects such as computer science which help develop the skills needed for cyber and tech careers.
Find out more about it here
Cyber and Fraud Centre – Scotland expands its cybercrime response network
Scotland’s leading organisation for building resilience against cybercrime and fraud has warned businesses that they must have a plan in place to counter attacks, as it adds two legal firms and four new IT and security firms to its cadre in response to growing cyber security threats.
The Cyber and Fraud Centre are expanding their Incident Response capabilities to combat rising cyber threats. New additions Burness Paull LLP and Anderson Strathern will join their Incident Response Cadre alongside new IT/security partners Closed Door Security, Cloud Cover IT, Consider IT and Silver Cloud, who join existing partners TechForce Cyber and Sapphire .
With cyber-attacks increasing, having Incident Response partners ready to provide legal guidance and technical support is critical. By expanding their Incident Response Cadre, more organisations can be assisted in managing cyber incidents and minimising damages.
Read more about it here
In collaboration with the Cyber and Fraud Centre, CyberScotland devoloped a Cyber Incident Response Pack that offers SMEs and Charities actionable guidance on preparing for and managing a cyber-attack
Victims of MOVEit hack continue to grow
The MOVEit hack is a massive data breach that occurred in May 2023 and is one of the largest data breaches in recent history. The Russian ransomware gang Clop exploited a zero-day vulnerability in MOVEit Transfer, a file transfer application developed by Progress Software. The vulnerability allowed the hackers to gain unauthorized access to the MOVEit servers of hundreds of organisations, including government agencies, universities, and businesses.
In July The Register reported “As of July 19, 383 organisations and over 20 million individuals have been compromised, according to the cybersecurity outfit Emsisoft, which sourced its figures from breach notifications, SEC filings, other public data, and Clop’s leak site.”
On August 8, in relation to the numbers affected, Reuters reported that “some analysts have tried to keep track. As of Sunday, cybersecurity firm Emsisoft had totaled up 597 victims with 39.7 million people affected. German IT specialist Bert Kondruss has come up with similar figures, which Reuters corroborated by cross-checking them against public statements, corporate filings and cl0p’s posts.”
Some really big names have been affected so far including: the BBC, Media watchdog Ofcom, the US Department of Energy and other federal agencies, as well as huge corporations like Shell and Deutsche Bank. As the numbers continue to grow the long term effects of the breach remain to be seen.
Role Models in Cyber
The UK Cyber Security Council has been posting a case study from cyber security professionals, publishing interviews with role models from various fields in the cyber landscape, detailing their experiences.
In the UKCSC’s 2025 Strategy ‘Chartering a Cyber Future Strategy’ they outlined their goals for each of the Council’s 5 pillars. One of the aims under the Outreach & Diversity pillar is to: “champion existing role models… and invite collaboration from professionals, businesses, and the wider community… highlighting individuals in industry, through written case studies”
The role models page fulfils this aim by highlighting individuals stories. They’re continuing to update the Role Model page with more stories of the career routes into cyber, from university to work experience, qualifications & certifications to career changers.
Visit the page and read their stories here
Cyber-attack on UK’s electoral registers revealed
The UK’s elections watchdog has revealed it has been the victim of a “complex cyber-attack” potentially affecting millions of voters. The Electoral Commission said unspecified “hostile actors” had managed to gain access to copies of the electoral registers, from August 2021.
Hackers also broke into its emails and “control systems” but the attack was not discovered until October last year. The watchdog said the information it held at the time of the attack included the names and addresses of people in the UK who registered to vote between 2014 and 2022.
Luckily, the commission says in this case the cyber intruders did not have an impact on any elections, or anyone’s registration status.
The fact the hackers were inside the Electoral Commission systems from August 2021 indicates this was not a criminal hacking operation looking to make a quick buck through extortion. This operation looks like a probing one seeking out information about the UK’s democratic process to search for weaknesses.
