CATEGORIES
CyberScotland BulletinsThe CyberScotland Bulletin is designed to provide you with information about the latest threats, scams, news and updates covering cyber security and cyber resilience topics. We hope you continue to benefit from this resource and we ask that you circulate this information to your networks, adapting where you see fit. Please ensure you only take information from trusted sources.
If there are any cyber-related terms you do not understand, you can look them up in the NCSC Glossary.
Please subscribe to our CyberScotland mailing list to be notified by email when a new bulletin is published.
Keep up to date on social media, follow us on Twitter and LinkedIn.
CyberScotland Week 2024
CyberScotland Week will be taking place from the 26th of February until the 3rd of March. This week of varied events both online and in-person is for everyone, regardless of age.
CyberScotland Week offers something for individuals who want to be safer online, as well as for organisations looking to develop robust cyber defences. By participating in CyberScotland Week, we can work together to create a more secure digital future for Scotland
Check out a new guide to participating in CyberScotland Week here
Find out more information on the official page and watch for new events posted regularly here
National Cyber Security Centre (NCSC)
New guidance to help small organisations use online services more securely
The NCSC have launched a new online services guidance tailored for small organisations. This is specifically written for small and medium sized enterprises (SMEs), who may be overwhelmed by the NCSC’s existing cloud security guidance (which is aimed squarely at IT professionals and contains a lot more technical details). The new guidance will help SMEs use online services more securely, so that they’re less likely to be the victim of a cyber attack.
Read more about it here
Exploitation of vulnerabilities affecting Ivanti Connect Secure and Ivanti Policy Secure
The NCSC is encouraging organisations to take action to mitigate vulnerabilities affecting Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) gateways, and follow the latest vendor advice.
Ivanti has published an advisory detailing two vulnerabilities affecting Connect Secure and Policy Secure gateways. Ivanti is aware that both vulnerabilities are being actively exploited.
Read more about it here
NCSC launch Cyber League
Cyber League is a new NCSC initiative which brings together a trusted community of NCSC and industry cyber experts to work on the biggest cyber threats facing the UK. This is part of the NCSC mission to make the UK the safest place to live and work online.
Members of Cyber League are a diverse group of industry experts, working with NCSC analysts and each other, to bring their unique knowledge and understanding to the threat picture. They take part in a range of engagements, including analytic workshops and discussion groups.
Read more about it here
NCSC Threat Report
The NCSC produces threat reports drawn from recent open-source reporting. View the latest report here.
To ensure you get the most up-to-date information from NCSC, you can sign up for their email service where they are sharing all advisories, threat reports, and urgent communications. Select ‘threat report and advisories’ to receive the most up-to-date content.
Organisations that are proactive in their approach to the management and handling of cyber security should consider joining the Cyber Security Information Sharing Partnership (CiSP).
The NCSC’s Reporting Service
The NCSC is a UK Government organisation that has the power to investigate and take down scam email addresses and websites.
As of January 2023, Suspicious Email Reporting Service (SERS) has received over 17 million reported scams since its launch in 2020, which have resulted in 114,000 scams have been removed across 209,500 URLs.
You can help to play your part in protecting others by reporting suspicious activity online and help make the internet a safer place.
In Scotland, report all scams to Advice Direct Scotland by calling 0808 164 6000 (Mon-Fri 9 am-5 pm) or online at www.consumeradvice.scot. Visit scamwatch.scot to use the Quick Reporting Tool.
If you become a victim of cyber crime you can report this to Police Scotland by calling 101.
Trending Topics
UK’s cultural institutions gather for summit on the cyber threat
Organisations across the UK’s culture sectors have been coached on how to reduce the risk of falling victim to cyber criminals.
Earlier this month, the NCSC and the Department for Culture, Media and Sport (DCMS) met with representatives from the UK cultural sector to discuss what can be done to protect institutions’ digital collections.
Online collections, which pool millions of digital records, enable cultural institutions to increase accessibility of their materials and hold unique social and cultural value to the wider public. In 2020 alone, the creative industries brought £103.8 billion to the UK economy. This makes the cultural sector an attractive target to opportunistic threat actors.
