CyberScotland Bulletin

Ransomware is a key cyber threat

NCSC’s CEO Lindy Cameron has warned that ransomware is a key threat facing the UK and is encouraging the public and organisations to take it seriously.

Lindy Cameron delivered a speech at the RUSI (Royal United Services Institute) Annual Security Lecture highlighting the growing threat of ransomware attacks and what NCSC are doing to help protect the UK through their forthcoming cyber strategy. She noted that cyber security is all about “preparing, planning and exercising, all the way up to Board level management, working in the assumption that a cyber criminal will be interested in your weaknesses as a burglar is in your open window”. Lindy also emphasised the importance of reporting cyber crime in order to help others. Reporting will help raise awareness of current cyber threats for others to take steps to mitigate any potential threats. You can read the speech in full on the NCSC website or watch it on video. The Head of Security Services at MI5 is due to give an annual threat update speech on Wednesday and will urge the public to stay alert to hostile state activity.

NCSC’s Cyber Security Toolkit for Boards hub includes resources designed to encourage essential cyber security discussions between senior leaders and their technical experts.

NCSC Threat Report

The NCSC produces weekly threat reports drawn from recent open source reporting. View this week’s report here.

The NCSC’s Suspicious Email Reporting Service

The Suspicious Email Reporting Tool was launched by the NCSC in 2020 to allow members of the public to report suspicious emails. The public have reported over 6 million suspect emails to the NCSC in this time. As of 30^th June 2021, the number of reports received stands at more than 6,500,000, with 97,500 individual URLs linked to 50,500 sites having been removed.

Please forward any suspicious emails to: [email protected]. Suspicious text messages should be forwarded free of charge to 7726.

NHS Digital Passport

There have been reports of fake NHS email and text messages requesting that you can apply for a coronavirus ‘Digital Passport’, allowing you to prove your vaccination status and travel safely without the need for self-isolation. This email takes you to a convincing looking but fake NHS website and asks for your personal and payment details for a small ‘admin fee’.

This phishing email was reported via the NCSC’s Suspicious Email Reporting Service and they were able to take the scam website down after just 27 minutes from the time of reporting to them.

However, these emails will likely reappear so please continue to report any suspicious emails to NCSC by forwarding emails to [email protected]

You can manage your vaccination appointments and receive a confirmation of your vaccination status on the NHS Inform Scotland website. You can request a printed copy of your vaccination status online or by calling the COVID-9 Status Helpline.

• How to get a record of your COVID-19 vaccination status
• You will never be asked to pay to receive a copy of your vaccination status.
• To speak to someone about receiving a document confirming your vaccination status, you can call the COVID-19 Status Helpline on 0808 196 8656

If you have taken a COVID-19 test at some point, you may receive a text inviting you take part in a study into the long term effects of COVID-19. This study is in association with Public Health Scotland, NHS Scotland, Scottish Government and the University of Glasgow. You can read more about this study and how your information will be used on the COVID In Scotland Study website.

Kaseya Cyber Attack

Recent news events have shown the importance of understanding the security within your supply chain as well as highlighting the threat of ransomware. US company Kaseya were a recent victim of a cyber attack. Their software products are used by Managed Service Providers to perform IT tasks remotely. One of their products, the Virtual System Administrator (VSA) software, was affected during this attack. Any service provider using this product may have seen appliances exploited by the hacker and had a damaging impact upon customer networks.

This impacted various organisations across the world. Coop Sweden had to close more than half of its 800 stores after their point-of-sale tills and self service checkouts stopped working. It is understood that Coop doesn’t use Kesaya directly on its systems but that one of their software providers does.

Phishing Emails – Fake Marketing Survey

Phishing emails that are pretending to be well-known brands are becoming harder to spot. These are fake emails or text messages that look like the real thing but are malicious. The criminal will try to convince you to click on links within their message that could lead to a virus being downloaded on to your computer or persuade you to reveal personal, sensitive or financial information.

Fake emails claiming to be from the Sainsbury’s supermarket have been reported. The email asks you to take part in a marketing survey and promises you a free ‘reward’ for taking part. Completing the fake survey will take you through to a website with the Sainsbury’s branding and encourages you to claim your award by entering sensitive information which can be used by the people behind these fake emails.

Similar emails claiming to be from other well-known brands claim you have been chosen to win a gift card or free products. These often have a countdown time limit to claim your prize which is a technique that the criminals will use to try and make you respond quickly with the fear of missing out on a good deal or opportunity.

If you get offered a deal that sounds too good to be true, it probably is. Never click on links in an unexpected email or text message. You can verify requests by visiting the organisation’s website directly or checking your online account. The NCSC have produced guidance on how to spot the most obvious signs of a scam, and what to do if you’ve already responded.

