CATEGORIES
CyberScotland BulletinsThe CyberScotland Bulletin is designed to provide you with information about the latest threats, scams, news and updates covering cyber security and cyber resilience topics. We hope you continue to benefit from this resource and we ask that you circulate this information to your networks, adapting where you see fit. Please ensure you only take information from trusted sources.
If there are any cyber-related terms you do not understand, you can look them up in the NCSC Glossary.
Please subscribe to our CyberScotland mailing list to be notified by email when a new bulletin is published.
Keep up to date on social media, follow us on Twitter and LinkedIn.
National Cyber Security Centre (NCSC)
NCSC update machine learning security principles
The NCSC’s ‘Principles for the security of machine learning’ were originally published in August 2022. Since then, a huge amount has happened in the world of artificial intelligence (AI) and machine learning (ML), and so the guidance has been updated.
In recognising that AI and ML can bring huge benefits to society, NCSC want to ensure those benefits are realised safely and securely. Using their principles will help people make the right security decisions when developing systems with AI/ML components.
Read the full story here
New ‘Share and Defend’ capability introduced by NCSC
‘Share and Defend’ is a new capability from the NCSC, designed to enable protection to the UK public and businesses from cyber attacks and cyber-enabled fraud.
The capability is designed to enable others to block access to malicious websites before they can be used to carry out cyber attacks, or to conduct cyber-enabled fraud. This approach aims to reduce the burden of cyber security on citizens.
Find out more information here
The NCSC’s Reporting Service
The NCSC is a UK Government organisation that has the power to investigate and take down scam email addresses and websites.
As of January 2023, Suspicious Email Reporting Service (SERS) has received over 17 million reported scams since its launch in 2020, which have resulted in 114,000 scams have been removed across 209,500 URLs.
You can help to play your part in protecting others by reporting suspicious activity online and help make the internet a safer place.
In Scotland, report all scams to Advice Direct Scotland by calling 0808 164 6000 (Mon-Fri 9 am-5 pm) or online at www.consumeradvice.scot. Visit scamwatch.scot to use the Quick Reporting Tool.
If you become a victim of cyber crime you can report this to Police Scotland by calling 101.
NCSC Threat Report
The NCSC produces threat reports drawn from recent open-source reporting. View the latest report here.
To ensure you get the most up-to-date information from NCSC, you can sign up for their email service where they are sharing all advisories, threat reports, and urgent communications. Select ‘threat report and advisories’ to receive the most up-to-date content.
Organisations that are proactive in their approach to the management and handling of cyber security should consider joining the Cyber Security Information Sharing Partnership (CiSP).
Trending Topics
New Cyber Secure Banking campaign launched by CyberScotland Partnership
With more of us banking online, the security of our personal and financial information has never been more important. This is why the CyberScotland Partnership has launched the new “Cyber Secure Banking” campaign.
As part of the new campaign we have published three new pieces of guidance to help boost the cyber resilience of organisations and individuals with online banking:
- Cyber Secure Banking: Online threats
- Cyber Secure Banking: Best practice for individuals
- Cyber Secure Banking: Best practice for organisations
Read the full story here
Sextortion scams on the rise
Throughout 2022 and 2023, in the UK and internationally, there has been an increase in the reporting of ‘Financially Motivated Sexual Extortion’– often referred to as ‘sextortion’.
Sextortion can refer to a variety of offences committed online. It is most often used to describe online blackmail, where criminals threaten to release sexual/indecent images of you, unless you pay money or carry out their demands.
Read our guidance, provided by the Police Scotland Cybercrime Harm Prevention team, to better understand sextortion and the steps you can take take to prevent becoming a victim here
New report highlights importance of cyber resilience discussion for young people in Scotland
YouthLink Scotland has published new research that underlines the range and seriousness of the issues affecting young people in the digital world and highlights the role of youth work in supporting young people to develop resilient practices.
The project asked four groups of young people from different parts of Scotland from diverse backgrounds to explore their understanding of cyber resilience and to think about youth work’s role in supporting them.
Read the full story here
Read the report here
Scottish Students encouraged to take on major cyber-attack scenario in new challenge
The Cyber 9/12 Strategy Challenge 2024 is an annual cyber policy and strategy competition where students from across the globe compete in developing policy recommendations tackling a fictional cyber catastrophe.
Students will work together to craft actionable policy recommendations in response to a scenario that examines cyber threats to resilience. This competition is only open to students enrolled in colleges and universities based in Scotland.
This year it will be hosted by Abertay University, Dundee in partnership with the Scottish Government, Dewar Cyber Consulting and the Atlantic Council, a foreign policy think tank based in Washington, DC. Registration is now open with the online event taking place on 13 and 14 November 2024.
Find out more information here
WhatsApp verification code scams
New guidance has been published by Which? about a WhatsApp verification scam, breaking down how the scam works and providing advice for keeping your WhatsApp account safe.
To avoid falling victim to the WhatsApp verification scam they recommend you:
- Don’t share your login details or verification code with anybody. Not even your closest family or trusted friends.
- Set up two-step verification to secure your account.
- Report spam messages or block the sender within WhatsApp. Press and hold on the message bubble, select ‘Report’ and then follow the instructions.
- Be wary of WhatsApp messages requesting money, even if they come from your contacts. If you’re not sure, give the friend a quick call to check.