Read more about it here
Safer Internet Day
Safer Internet Day will take place on the 6th of February 2024, with celebrations and learning based around the theme ‘Inspiring change? Making a difference, managing influence and navigating change online’.
Coordinated in the UK by the UK Safer Internet Centre, the celebration sees thousands of organisations get involved to promote the safe, responsible and positive use of digital technology for children and young people.
For more information visit the official page here
The startups on a mission to make the UK the safest place to live and work online
As the innovation partner to the NCSC, Plexal are pleased to have welcomed a new intake of cyber companies to the NCSC For Startups programme.
NCSC For Startups is a unique initiative that offers startups insights and guidance from NCSC experts, enabling them to develop, adapt or pilot technology to meet the biggest cyber security challenges facing the UK such as protecting SMEs and citizens and reducing the risks involved in remote working.
Over the course of 12 weeks, six startups will receive technical expertise, insights and guidance from the NCSC, Plexal and partners including Deloitte, CyNam, Hub 8 and QA.
Read more about it here
New partnership between IFB and Expo.E provides 24/7 cyber security for businesses
Connectivity, cyber security and IT Service provider IFB, has partnered with leading Cloud, IT, and network services provider EXPO.e – to provide large scale and comprehensive Cyber Security Operations Centre services (CSOC) for its current and future customers.
IFB CEO Graeme Gordon said: “We are delighted to extend our working relationship and partnership with EXPO.e to now include the critical cyber security operations space. This means that alongside IFB’s own Security services, we can now offer the depth, breadth and scale of expertise to accommodate any scale of security requirement.”
Read more about it here
Ransomware reached record breaking levels in 2023
Examining the ransomware landscape over the last twelve months, a new report by Cyberint has shed light on its evolution, impact, and noteworthy trends.
The report states that 2023 was the biggest year for ransomware groups in history, witnessing a staggering surge of 55.5% in the number of victims compared to the preceding year. The report discloses that a total of 4,368 victims fell prey to ransomware attacks during this period, signifying a notable escalation from the figures recorded in 2022.
Read more about it here
10 most common types of cyber attacks in 2023
Cyber attacks are evolving rapidly with advancements in technology, as threat actors develop sophisticated methods and exploit new vulnerabilities.
GBHackers.com have published their list of the top ten most common cyber attacks of 2023. Featured in the list are: Malware, Phishing, Denial-of-Service (DoS) Attacks, Code Injection Attacks, IoT-Based Attacks, Identity-Based Attacks, Supply Chain Attacks, Spoofing, Insider Threats and DNS Tunneling.
Read an in-depth breakdown of the list here
New report reveals staggering number of email security incidents
Cyber security company Egress has published it’s second ‘Email Security Risk Report’ revealing that 94% of global organisations experienced email security incidents in the past 12 months.
This upward trend is mirrored in the negative impact of phishing attacks, affecting 96% of organisations enduring operational disruption as a result of an email security incident, up from 86% in the prior year.
The report sheds light on the evolving risks, impact of incidents, and cybersecurity leaders’ concerns about traditional approaches to email security.
Read more about it here
Newsletters/Campaigns
Data Privacy Week
Data Privacy Week is an annual effort to spread awareness about online privacy among
individuals and companies. It has two main goals:
- Improving the individuals understanding of their control over their data
- Help companies understand the importance of respecting the privacy of their users’
data
In conjunction with Data Privacy Week, Police Scotland have published guidance titled “Navigating Online: Understanding the Essentials of Data Privacy.” The guidance breaks down “What is Data Privacy?”, “Why is Data Privacy important?” and “Practical Steps for Data Privacy.”
To read the full guidance click here
New SC3 Reports posted daily and weekly
Keep up-to-date on all the latest cyber threats with the daily threat and weekly vulnerability reports from the Scottish Cyber Coordination Centre (SC3) provided in collaboration with CyberScotland.
The Daily Threat Report provides a daily breakdown of various cyber threats and the Weekly Vulnerability Reports summarise the known software vulnerabilities published in the previous week.
