CyberScotland Bulletin

Prepare for and protect against ransomware attacks

Ransomware has been a growing cyber security threat, and one which could affect any organisation that does not have appropriate defences. NCSC noted in their 2020 Annual Review that they have handled more than three times as many ransomware incidents than the previous year. In a recent speech at Chatham House’s cyber conference, NCSC CEO warned that ransomware presents ‘the most immediate danger to UK businesses and most other organisations.”

The NCSC ran a Ransomware Sprint across Government during September. The focus was to increase the UK’s resilience against ransomware attacks and drive up adoption of actions to prevent and manage attacks across key sectors. Below are some of the actions they recommend.

Back-ups

One of the key actions the NCSC recommend is performing regular back-up of your systems and data, which will enable quick restoration of business functions. Importantly, having offline versions of your backups is your best defence, as you can wipe any encrypted devices and restore from your offline back up. Read the NCSC’s blog on offline backups for more advice.

Remote Desktop Protocol (RDP)

Remote Desktop Protocol (RDP) account compromises are the source of half of ransomware attacks. The NCSC recommends that you check if you are using RDP and if you don’t need it, then make sure it is turned off. If you have to use RDP, NCSC recommend using Multi-Factor Authentication and secure accounts with unique, strong passwords.

Early Warning Service

You can sign up to the NCSC’s Early Warning Service which is designed to inform your organisation of potential cyber attacks in your network, as soon as possible. The free service automatically filters through trusted threat intelligence sources to offer specialised alerts for organisations so they can investigate malicious activity and take the necessary steps to protect themselves. Organisations will receive different types of alert, covering possible network compromises; notification of how their assets have been associated with undesirable activity or about their networks running vulnerable services that may need updating.

NCSC have actions you can take to help prepare your organisation from potential malware and ransomware attacks.

NCSC Threat Report

The NCSC produces weekly threat reports drawn from recent open source reporting. View this week’s report here.

The report mentions that Live-streaming platform Twitch has confirmed it suffered a large-scale data breach which exposed its source code and other confidential data. NCSC recommend that users ensure that they are not reusing their Twitch password on any other sites, turn on two-factor authentication and be vigilant to any scam emails. Twitch are issuing updates on their website as their investigation continues.

COP 26 – Improving your business’s cyber resilience

Cop 26 Climate Conference will be taking place in Glasgow at the end of October. This event will undoubtedly attract lots of attention and that could include individuals with malicious intent. Cyber criminals take advantage of the opportunities offered online to meet their gains, be it for profit, reputational damage or to cause harm.

All organisations and events, regardless of profile and size, are at risk from commodity attacks. These attacks exploit basic vulnerabilities using readily available hacking tools. Businesses should be aware of the potential threat from cyber criminals.

You can help prepare your business from the most common cyber threats by putting some basics cyber steps in place. Take a read of our blog for some effective actions to keep your organisation safe online.

159 Call Service that helps connect you to your bank

Stop Scams UK and Global Cyber Alliance have launched the UK-wide 159 call service, which is designed to guarantee consumers a safe route to contacting their banks. This pilot scheme, set up by bank and telephone companies, is to help those who believe they have been contacted by a fraudster claiming to be their bank and is requesting money transfers.

Call 159 if:

• Someone contacts you saying they’re from your bank – even if you think it’s your bank
• You receive a call asking you to transfer money or make a payment – even if it seems genuine
• You receive a call about a financial matter and it seems suspicious

Scammers can sometimes still connect to the phone line after you hang up the call. You could then connect back to them thinking you are now speaking with your bank. To prevent this, call from a different phone line or dial a friend or family member number first to be sure the fraudster isn’t still connected.

Currently, banks that cover over 70% of UK current account customers are signed up to the scheme at launch. If your bank is not part of this pilot, you should continue to contact them using the number on the back of your debit or credit card. You can read more about the scheme on the Stop Scam UK website.

Cyber Essentials for Charities

IAMSE, in partnership with Certification Bodies across the UK, have announced that they will be running a discounted Cyber Essentials campaign for registered charities this year between the 8^th and 12^th of November.

