CyberScotland Bulletin

Actions to take when the cyber threat is heightened

NCSC has published a press release urging UK organisations to check out their recently updated cyber security guidance in response to malicious cyber incidents in and around Ukraine.

This guidance encourages organisations to take actionable steps that reduce their risk of falling victim to an attack. While the NCSC is not aware of any current specific threats to UK organisations, it is vital organisations stay ahead of a potential threat and make sure the fundamentals of cyber security are in place to protect their devices, networks and systems.

Business Communications – SMS and telephone best practice

Following a rise in text and call-based scams, the NCSC have released new guidance setting out how businesses can contact their customers using telephone and SMS in a secure way. It covers various aspects of secure customer communications which will make it harder for criminals to exploit the telecoms channels and allow customers to help verify the messages are legitimate.

NCSC Threat Report

The NCSC produces weekly threat reports drawn from recent open source reporting. View this week’s report here.

A new type of ransomware named DeadBolt is targeting QNAP Network Attached Storage (NAS) devices. These systems are used by small businesses so it is worthwhile contacting your IT provider to check if you have been impacted. For information on QNAP NAS DeadBolt Ransomware Alert, you should read: https://www.sbrcentre.co.uk/qnap-nas-deadbolt-ransomware-alert

The NCSC’s Reporting Service

The NCSC is a UK Government organisation that has power to investigate and take down scam email addresses and website. As of January 2022, the NCSC have received over 10 million reported scams which has resulted in 73,000 scams being removed by the service across 135,000 URLs.

You can help to play your part in protecting others by reporting suspicious activity online and help make the internet a safer place.

Scotland’s Census

Scotland’s Census is the official count of every person in the country and collects information about where you stay and the people who stay there. The information you give helps make decisions about how public money will be spent on schools, roads, healthcare and other important services in your local community.

The 2021 census in Scotland was moved to 2022 due to the impact of the COVID-19 pandemic and will open at the end of February 2022. Census will write to every household in Scotland with instructions for taking part and you will be able to complete your questionnaire online (or request a paper copy or phone call.)

It is likely that scams pretending to be the census will increase. These may involve letters, text messages and emails demanding payment of money for a fine or fee, or claims that information you provided had errors which need to be confirmed. The census will never ask you for money or personal financial information such as your bank or card details. Although the census will collect some personal information, you should only provide this in your census questionnaire, either online or on paper.

Romance Fraud

The majority of accounts on dating websites are genuine people looking for romance, but fraudsters have been known to target those looking for love. This is the peak season for online dating with Valentine’s Day just around the corner, but it’s important to remain vigilant to romance fraudsters.

Cyber criminals “meet” people on dating sites, then take the conversation onto private messaging, build up a picture of their victim, then take any opportunity to steal money from them. Criminals who commit romance fraud trawl through profiles and piece together information such as wealth and lifestyle, in order to manipulate their victims.

Our blog on Romance Fraud shares some practical advice for how to keep yourself and your bank account and savings protected whilst meeting people online.

Additionally, the Advice Direct Scotland Romance and Companionship Scams campaign (ROMCOM) will look at the tactics employed by scammers, share tips on how to avoid falling victim and provide links to sources of support in Scotland, such as befriending services and mental health support networks.

Cyber Snack Attack

KP Snacks were the recent victims of a cyber-attack as their systems were compromised by ransomware.

The company has been unable to safely process orders or dispatch goods, causing delays and leading to the cancellation of deliveries. Local shops have been told to expect supply issues as services could be affected over the next couple of months.

NCSC says that ransomware is the biggest cyber threat to the UK today. Since 2019, the NCSC has observed a steady growth in ransomware incident, affecting UK organisations of all sizes.

Ransomware is commonly delivered through phishing scam emails where the attacker will trick you into clicking on a link or share important information like passwords. These emails often look legitimate and can be difficult to spot. We have a shared some tips for spotting the sign of a phishing attack and how you can help report suspicious emails to the National Cyber Security Centre.

The NCSC has ‘a guide to ransomware’, which tells you how to protect and prevent against ransomware and help build your resilience against these types of attacks. You can download and print the NCSC ransomware infographic to help protect your organisations.

CyberScotland Week 2022

With 3 weeks to go until CyberScotland Week 2022, there is still time to get involved.