Cyber Security messaging available in alternative formats

Lead Scotland have been working with a range of partners to translate the NCSC’s Cyber Aware messaging into a range of alternative formats. Available in both text and audio formats, the messaging have been translated into 6 languages: Polish, Simplified Chinese, Arabic, Punjabi, Urdu and Romanian. The 6 actions have also been made into text formats: a structured text document (for use with assistive technology), HTML, braille, and large print.

The alternative formats are free to access and share and can be found on the Lead Scotland website. Read the press release on our website.

NSPCC launch new Report Remove tool

The NSPCC and the Internet Watch Foundation (IWF) in partnership with Yoti (an age verification platform) have launched Report Remove – a tool to help young people under 18 remove sexual images of themselves online. Report Remove can support young people to report sexual images or video shared online and takes steps to remove it, if it is illegal.

Trying to remove an image or video online can be extremely difficult and upsetting for children and young people. Report Remove provides a child-centred approach to image removal which can be done entirely online, and NSPCC’s Childline service will ensure that the young person is safeguarded throughout the process. Report Remove tool can be found on the Childline website.

Get Safe Online

Get Safe Online’s campaign this month is focusing on Safe Job Searching. Searching for jobs online carries certain risks which you need to be aware of and take precautions against, in order to stay safe. Get Safe Online have expert advice to stay safe when applying for jobs online and how to avoid common scams.

NCSC, Small Organisations Newsletter – Coffee Break Cyber

SME’s cover a huge range of businesses and make up to 99% of all businesses in the UK. Often SME’s do not have the budget of large organisations to spend on cyber security. This Newsletter aims to break down cyber related issues into bitesize learning which can be read in your coffee break. The NCSC want to provide you and your business with the advice and tools to minimise the risk of a cyber-attack. Each month will cover a different topic and will offer advice and links to further information. This month’s newsletter covers a new online game aimed at 7 to 11 year olds and questions to ask your third party IT provider in relation to Cyber Essentials accreditation.

Sign up for the NCSC newsletter

Trading Standards Scam Share

Other scams to be aware of are identified in this week’s Trading Standards Scotland Scam Share newsletter. You can sign up for the weekly newsletter here.

Check out their #ScamShare Spotlight PDFs focusing on frequently reported email, phone, text and cyber scams in Scotland. Their latest ScamShare Spotlight PDF focuses on prize draw scams. It includes examples of scam messages and social media adverts about prize draws, surveys and competitions as well as tips on how to avoid these scams. The PDF can be printed out for those not online.

Exercise in a Box ‘Supply Chain’, Scottish Business Resilience Centre, July

SBRC are encouraging organisations to sign up for one of their free ‘Exercise in a box’ online sessions.

A FREE, 90-minute non-technical workshop which will help organisations and charities find out how resilient they are to cyber attacks and practise their response in a safe environment. The July scenario is focusing on the impact that an organisation’s supply chain can have in relation to cyber security. Find out more information on SBRC’s website.

Book to join an upcoming session here.

• Exercise in a Box, ‘Working From Home’, MS Teams, 22^nd July
• Exercise in a Box, ‘Supply Chain’, MS Teams, 22^nd July
• Exercise in a Box, ‘Supply Chain’, MS Teams, 27^th July
• Exercise in a Box, ‘Supply Chain’, MS Teams, 29^th July

REvil Kaseya ransomware attack: What you need to know, SASIG Webinar, Friday 16^th July, 2pm

Join SASIG for a threat update that covers everything we know about the REvil hacking group, analysis of the attack, and mitigation and recovery steps.

You will learn exactly how the REvil ransomware gang was able to target Kaseya VSA and execute the supply-chain attack. SASIG members can login to register and non-members can register here.

Each issue, we aim to bring you real-life examples of scams, phishing emails and redacted case studies. If you have had an issue and would like to share your experience and what you have learned with others, please contact us to discuss:  [email protected] We are happy to anonymise case studies.

Case Study – Held to ransom

File on 4 programme covers the story of a group of UK schools that took on a cyber ransomware group. Check out the full story on BCC’s File on 4.

• The NCSC has produced a number of practical resources to help schools and other educational institutes improve their cyber security.
• NCSC’s guidance on mitigating malware and ransomware. This will help you put in place a strategy to defend against ransomware attacks.

The CyberScotland Technical Intelligence Bulletin is designed to provide information about emerging or escalating cyber threats and is created in conjunction with SBRC’s Cyber Incident Response team. You can sign up receive the technical bulletin.

Read the latest bulletin here

• Cyber Security Information Sharing Partnership
• NCSC launches early warning notification service