By achieving Cyber Essentials, a charity can demonstrate commitment to cyber security and protection of customer data. Charities can get started on their journey by accessing the free Cyber Essentials Readiness Tool, developed on behalf of the National Cyber Security Centre by IASME. This is a free, online tool that will help get you started on the Cyber Essentials journey.

To find a participating certification body and get more information visit, https://www.iasme.co.uk/cyber-essentials/cyber-essentials-for-charities/

Trading Standards Scam Share

Other scams to be aware of are identified in the latest’s Trading Standards Scotland Scam Share newsletter. You can sign up for the weekly newsletter here.

Check out their #ScamShare Spotlight PDFs focusing on frequently reported email, phone, text and cyber scams in Scotland.

NCSC, Small Organisations Newsletter – Coffee Break Cyber

This SME Newsletter aims to break down cyber related issues into bitesize learning which can be read in your coffee break.

The NCSC want to provide you and your business with the advice and tools to minimise the risk of a cyber-attack. Each month will cover a different topic and will offer advice and links to further information. Sign up for the NCSC newsletter

Charity Fraud Awareness, Scottish Charity Regulator (OSCR), Tuesday 19^th October, 2pm

Learn how to protect your organisation from fraud and cybercrime as part of Charity Fraud Awareness Week (18-22 October). This free online event, hosted by the Scottish Charity Regulator (OSCR) in association with the CyberScotland Partnership, will have some great hints and tips on how you can avoid your charity or voluntary sector organisation becoming a victim of fraud.

With guest speaker, Dave Carter, Head of Counter Fraud Management at the British Council.

Book your ticket here

Creating an Incident Response Plan for your business, Scottish Business Resilience Centre (SBRC), Tuesday 26^th October, 10am

When responding to a cyber incident, preparation is key. At this webinar you’ll learn how to use our Cyber Incident Response Pack to plan the steps your business should take if you are involved in a cyber attack or data breach.

The Scottish Business Resilience Centre (SBRC) has released a Cyber Incident Response Pack to help organisations plan their steps. SBRC is a partner in CyberScotland, a group of key organisations who are working together to improve cyber resilience across Scotland.

In this webinar, they will

• introduce the Cyber Incident Response Pack
• learn how these documents will help your organisation plan your response to a cyber incident
• hear why this will benefit your organisation

Hear guest speakers from Police Scotland and legal company CMS on the benefits of good incident management. This webinar is best suited for small organisations and charities who don’t have in house incident response teams or are looking to create an incident response plan.

Book your place here (opens in zoom registration link)

Exercise in a Box, Scottish Business Resilience Centre, November

SBRC are encouraging organisations to sign up for one of their free ‘Exercise in a box’ online sessions.

A FREE, 90-minute non-technical workshop which will help organisations and charities find out how resilient they are to cyber attacks and practise their response in a safe environment. Find out more information on SBRC’s website.

• Exercise in a Box ‘Ransomware Sessions’ – Teams, 4^th November

Practical Cyber Resilience Skills: Tools for Staying Secure Online, 15th November, 5pm – 7pm

Learn how to stay safe online at these short online free workshops. This session is delivered remotely and is available to all workers in Scotland. This is a great way to up your cyber security knowledge and confidence. You don’t need any technical knowledge or experience to take part.

The course will be run over two 2-hour sessions (4 hours in total). You’ll get a certificate to recognise your learning and earn a practical cyber security badge.

Find out more and register here.

Each issue, we aim to bring you real-life examples of scams, phishing emails and redacted case studies. If you have had an issue and would like to share your experience and what you have learned with others, please contact us to discuss:  CyberFeedback@gov.scot We are happy to anonymise case studies.

Telephone Fraud

Police Scotland is urging the public to be extremely cautious about providing personal and financial details following a telephone scam in Fife. An 87-year-old man was contacted by someone claiming to be from his bank which ultimately saw him defrauded out of £30,000 recently. Read the full story here.

Technical Bulletin

The CyberScotland Technical Intelligence Bulletin is designed to provide information about emerging or escalating cyber threats and is created in conjunction with SBRC’s Cyber Incident Response team. You can sign up receive the technical bulletin.

Read the latest bulletin here

• Cyber Security Information Sharing Partnership
• NCSC launches early warning notification service