Read the article here
UK Finance highlight financial losses through payment fraud and scams in new report
In their Annual Fraud Report 2024 UK finance has reported that fraud remains a major problem as over £1 billion was stolen by criminals in 2023, with much of this criminal activity taking place online.
The total number of Authorised Push Payment cases were up 12% to 232,429. The main driver behind this is purchase scams, where people are tricked into paying for goods that never materialise. The number of romance scams, where victims are tricked into believing they are in a relationship, also reached its highest highs in terms of losses and cases, which were up by 17 per cent (to £36.5million) and 14 per cent respectively.
Read the full story here
To learn about these threats and more check out our new guidance: Cyber Secure Banking: Online threats
Data breach potentially impacting 560 Million users confirmed by Ticketmaster
Ticketmaster parent company Live Nation has confirmed that internal data was exposed in a cyber-attack identified last month, with threat actors apparently targeting a third-party cloud environment.
ShinyHunters, the group claiming responsibility, says the stolen data includes names, addresses, phone numbers and partial credit card details from Ticketmaster users worldwide.
Read the full story here
Check out our guidance on ticket fraud here
Newsletters/Campaigns
CyberByte June: Holiday Scams
This month’s CyberByte focuses on holiday scams. With the summer holiday season fast approaching and perhaps with the excitement of travelling, keep in mind that cyber criminals will still be looking for that one opportunity to attack you online. It is important to be vigilant, to keep safe online and not to make it easy for criminals.
The new guidance promotes the importance of securing your devices, using secure networks and being vigilant about social media posting while on holiday to ensure cyber resilience during the summer season.
Read the full guidance here
UK Government call for cyber related views
Recently, at CyberUK 2024, the Department for Science, Innovation and Technology (DSIT) made announcements on cyber resilience and cyber skills: included in these announcements were calls for views on two new codes of practice for software security and the cyber security of AI, and a call for views on the future of the CyberFirst scheme.
They are keen to hear your views on these, which you can submit through the links provided below:
Read the full story here
New campaign launched by Victim Support Scotland (VSS) to recruit volunteers across Scotland
Do you enjoy helping others? Giving back to your local community? Can you dedicate some time to making a difference? Well, Victim Support Scotland is looking for volunteers, just like you.
Volunteers get hands-on training and are introduced to a variety of learning and networking opportunities. As well as making a difference to individuals in your local community, you’ll also learn new skills and gain experience working within the Scottish criminal justice sector.
Volunteering with VSS means helping victims and witnesses of crime, including cyber crime, receive much-needed free and tailored support as they navigate difficult and upsetting situations.
Find out if you might be a good fit: www.victimsupport.scot/volunteertoday
Lead Scotland: How to use online banking safely
In connection with our new Cyber Secure Banking campaign, CyberScotland Partner Lead Scotland has launched a new course: “Cyber: How to Use Online Banking Safely.”
Ensuring accessibility and safety for everyone is at the heart of Lead Scotland’s mission. The comprehensive guide, with a focus on enhancing online banking for disabled individuals, covers everything you need to know to navigate online banking with confidence and security.
Find out more information here
Neighbourhood Watch Scotland
Sign up for the Neighbourhood Watch Alert system to receive timely alerts about local crime prevention and safety issues from partners such as Police Scotland.
Trading Standards Scotland, Scam Share Newsletter
Other scams to be aware of are identified in the latest Trading Standards Scotland Scam Share newsletter. You can sign up for the newsletter here.
Check out their #ScamShare Spotlight PDFs focusing on frequently reported email, phone, text and cyber scams in Scotland.
Training and Webinars/Events
Online training, roadshows and webinars from the Cyber and Fraud Centre – Scotland
The Cyber and Fraud Centre – Scotland will be running a free online training course and cyber roadshow over the next month.
Online training:
Each online training session covers a different area of Exercise in a Box. Exercise in a Box is an online tool from the NCSC which helps organisations test and practise their response to a cyber attack.
Roadshows:
Cyber Webinars from the UK Cyber Security Council
The UK Cyber Security Council will be hosting multiple cyber related events in the coming months.
- Specialisms Webinar: Security Testing – 18 June: Hear from Jules Farrow-Lesnianski, OT Director at Sapphire and OT Cluster Manager for Cyber Wales, and Gareth Pritchard, CTO at Sapphire as they take you through what it looks like to work in the Threat Intelligence specialism and how they got to where they are today.
- BT Cyber Leaders Webinar – 25 June: an exciting online event where sector experts share their knowledge and insights on all things cyber security careers.
- Specialisms Webinar: Security Testing – 6 August: Hear from Chartered Cyber Security professional William Wright, as he takes you through what it looks like to work in the Security Testing specialism and how he got there.
For more events see the UKCSC events page
Scot Secure West – Cyber Security Conference
Now in its 10th year, Scotland’s largest annual cyber security summit will host a sister event in Glasgow, Scot-Secure West. The event brings together senior InfoSec personnel, IT leaders, academics, security researchers and law enforcement, providing a unique forum for knowledge exchange, discussion and high-level networking.
The programme is focused on improving awareness and best practices through shared learning: highlighting emerging threats, new research and changing adversarial tactics, and examining practical ways to improve resilience, detection and response.
- Date and time: 11 September 2024 – 08:30 – 4.30pm
- Location: Hilton Hotel, 1 William Street, Glasgow
Find out more information here