CyberScotland Bulletin

September 2022

The CyberScotland Bulletin is designed to provide you with information about the latest threats, scams, news and updates covering cyber security and cyber resilience topics. We hope you continue to benefit from this resource and we ask that you circulate this information to your networks, adapting where you see fit. Please ensure you only take information from trusted sources.

If there are any cyber-related terms you do not understand, you can look them up in the NCSC Glossary.

Please subscribe to our CyberScotland mailing list to be notified by email when a new bulletin is published.

Keep up to date on social media, follow us on Twitter and LinkedIn.

Scottish Cyber Winner 2021
Section National Cyber Security Centre

National Cyber Security Centre

NCSC Threat Report

The NCSC produces threat reports drawn from recent open-source reporting. View the latest report here.  To ensure you get the most up-to-date information from NCSC, you can sign up for their email service where they are sharing all advisories, threat reports, and urgent communications. Select ‘threat report and advisories’ to receive the most up-to-date content.

The NCSC are not aware of any specific, targeted cyber threats to the UK as a result of the Russian invasion of Ukraine but is encouraging organisations to remain vigilant and follow their advice to improve your security.

The NCSC has urged organisations to prepare for an extended period of heightened threat and has published guidance aimed at supporting staff resilience.

Organisations that are proactive in their approach to the management and handling of cyber security should consider joining the Cyber Security Information Sharing Partnership (CiSP).

The NCSC’s Reporting Service

The NCSC is a UK Government organisation that has the power to investigate and take down scam email addresses and websites. As of July 2022, the NCSC has received over 13 million reported scams which have resulted in 91,000 scams being removed across 167,000 URLs.

You can help to play your part in protecting others by reporting suspicious activity online and help make the internet a safer place.

In Scotland, report all scams to Advice Direct Scotland by calling 0808 164 6000 (Mon-Fri 9 am-5 pm) or online at www.consumeradvice.scot. Visit scamwatch.scot to use the Quick Reporting Tool.

If you become a victim of cyber crime you can report this to Police Scotland by calling 101.

Section Trending Topics

Trending Topics

Stay Diligent to Scams

It’s important to stay diligent to potential scams during times of heightened news and national incidents, such as the passing of HM Queen Elizabeth II.

As we have seen with events such as the COVID pandemic, Brexit, and the war in Ukraine, the news headlines can create opportunities for criminals to take advantage of that topic’s high profile. Cyber criminals can use these news events to create tailored phishing attempts or possibly share false or misleading information. This does not mean the phishing attacks need to be related directly to the news in question, but rather criminals abuse the fact that people are likely to be distracted and this interest or potential mixed messaging can make us vulnerable to scams.

Criminals have been seen attempting to exploit people that may be looking for ways to save money, due to the rising cost of living. They adjust their scams to trick their victims into sending them personal information and or money, by offering ‘too good to be true’ offers such as a discount on their energy bill.

Please be extra vigilant during this time to potential scams. Check out our blog for top tips for spotting the tell-tale signs of a phishing attack. Organisations should stay ahead of a potential threat and make sure the fundamentals of cyber security are in place to protect their devices, networks and systems. Be mindful that cyber criminals may try to take advantage when staff are out of office, for example during holiday periods or  long weekends.

UK Gov – scam email energy crisis
Example scam text message
Section

Free Guide: An Introduction to Cyber Security for Staff

Ethical hackers at the Scottish Business Resilience Centre have developed a new staff cyber guide titled ‘An Introduction to Cyber Security’.

This guide will provide non-technical employees with an overview of cyber security’s best practices and how to spot common cyber threats. It also provides instructions on developing secure passwords and protecting accounts. This helpful guide can also be added to staff induction packs for new employees, not only to help organisations comply with ICO’s requirements but to also make people more aware of what cyber threats exist.

To download the guide, visit: https://www.cyberscotland.com/free-guide-an-introduction-to-cyber-security-for-staff/

An introduction to cyber security guide
Section

Keeping Students Secure Online

Students across Scotland will be returning to universities and colleges, with technology playing a key role in their learning. Students need to be aware of potential cyber risks and put in place some basic cyber security steps to help protect themselves and their data online.

Check out our Cyber Security Advice for Students blog for helpful tips to stay secure online. Police Scotland has put together an Online Student Safety Guide, which covers seven common frauds students are experiencing today and provides information and advice to help identify these potential frauds and prevent the loss of their data.

Get Safe Online has produced this leaflet aimed at parents that includes online safety tips to help advise your child before they go to university or college.