Read the full article here
Securing the big three in tech as the UK aims for tech superpower status
As the UK government reveals its plans for reaching tech superpower status by 2030, focusing efforts on five critical technologies of tomorrow: telecoms, AI, quantum computing, semiconductors, and engineering biology, the UK Cyber Security Council has published an article that explores cyber’s part in forging secure foundations for superpower status, focusing on three of the critical technologies listed:
AI impact: As cyber attacks grow in volume and complexity, AI can help under-resourced security operations stay ahead of threats. It will be people and cyber professionals who are at the centre of ensuring that AI and machine learning remain tools for good, in accordance with the government’s plans to shape the future of technology in a way that promotes its positive use.
Keeping telecom connectivity secure: The promise of world-class digital infrastructure and nationwide coverage of standalone 5G to all populated areas by 2030, securing our fixed and wireless networks will be paramount to the successful creation of next generation connectivity. If standalone 5G is to be available to all, everyone using it needs to understand its cyber security implications and how to safely use this tech in a way which doesn’t leave them and the network vulnerable.
Controlling quantum computing: We are currently in a period of quantum revolution, but with this opportunity comes a threat. In the post-quantum cyber space, standardised qualifications and ensuring businesses have the right professional for the right protection will be paramount.
Read the full article here
New survey shows ransomware attacks up by over 200%
According to new figures released by Manchester-headquartered NCC Group, a leading cybersecurity firm, ransomware attacks have risen by 221% year-on-year. The survey states that there were 434 attacks in June 2023, compared to 135 in the same period last year.
NCC Group’s Global Threat Intelligence team found that the high levels of ransomware activity in June were driven by Clop’s exploitation of a vulnerability in the MOVEit file transfer software. Russian-speaking threat actor Clop was responsible for 90 of the 434 attacks (21%) in June. There have also been consistently high levels of activity by groups such as Lockbit 3.0, and emergence of several new groups since May.
North America was the most targeted region, accounting for more than half of the attacks in June with 222 victims (51%) – the exact same total as May while Europe accounted for 27% of the attacks
Read the full story at FutureScot here
Newsletters/Campaigns
Online ticket fraud
With the summer season in full swing, events and concerts are back on the agenda. However, as the demand for tickets surges, so does the risk of falling victim to online ticket fraud.
Recently Lloyd Banks issued a warning to football fans as online ticket sales scams for football in the 2022-23 season have doubled. Fans have lost an average of £154 with nine in ten scams started on either Facebook, Instagram or Twitter.
New guidance from CyberScotland will provide you with practical, digitally focused-tips on how to avoid online ticket fraud and ensure your event experiences are scam-free. The advice to avoid ticket fraud includes:
- Buy tickets from official sources only
- Look for secure connections
- Verify the sellers reputation
- Beware of phishing scams
- Use Two-Factor Authentication
- Avoid public wifi and more…
Read the full in-depth guidance here
Student Online Safety Guide
Police Scotland have released a new safety guide to help students stay safe online.
Common frauds that students are experiencing today can range from the more recognisable face-to-face fraud to those carried out by someone anonymously online.
Advances in technology enable you to carry out daily tasks more easily, but can be frequently exploited by fraudsters interested in your personal information and money. This guide will equip you with information and advice to increase your awareness, prepare you to identify potential frauds and prevent the loss of your valuable data to those intent on stealing it
Read the full guide here
Trading Standards Scotland, Scam Share Newsletter
Other scams to be aware of are identified in the latest Trading Standards Scotland Scam Share newsletter. You can sign up for the newsletter here.
Check out their #ScamShare Spotlight PDFs focusing on frequently reported email, phone, text and cyber scams in Scotland.
Neighbourhood Watch Scotland
Sign up for the Neighbourhood Watch Alert system to receive timely alerts about local crime prevention and safety issues from partners such as Police Scotland.