Returning for its fourth year, the week long- event (28^th February to 6^th March) will include a diverse range of in-person and online events. Free webinars, resources and learning opportunities will take place throughout the week to a wide audience to help people and organisations become more informed about cyber risks and how to become more cyber resilient.

See the full event listing on the CyberScotland Week website and book your ticket.

Keep up to date on social media: Facebook, Twitter, LinkedIn #CSW2022

Trading Standards Scotland

Other scams to be aware of are identified in the latest’s Trading Standards Scotland Scam Share newsletter. You can sign up for the weekly newsletter here. Check out their #ScamShare Spotlight PDFs focusing on frequently reported email, phone, text and cyber scams in Scotland.

Cyber Scotland Week 2022, Learning for a life online, SASIG, 16^th Feb

Join us as we delve into the exciting events taking place virtually and in person across Scotland during Cyber Scotland Week 2022, taking place 28 Feb – 6 March and exploring the theme ‘Learning for life online’.

Hear from ScotlandIs, Scottish Business Resilience Centre and Police Scotland as they discuss the first year of the CyberScotland Partnership and introduce their Cyber Incident Response Pack which is aimed to help businesses plan their response to a cyber incident.

SASIG members can login to register and non-members can register on the website.

Protect Yourself Online with Lead Scotland, 21^st Feb – 4^th March

Worry about scams and hackers? Need a refresh on what to do to protect yourself?

Lead Scotland are excited to host two weeks full of FREE webinars with up-to-date advice on how you can stay safe and secure on the internet. Our friendly and knowledgeable tutors will share their top tips in easy-to-understand language that is accessible to all. Topics include:

• How to Use Passwords
• How to Protect Yourself Against Online Dangers
• How to Recognise Online Scams
• What to do if Something Goes Wrong Online
• Cyber Resilience Basics for Entrepreneurs
• How to Stay Safe on Social Media

Sign up now: https://www.lead.org.uk/webinars/

Practical Cyber Resilience Skills: Tools for Staying Secure Online, Scottish Union Learning, 25^th Feb and 4^th March

Learn how to stay safe online at these short online free workshops. This session is delivered remotely and is available to all workers in Scotland. This is a great way to up your cyber security knowledge and confidence. You don’t need any technical knowledge or experience to take part.

The course will be run over two 2-hour sessions (4 hours in total). You’ll get a certificate to recognise your learning and earn a practical cyber security badge.

Find out more and register here.

Introduction to Cyber Learning and Incident Response, SBRC

In collaboration with the Scottish Government and the Scottish Council for Voluntary Organisations (SCVO), Scottish Business Resilience Centre (SBRC) are running a selection of free cyber security webinars for third sector organisations to better their cyber resilience. The webinars will provide an introduction to cyber security.

• ‘Introduction to Cyber Learning’ webinar will discuss the basics of cyber security and mitigations organisations should put in place. This webinar is an interactive discussion on the introduction to cyber learning curated particularly for third sector organisations.
• ‘Introduction to Incident Response‘ discusses the need to implement a plan in the event of a cyber breach. The trainers will discuss what incident response is, why it’s a necessary implementation to every business, and how businesses can begin implementation.

Organisations will be invited to complete SCVO’s Cyber Check-up survey which will help identify the next steps you need to make you more cyber secure.

Find out more and register online and check out their upcoming Exercise in a Box workshops.

Empowering Women to Lead Cyber Security Scotland

Empowering You invites applications to their programme, Empowering Women to Lead Cyber Security Scotland, from women working in all aspects of cyber, from technical roles to policy, from incident management to information security to talent development and everything in between.

This is a unique leadership programme aiming to build a collaborative and powerful community of emerging women leaders in cyber security roles across all industry sectors. Delivered over 4 months from March to June 2022, the course equips participants with the knowledge and  insights required for successful leadership, embedding and functionalising new learnings as real world behaviours and action.

Applications close soon: EWLCS Scotland | Empowering You (empowering-you.co.uk)

Technical Bulletin

The CyberScotland Technical Intelligence Bulletin is designed to provide information about emerging or escalating cyber threats and is created in conjunction with SBRC’s Cyber Incident Response team. You can sign up receive the technical bulletin.

Read the latest bulletin here

• Cyber Security Information Sharing Partnership
• NCSC launches early warning notification service