CyberScotland Bulletin

New cyber security training package for schools, small businesses and charities.

The NCSC have published free cyber security training for school staff to help improve their defences against online attacks.

The training highlights some of the main threats that schools face and provides guidance and advice to protect against them. It has been designed to be accessible by any staff member and no prior technical knowledge is required. This is available in two formats, a scripted presentation pack and a self-learn video. On completion, staff can download a certificate to indicate they have taken part. The NCSC has produced a number of practical tips and resources aimed at school staff.

This new training package aimed at small organisations and charities demonstrates how to improve your organisation’s resilience and will cover five key areas. Staff will answer questions, identify possible issues and make suggestions to prevent and tackle common cyber security challenges. This e-learning package can be completed directly on the cyber security for small organisations webpage hosted on the NCSC website, or can be integrated into your own organisation’s training platform.

The NCSC want to provide you and your business with advice and tools to minimise the risk of a cyber attack and have produced a monthly Small Organisation Newsletter. This newsletter aims to break down cyber related issues into bite size learning which can be read in your coffee break and covers a new topic each month. You can read this month’s issue here. Sign up to receive this newsletter.

The NCSC’s Suspicious Email Reporting Service turns one year old

The Suspicious Email Reporting Tool was launched by the NCSC in 2020 to allow members of the public to report suspicious emails.

The public have reported over 5 million suspect emails to the NCSC in this time. As of 30^th April 2021, the number of reports received stands at more than 5,800,000, with 84,000 individual URLs linked to 43,000 sites having been removed. The fourth Annual Report on the NCSC Cyber Active Cyber Defence Program (ACD) revealed that the NCSC have taken down more scams in the last year than in any previous three years combined with thanks to services like this and other achievements made by the program. Ongoing support by the public in submitting all suspicious emails will continue to protect society as a whole, as more and more phishing sites are taken down before fraud can take place.

Please continue to forward any suspicious emails to: report@phishing.gov.uk. Suspicious text messages should be forwarded free of charge to 7726.

NCSC Threat Report

The NCSC produces weekly threat reports drawn from recent open source reporting. View this week’s report here.

The NCSC recently issued an alert about a malicious piece of spyware, known as ‘Flubot’, which has been affecting Android phones and devices. Android users are being urged to familiarise themselves with the NCSC guidance and be wary of any suspicious looking text messages.

NHS Check In Scotland App

A new ‘Check In Scotland’ app is available in participating venues to help enable faster contact tracing of COVID-19 cases.

The app allows you to quickly and securely provide your contact details and check in and out of a venue you are visiting. This app works alongside the NHS Scotland’s Test and Protect contact tracing system. This will help the NHS contact trace you if someone from the venue later tests positive for coronavirus. It’s designed to take as few details from you as needed and these are held for 21 days in a secure, encrypted data store before being deleted. The Check In Scotland app is available to download for free via the Apple App Store and the Google Play Store for anyone over the age of 12.

• NHS Test and Protect is Scotland’s approach to preventing the spread of coronavirus in the community. You can find out more about Test and Protect through the Scottish Government.
• If you are contacted by Test and Protect, find out how to confirm that it’s real and not a scam.
• Helpful guide on how to use the Check In Scotland QR code
• Only download apps from official and trusted app stores like the Apple App Store or Google Play Store.
• Read the privacy policy for an app before you download it. You can read the Check In Scotland privacy policy here.

Secure by Design

The UK Government is planning a new law to make smart devices, products like cameras, televisions and household appliances which connect to the internet, meet new security standards and to help ensure products are ‘secure by design’.

New voluntary assurances scheme have been launched to give consumers confidence that their smart products have been made cyber secure, thanks to a government grant. Three successful bidders have piloted separate assurance schemes to explore different aspects of the consumer Internet of Things (IoT) landscape.

• The Internet of Toys Assurance Scheme
• Smart TV Cyber Security Assurance
• IASME IoT Security Assured

The IASME IoT Security scheme certifies internet connected devices against the most important security controls. This initiative is open to start-ups and smaller companies. This is based on a self-assessment and reviewed by an assessor. Devices that are certified to the IoT Security Assured scheme will display a logo to reassure consumers that their device meets these basic security requirements.

Organisations looking to improve their cyber security and protect themselves from the most common cyber attacks should look to achieve Cyber Essentials. This simple and effective scheme is designed to guide organisations through a self-assessment questionnaire that will assess your organisation against five basic security controls. These controls will immediately strengthen your cyber defences against internet based attacks. A new Cyber Essentials Readiness Tool, developed by IASME, was launched at CyberUK earlier this week. This tool asks organisations questions related to the main Cyber Essentials criteria and provides tailored advice in preparation for Cyber Essentials certification.

