CyberScotland Bulletin

May 2024

CATEGORIES
CyberScotland Bulletins

The CyberScotland Bulletin is designed to provide you with information about the latest threats, scams, news and updates covering cyber security and cyber resilience topics. We hope you continue to benefit from this resource and we ask that you circulate this information to your networks, adapting where you see fit. Please ensure you only take information from trusted sources.

If there are any cyber-related terms you do not understand, you can look them up in the NCSC Glossary.

Please subscribe to our CyberScotland mailing list to be notified by email when a new bulletin is published.

Keep up to date on social media, follow us on Twitter and LinkedIn.

National Cyber Security Centre (NCSC)

CYBERUK 2024

CYBERUK 2024, the UK government’s flagship cyber security event, run by the NCSC, took place in Birmingham from 13-15 May. This year’s theme, “Future Tech, Future Threat, Future Ready”, explored the opportunities and challenges presented by emerging technologies in the cyber security landscape.

Highlights from the event, including livestreamed sessions, exclusive interviews with key figures in the industry, and more, are available to view online through the CYBERUK YouTube channel.

NCSC publish guidance for Business E-mail Compromise

Business email compromise (BEC) occurs when a criminal accesses a work email account in order to trick someone into transferring money, or to steal valuable (or sensitive) data.

In order to help small to medium sized organisations deal with business email compromise, the NCSC has produced this new guidance. It provides actions to help businesses reduce the likelihood of being affected by BEC, and includes steps to take if you think your organisation has already been compromised.

Read the full guidance here

NCSC launch new cyber defence service for those at high risk ahead of election

The NCSC is ramping up support for high-risk individuals with their new Personal Internet Protection service which provides an extra layer of security on personal devices.

The new service aims to help prevent political candidates and election officials from falling foul of spear-phishing, malware and other threats during a major election year. Launched at CYBERUK 2024, the service forms part of a wider package of cyber support on offer ahead of the next general election to individuals and organisations that play an important role in our democracy.

Read more about it here

NCSC Threat Report

The NCSC produces threat reports drawn from recent open-source reporting. View the latest report here.  

To ensure you get the most up-to-date information from NCSC, you can sign up for their email service where they are sharing all advisories, threat reports, and urgent communications. Select ‘threat report and advisories’ to receive the most up-to-date content.

Organisations that are proactive in their approach to the management and handling of cyber security should consider joining the Cyber Security Information Sharing Partnership (CiSP).

The NCSC’s Reporting Service

The NCSC is a UK Government organisation that has the power to investigate and take down scam email addresses and websites.

As of January 2023, Suspicious Email Reporting Service (SERS) has received over 17 million reported scams since its launch in 2020, which have resulted in 114,000 scams have been removed across 209,500 URLs.

You can help to play your part in protecting others by reporting suspicious activity online and help make the internet a safer place.

In Scotland, report all scams to Advice Direct Scotland by calling 0808 164 6000 (Mon-Fri 9 am-5 pm) or online at www.consumeradvice.scot. Visit scamwatch.scot to use the Quick Reporting Tool.

If you become a victim of cyber crime you can report this to Police Scotland by calling 101.

Trending Topics

UK Government announce new laws to protect consumers against cyber criminals

New regulations enforcing consumer protections against hacking and cyber-attacks have taken effect in the UK, mandating that internet-connected smart devices meet minimum-security standards by law.

Manufacturers must now ensure that all of their smart devices meet basic cyber security requirements. This new law intends to increase consumer confidence in the security of the products they buy and use.

Read the full story here

Cyber insurance industry unites to clamp down on ransom payments

Three major UK insurance associations and the NCSC have joined forces with the aim of strengthening the sector’s approach to ransom payments in new guidance. 

The new best practice guidance, jointly developed by the insurance industry bodies ABI, BIBA, IUA and the NCSC, aims to thwart cyber criminals’ profits by improving market-wide ransom discipline and reducing the number of ransoms being paid by UK ransomware victims. 

Read the full story here

Learning from the mistakes of others – new cyber report from the ICO

The International Commissioner’s Office (ICO) has published their latest “Learning from the mistakes of others” cyber report, which looks at the common security mistakes made by organisations.

The ICO summarised several case studies from their regulatory activities to illustrate some commonly encountered issues and highlight where lessons might be learnt. The review focuses on some of the main causes of security breaches, summarising what they are, how they take place, measurements that can be taken to mitigate the level of harm from security breaches and possible developments that might impact the outlined categories in the future.

Read the full report here

World Password Day

World Password Day occurs annually on the first Thursday of May. Every year the day offers an opportunity to reflect on our digital security and think about how safe we are keeping our data from cyber threats and unauthorised access.

There are many steps you can take to improve your password security including:

  • Combining three random words. Read this blog from NCSC about why the technique works.
  • Use a different password for all your accounts, making it more difficult for hackers to break into your account.
  • Use password managers which can help create strong passwords and remember them.
  • Turn on 2-step verification on your accounts. This will help provide an extra layer of security that verifies it’s really you logging in.