CyberScotland_Students_post-10
Section Newsletters / Campaigns

Newsletters / Campaigns

Cost of Living – Scams Awareness Campaign, Trading Standards Scotland

In conjunction with a number of partners, Trading Standards Scotland (TSS) has launched a month-long campaign aimed at raising awareness of potential scams linked to the ongoing cost of living crisis. As prices and bills continue to rise, many consumers will have financial worries heading into autumn and winter. Scammers may attempt to exploit these anxieties and target people online and via cold calls, emails and text messages in an attempt to obtain their personal details and bank account information.

Each week of the campaign will focus on a different issue which is likely to affect Scottish consumers – case studies will be highlighted and information-sharing webinars will be held to help people recognise and avoid scams in these areas.

In each week of the campaign, the work of the Scottish Illegal Money Lending Unit will also be highlighted. As a mark of respect following the passing of Her Majesty, The Queen, the campaign will be paused until Tuesday 20 September.

 

Trading Standards Scotland speaks to Advice Direct Scotland, The Chartered Trading Standards Institute and Neighbourhood Watch Scotland about how to recognise and avoid impersonation scams.

If you are interested in signing up for any of the webinars, please contact Laura Jamieson at laura@cosla.gov.uk for more information.

Other scams to be aware of are identified in the latest Trading Standards Scotland Scam Share newsletter. You can sign up for the weekly newsletter here. Check out their #ScamShare Spotlight PDFs focusing on frequently reported email, phone, text and cyber scams in Scotland.

Section

Neighbourhood Watch Scotland

Sign up for the Neighbourhood Watch Alert system to receive timely alerts about local crime prevention and safety issues from partners such as Police Scotland.

Section Training / Events

Training / Events

Fun and interactive cyber security training, Scottish Union Learning, 14 and 21 September

Public sector workers: Do you want to improve your cyber security habits and learn how to use security apps? Here’s how to do it without boring presentations or complicated technical instructions.

Up your knowledge and confidence on this micro course run over two 2-hour sessions. You’ll earn a certificate and (real!) badge on completion. You don’t need any technical knowledge or experience to take part.

Feedback from other public sector workers say that this course is “friendly and non-patronising” “entertaining and informative” “first class” “very clear and not full of tech language” “thoroughly enjoyable” “clear and non-judgmental” “just what I needed but was too afraid to ask”

Join us and register your place now

Practical workshop image 768×430
Section

Exercise in a Box Workshops, Scottish Business Resilience Centre, 15th September 9.30am

Scottish Business Resilience Centre is facilitating workshops taking Scottish public and third sector organisations through using NCSC’s Exercise in Box security tool. They are offering in-person workshops alongside their virtual sessions covering ‘Ransomware’, ‘Digital Supply Chain’, and ‘Micro Exercises’. This is a great opportunity for you to test the resilience of your organisation.

  • Exercise in a Box, ‘Ransomware’ MS Teams, 15th September 9.30 am
  • Exercise in Box ‘Digital Supply Chain’ via MS Teams, 22nd September 9.30 am
  • Exercise in Box ‘Micro Exercises’ via MS Teams, 29th September 9.30 am
  • Exercise in a Box ‘Ransomware’ MS Teams 4th October 9.30am
  • Exercise in a Box ‘Micro Exercises’ MS Teams 25th October 9.30am

If you work in health, social care, housing, charitable or public sector organisation in Scotland looking to strengthen your cyber defences, sign up below.

Find out more details and book ongoing Exercise in a Box events

excersie in a box
Section

CyberScotland Summit, 27th October

The CyberScotland Partnership is hosting an industry conference in Edinburgh next month, bringing an opportunity to network, engage and listen to industry-leading professionals from the cyber field.

Audiences will hear from top cyber industry speakers, all focusing on measures to ensure that organisations are alerted to potential threats, able to identify and understand the most common types of cyber attacks and learn how to avoid becoming a victim.

Speakers include Lindy Cameron, CEO of the National Cyber Security Centre and Justice Secretary Keith Brown. Viljar Lubi, Estonian Ambassador to the UK, will speak about cyber security from an international perspective.

The CyberScotland Summit will take place on October 27th, to coincide with European Cyber Security Month. For more information, or to register for a free ticket, visit: https://www.cyberscotland.com/summit/

CSP Summit Generic Graphic
Section Technical Annex

Technical Annex

The CyberScotland Technical Intelligence Bulletin is designed to provide information about emerging or escalating cyber threats and is created in conjunction with SBRC’s Cyber Incident Response team. You can sign up to receive the technical bulletin.

Read the latest bulletin here

SBRC have launched a new Threat Intelligence webpage where they will share the latest threat alerts from their cyber and businesses resilience teams. Check here for new alert notifications.

Scottish Government
Police Scotland
Cyber and Fraud Centre – Scotland
Back to top of the page