NCSC has produced guidance on smart devices and using them safely in your home. For more information on the government’s work in this area, please see Secure by Design document collection.

Digital Security by Design (DSbD) has launched up to £6 million two-phase competition for UK businesses and academia to collaborate on digital security by design business-led demonstrators. This funding is from the Industrial Strategy Challenge Fund and is investing in projects to help the UK digital computing infrastructure to become more secure. The deadline for applications is the 26^th May. Apply here.

Cyber, Data and IT Managed Services Directory

ScotlandIS have launched three directories over the last 18 months to enable collaboration between business, academia and the public sector.

The Capability Directories are a user-friendly database that simplifies access to cyber services, IT Managed Services and data services. Businesses across any sector can quickly view Scottish technology businesses that can deliver solutions to a range of related issues, from fraud and transaction security, to regulatory compliance, to active monitoring and defence.

The IT Managed Service directory fills a gap in cyber knowledge and will improve cyber resilience of organisations by showcasing and signposting all of the IT Managed Service providers located in Scotland. It will easily identify those that are both cyber resilient themselves through the Cyber Essentials programme while also showing providers who offer vital security services. You can search for an organisation holding a Cyber Essentials Certificate issued in the last 12 months on the NCSC website.

You can find the directories below

• IT Managed Services
• Cyber Directory
• Data Directory

Lock down restriction easing

With some of the lockdown restrictions now easing, it is likely that this will create opportunities for criminals to trick us in to parting with our money or data. Here are some of the scams to be wary of in the coming months.

Ticket Fraud

With event venues and hospitality opening up in the coming weeks, reservations and tickets are likely to be in high demand. Large sporting events such as the Euro Championships and music festivals could be a potential targets that criminals will look to exploit. They will use third party ticketing websites or secondary ticket platforms to sell these fake or non-existing tickets.

Holiday Scams

Criminals will look to exploit those of us looking to book a holiday getaway. Fake accommodation, caravans and motorhome listing were a target during the holiday season last year. The criminals will create convincing looking scam websites and advertise on social media to trick you into booking accommodation that is non-existent or has been fully booked. Fraudsters may impersonate airlines, travel companies and banks in order to steal personal information and money.

Shut out Scammers Campaign

Trading Standards Scotland and Police Scotland’s joint campaign titled Shut Out Scammer’s launched at the end of April to help raise awareness of the common door step scams that the Scottish public may encounter.

With lockdown easing, there have been reports of rogue traders visiting properties across Scotland offering to do maintenance or gardening work. This campaign has advice on what to look out for, how to recognise legitimate callers and tips to avoid doorstep scams.

• Doorstep Scam fact sheet by Trading Standards Scotland
• Trading Standards Trusted Trader schemes are the “go-to” list of local vetted traders. Schemes are Council backed and supported by Police Scotland and Citizens Advice. All traders who are approved through the following local authority schemes can be searched for through Scotland’s approved trader directorymanaged by SCOTSS.

Trading Standards Scam Share

Other scams to be aware of are identified in this week’s Trading Standards Scotland Scam Share newsletter. You can sign up for the weekly newsletter here.

NCSC, Small Organisations Newsletter – Coffee Break Cyber

SME’s cover a huge range of businesses and make up 99% of all businesses in the UK.

Often SME’s do not have the budget of large organisations to spend on cyber security. This Newsletter aims to break down cyber related issues into bitesize learning which can be read in your coffee break. The NCSC want to provide you and your business with the advice and tools to minimise the risk of a cyber-attack. Each month will cover a different topic and will offer advice and links to further information. This month’s newsletter looks at how to defend your organisation from phishing attacks.

Get Safe Online

Get Safe Online’s campaign this month is focusing on safe holidays, ensuring your holiday or travel bookings are safe.

CYBERUK

CYBERUK is the UK Government’s flagship cyber security event, hosted by NCSC.

This virtual event took place over two days and included live keynotes and panels, as well as some pre-recorded content from the NCSC and sponsors. Video content will be available to watch online for the next three months so you can watch again or catch up on what you might have missed.

SASIG – Building cyber community engagement through the CyberScotland Partnership, 17^th May, 11am

This presentation will outline Scotland’s approach to creating the right conditions for a cyber resilient nation, presented by Scottish Government, SBRC and ScotlandIS. It will showcase some of the projects the partnership supports, including a service to support small businesses and charities who help victims of cyber attacks.