To subscribe to the reports and stay up-to-date visit the official page where the reports are also posted: SC3 Threat Reports
CyberByte January
This months’ Cyber Byte from Police Scotland has a different take on what has previously gone out. In it they would like to test your Cyber knowledge – don’t worry if you answer incorrectly as there are links below each question to support you with relevant guidance.
The topics addressed in this months CyberByte include ‘Passwords’, ‘Securing your Devices’ and ‘Backing up your Data’, with questions, answers and relevant information.
To read it and test your cyber knowledge click here
To read the December CyberByte relating to ‘Online Gaming Safety Awareness’ click here
IoT cyber challenge: IoT Secure
IoTSecure is CENSIS’s support service which offers 1-2-1 support to SMEs to help companies design, develop, or manufacture cyber-secure IoT products or services. Advice is also available to non-technology organisations and companies interested in adopting IoT in the workplace.
The scheme closes in spring 2024 and they have just a handful of opportunities left to support businesses. Reach out to CENSIS for 1-2-1 advice to address your IoT cyber challenge, whatever that might be, including:
- Advice on best practice in IoT product design
- Information about new legislation (the Product Security and Telecommunications Infrastructure Act 2022 comes into force in April)
- Reviews for new products or services, including suggestions from CENSIS for adaptations or improvements
For more information click here
Trading Standards Scotland, Scam Share Newsletter
Other scams to be aware of are identified in the latest Trading Standards Scotland Scam Share newsletter. You can sign up for the newsletter here.
Check out their #ScamShare Spotlight PDFs focusing on frequently reported email, phone, text and cyber scams in Scotland.
Neighbourhood Watch Scotland
Sign up for the Neighbourhood Watch Alert system to receive timely alerts about local crime prevention and safety issues from partners such as Police Scotland.
Training and Webinars/Events
Cyber Workforce Webinar
Showcase member ISC2 and the UK Cyber Security Council invite you to a conversation between ISC2 CEO Clar Rosso and the Council’s Chair of the Board Dr Claudia Natanson MBE.
Both leaders will be discussing the recent Cyber Workforce Study from ISC2 where a record 14,865 cybersecurity professionals share their unique perspectives on the state of the workforce. The study offers insight into in-demand skills, evolving career pathways, the impact of AI and more.
Date: 23 January – 12:00-13:00
Find out more and register here
Public and Third Sector Roadshows – Fife and Stirling
The Cyber and Fraud Centre is hitting the road and will deliver a series of events for Public and Third sector organisations across the country. These events will focus on discussing some key cyber security topics you and your organisation or charity should be considering for 2024.
Everything discussed will tie in with additional resources available and help you fully utilise these within your own organisation or charity. We will have guest speakers at each event, but the overall topics will be the same across the board. Each event will be in person giving everyone an excellent chance to network with others working within the Public and Third Sectors interested in cyber security.
Venue and Date: Dunfermline – 23 January – 09:00-12:30
Venue and Date: Stirling – 24 January – 10:00
FutureScot Cyber Security 2024
Futurescot’s annual Cyber Security conference is Scotland’s exclusive platform for public sector professionals, this event stands unparalleled in its commitment to fortifying the nation’s critical digital infrastructure.
The conference offers a rare opportunity to dive deep into cutting-edge cyber protection strategies, learning directly from the masters of the field. Participate in thought-provoking leadership sessions, masterclasses, and discussions that blend global thought leadership with practical, industry-leading best practices.
Date and time: 27 February, 08:30 – 16:30
Venue: University of Strathclyde, Technology and Innovation Centre Glasgow
Find out more information here
Cyber security success on a budget: cost-smart strategies for SMEs & Non-Profits in 2024
This webinar from the Cyber and Fraud Centre will equip you to conquer your organisation’s unique cyber security challenges in 2024 and beyond. You’ll gain practical, budget-friendly strategies, valuable resources, and the confidence to safeguard your organisation from cyber threats. Leave feeling empowered to build a stronger security posture without straining your resources.
Date: 1 February – 10:00a.m – 11.00a.m
Find out more about it here
CyberScotland Week events
Make sure to check out the official CyberScotland Week page for regularly updated cyber-related events coming up soon.