Training and Webinars/Events
Public and Third Sector, and Private Cyber Roadshow – Orkney
The Cyber and Fraud Centre is hitting the road and will deliver a series of events for both Private, and Public and Third sector organisations across the country. These events will focus on discussing some key cyber security topics you and your organisation or charity should be considering for 2023. Everything discussed will tie in with additional resources available and help you fully utilise these within your own organisation or charity. Each event will be in person giving everyone an excellent chance to network with others working within the Private Sector interested in cyber security.
Find out more or register at one of the events here:
Scot-Secure West Cyber Security Conference
Now in its 9th year, Scotland’s largest annual cyber security summit will host a sister event in Glasgow, Scot-Secure West. The event brings together senior InfoSec personnel, IT leaders, academics, security researchers and law enforcement, providing a unique forum for knowledge exchange, discussion and high-level networking.
The programme is focused on improving awareness and best practices through shared learning: highlighting emerging threats, new research and changing adversarial tactics, and examining practical ways to improve resilience, detection and response.
Location:
- Technology and Innovation Centre at the University of Strathclyde, Glasgow
Date and Time:
- 14 September – 08:30 – 4.30pm
Find out more information here
Register for the event here
This event is free to attend (T&Cs apply) and geared towards InfoSec & IT personnel and C-suite leaders.
Secure Leaders – Half Day Senior Leader Training
Empowering Senior Leaders with Cyber Resilience Training
The Cyber and Fraud Centre recognises that some senior leaders or board members may not feel confident about their level of cyber security knowledge, and therefore they feel restricted when having those essential security discussions with technical staff or external IT partners.
This half-day training course is based on the NCSC’s Board Toolkit; it is designed to strengthen board members’ and senior leaders’ understanding of cyber security, empowering them to make informed decisions to manage cyber risk. Expert Cyber and Fraud Centre team members will deliver this comprehensive training session.
Date: 29 August 2023
Time: 10:00 – 13:00
Venue: Oracle Campus, Linlithgow
Find out more and register for the event here
Virtual Coffee: Cyber Security for Scotland’s Maritime Sector
Join CENSIS for an hour long virtual coffee to connect with other companies, researchers and stakeholders working in the same space or with the same interests as you.
In this session, organised in partnership with the University of Abertay’s CyberQuarter, Scottish Enterprise, ScotlandIS and the Scotland 5G Centre, they’ll be talking about cyber security issues associated with the maritime sector.
Date and time:
24 August 2023 – 10:00 am
This call takes place on Zoom. A calendar invite containing the link to join will be emailed to all registered participants before the day.
Find out more details here
Register for the event here
Train the Trainer – Exercise in a Box – Edinburgh and Glasgow
Exercise in a Box is a tool that recreates real-world business scenarios and tests your cyber resilience in each scenario. It was developed by the NCSC and started as a self-use tool to help organisations test and practise their internal response to many cyber issues.
The Cyber and Fraud Centre have been facilitating sessions over the past few years, which has seen hundreds of organisations learn about it and how it can benefit their organisation. These ‘Train the Trainer’ sessions will take a different approach to their main sessions.
Instead of running through a practical scenario, they will be showcasing how you can facilitate a session in your own organisation. You will learn about how you can drive the most benefit from Exercise in a Box as we share all our learnings about what works and what doesn’t.
Date and time:
Find out more here
NB: Before joining this event it is important to have already joined at one of the main Exercise in a Box sessions, or already be familiar with Exercise in a Box.
Digital Inclusion
The Scottish Council for Voluntary Organisations is running a series of bitesize sessions to help improve your understanding of and capacity for digital inclusion.
The webinars are varied and include titles such as “Digital inclusion: bringing your organisation with you” which covers how you can support your teams to embrace the benefits of embedding digital inclusion into your services, and “Creating and embedding Digital Champions” which covers how Digital Champions are the backbone of a lot of digital inclusion work, and learning how to create and embed them within your service will be an important step on your journey.
Many more webinars are available on the SCVO’s events page here