The session will cover:

• The launch of the CyberScotland Partnership
• Cyber Resilience Framework
• CyberScotland Partnership Portal demonstration and bulletins
• CyberScotland Week evaluation
• Overview of Exercise in a Box Project
• SBRC Incident Response insight
• How the CyberScotland Partnership is moving forward

SASIG members can login to register and non-members can register on the website.

NCSC Cyber Security Training for small organisations and charities

NCSC’s new cyber security training aimed at small organisations and charities.

It guides you through all the actions you need to take to reduce the likelihood of you becoming a victim of the most common cyber attacks.

• Start the course here (no log in required)
• Download the package and integrate in to your own training platform. Visit the NCSC website.

Each issue, we aim to bring you real-life examples of scams, phishing emails and redacted case studies. If you have had an issue and would like to share your experience and what you have learned with others, please contact us to discuss:  CyberFeedback@gov.scot We are happy to anonymise case studies.

Case Study – Ransomware

Ransomware continues to be a persistent threat across all sectors. NCSC noted in their 2020 Annual Review that they have handled more than three times as many ransomware incidents than the previous year. Ransomware is a type of malicious software which will stop you from accessing files and data on your computer. Criminals often demand that you pay a ransom in exchange for access to your data.

The BBC News covered a story about a Swiss office supply company Offix, which was attacked by ransomware hackers last year. The hackers were demanding a sum of half a million dollars to release their data, which they didn’t pay. The malicious software had destroyed a lot of their systems and caused major business disruption.

If your device has become infected with ransomware, law enforcement do not encourage, endorse, nor condone the payment of ransom demands.

If you pay the ransom:

• there is no guarantee that you will get access to your data or computer
• your computer will still be infected
• you will be paying criminal groups
• you’re more likely to be targeted in the future

Files encrypted by most ransomware typically have no way of being decrypted by anyone other than the attacker. However, the No More Ransom Project provides a collection of decryption tools and other resources from the main anti-malware vendors, which may help.

Read NCSC advice on removing viruses and malware from your device.

Many cyber incidents are untargeted which means that every organisation regardless of size or sector should take steps to prepare your response and plan your recovery in the event of a cyber incident.

Check out the Incident Response pages on the CyberScotland website.

Advice:

• NCSC’s Small Business Guide: Response & Recovery – how to prepare for a cyber incident, from response though to recovery.
• NCSC’s Mitigating malware and ransomware attacks
• Exercise in a box is an NCSC online tool which helps organisations find out how resilient they are to cyber-attacks and to help them practice their response.
• Ransomware is illegal, if you think you have been a victim of cyber crime then contact Police Scotland by calling 101
• The Scottish Business Resilience Centre’s (SBRC) cyber incident response helpline (01786 437 472) can support organisations that have been a victim of an attack and provide expert guidance to get back to secure operations.
• SBRC’s Ransomware Guide helps to debunk common myths around ransomware

Technical Bulletin

The CyberScotland Technical Intelligence Bulletin is designed to provide information about emerging or escalating cyber threats, and is created in conjunction with SBRC’s Cyber Incident Response. You can sign up receive the technical bulletin directly here.

CISP

CiSP: The Cyber Security Information Sharing Partnership (CiSP) is a joint industry and government initiative set up to allow UK organisations to share cyber threat information in a secure and confidential environment.

It is a secure networking platform that enables its members to receive enriched cyber threat and vulnerability information and exchange information on threats and vulnerabilities as they occur in real time. CiSP is for professionals who have an obligation for cyber security within their organisation. Those individuals must work for a UK registered organisation or UK Government.

NCSC Early Warning Service

The NCSC provides a free service to organisations to inform them of threats against their networks.

The NCSC’s Early Warning service processes a number of UK-focused threat intelligence feeds from trusted public, commercial and closed sources, which includes several privileged feeds not available elsewhere.

By providing details of the assets your organisation owns, Early Warning will deliver feeds of the following types of threat information:

• Incident Notifications – Activity that suggests an active compromise of your system. Example: A host on your network has most likely been infected with a strain of malware.
• Network Abuse Events – Indicators that your assets have been associated with malicious activity. Example: A client on your network is a part of a Botnet.
• Vulnerability Alerts – Indications of vulnerable services running on your assets. Example: You have a vulnerable port open.

Early Warning complements your existing threat intelligence products and should not be used in isolation. For more details and to register visit Early Warning – Overview (ncsc.gov.uk)