Read the CyberScotland article for World Password Day here

Scottish council hit by cyberattack deliver first public information session on the incident

Comhairle nan Eilean Siar (Western Isles council) joined Cyber and Fraud Centre – Scotland staff in Stornoway to share insights on a cyberattack the council experienced last November with attending council members and local organisations.

At the meeting council members were provided with a report by the chief executive on the response to the cyberattack, which also provided further reassurance that there was no evidence that any data stored on the council’s servers had been published.

Read the full story here

UK banks facing AI fraud and deepfake threats

According to a new report, deepfakes and AI fraud have been identified as top challenges for banks in the UK. Among the key findings, 76% of banks reported an escalation in the sophistication of fraud cases, reflecting the evolving nature of financial crime.

The new research highlights the multifaceted nature of fraud threats to banks, covering traditional issues like money laundering and account takeover, alongside emerging challenges posed by AI-generated fraud and deepfake technology. 

Read the full article here

Police Scotland’s Cybercrime Harm Prevention Team win at OSPA’s

The Cyber Outstanding Security Performance Awards (OSPAs), based on the International Outstanding Security Performance Awards scheme, recognise and reward initiatives across the cyber security sector. The Cyber OSPAs are designed to be both independent and inclusive, providing an opportunity for outstanding performers to be recognised and their success to be celebrated.

The Police Scotland Cybercrime Harm Prevention Team were represented at the 2024 annual awards ceremony in London on 23rd April where they won their category of Outstanding Police/Law Enforcement Initiative for the recurring programme, Cyber Career Week.

Read the full article here

Newsletters/Campaigns

CyberByte May: Ticket fraud

This month’s CyberByte concerns the importance of being alert to ticket fraud. The ticket scamming industry is so lucrative, it is estimated in 2023 alone, that UK victims lost £6.7 million to ticket fraud.

This new guidance breaks down the different methods with which ticket fraud can be carried out, how to protect yourself, and the resources to help you if you become a victim or want to report suspicious messages that could potentially be fraudulent.

Read the new CyberByte here

Take Five – How ScamSceptible are you?

Take Five has launched a new ‘ScamSceptible’ quiz, as part of Take Five week, so you can find out how ScamSceptible you might be and the steps you can take to protect yourself from fraud.

Scammers can try to take advantage of how you are feeling. Sometimes, you may be more susceptible to their tactics. In the right environment, on the right day, every person is ScamSceptible – and fraudsters know this well.

To find out how ScamSceptible you are today take the quiz here

Open University courses on coding and cyber security

The Open University are offering the opportunity to study fully funded microcredential courses in a variety of subject areas, supported by the Scottish Funding Council Upskilling Fund.

Check out the courses and qualifications page to see the courses on offer, including courses that can help you gain new skills in key areas like coding and cyber security.

Neighbourhood Watch Scotland

Sign up for the Neighbourhood Watch Alert system to receive timely alerts about local crime prevention and safety issues from partners such as Police Scotland.

Trading Standards Scotland, Scam Share Newsletter

Other scams to be aware of are identified in the latest Trading Standards Scotland Scam Share newsletter. You can sign up for the newsletter here.

Check out their #ScamShare Spotlight PDFs focusing on frequently reported email, phone, text and cyber scams in Scotland.

Training and Webinars/Events

Online training, roadshows and webinars from the Cyber and Fraud Centre – Scotland

The Cyber and Fraud Centre – Scotland will be running a diverse range of free online training courses and webinars over the next month.

Online training:

Each online training session will cover a different area of Exercise in a Box. Exercise in a Box is an online tool from the NCSC which helps organisations test and practise their response to a cyber attack.

Roadshows:

Cyber Webinars from the UK Cyber Security Council

The UK Cyber Security Council will be hosting multiple cyber related events in the coming months.

  • Specialisms Webinar: Security Testing – 18 June: Hear from Jules Farrow-Lesnianski, OT Director at Sapphire and OT Cluster Manager for Cyber Wales, and Gareth Pritchard, CTO at Sapphire as they take you through what it looks like to work in the Threat Intelligence specialism and how they got to where they are today.
  • BT Cyber Leaders Webinar – 25 June: an exciting online event where sector experts share their knowledge and insights on all things cyber security careers.
  • Specialisms Webinar: Security Testing – 6 August: Hear from Chartered Cyber Security professional William Wright, as he takes you through what it looks like to work in the Security Testing specialism and how he got there. 

For more events see the UKCSC events page

Scottish OT Cyber Summit

Join Cyber News Global at the Scottish OT Cyber Summit at the Ardoe House Hotel in Aberdeen, on May 30.

Learn to identify your most valuable data assets with discussions of collaboration, development, industry standards, employee awareness, and more.

Find out more information and register for the event here

Youth Work and Cyber Resilience – What Young People Said

Join this webinar with YouthLink Scotland for the opportunity to explore data gathered from the 2023 Digital Youth Work survey and to reflect on the findings. It’s aimed at anyone interested in developing digital youth work and incorporating key safety messages to ensure we are meeting young people’s online needs.

If you are interested in developing your digital youth work and incorporating key safety messages to ensure we are meeting young people’s online needs, then this event is for you.

Find out more information here

Back to top of the page