May 2022

National Cyber Security Centre (NCSC)

Cyber Security Tools for UK Schools

Schools across the UK can now benefit from NCSC’s security tools to help add an additional layer of security to schools’ cyber defences.

The health and education sectors continue to face serious cyber security threats based on the number of reported incidents to the Information Commissioner’s Office (ICO). The NSCS’s Web Check and Mail Check services can help protect schools from cyber attacks. These tools are available for free, quick to set up and thereafter run automatically.

The Web Check service scans websites to check for common, significant vulnerabilities and sends a report to organisations highlighting any issues according to severity alongside advice on how to fix the problems. Mail Check is designed to improve your email security by preventing attackers from sending emails pretending to be from your organisation, and improving your email privacy measures to prevent data from being altered or read in transit.

NCSC has a range of cyber security resources for schools including free cyber security training for staff, downloadable resources and advice. More information about the Active Cyber Defence programme can be found on the NCSC website.

NCSC Threat Report

The NCSC produces weekly threat reports drawn from recent open-source reporting. View this week’s report here. To ensure you get the most up-to-date information from NCSC, you can sign up for their email service where they are sharing all advisories, threat reports, and urgent communications. Select ‘threat report and advisories’ to receive the most up to date content.

The NCSC are not aware of any specific, targeted cyber threats to the UK as a result of the Russian invasion of Ukraine but is encouraging organisations to remain vigilant and follow their advice to improve your security. Microsoft has issued a special report detailing an overview of Russia’s cyber attack activity in Ukraine.

A joint advisory from the NCSC and international partners has detailed the 15 most commonly exploited vulnerabilities in 2021. To mitigate vulnerabilities, organisations should review NCSC guidance on an effective vulnerability management process. The NCSC Early Warning Service informs organisations of threats against their network. NCSC revealed that over the last year, 33 million events were flagged to organisations signed up to their Early Warning service, indicating something potentially malicious or vulnerable was on their system.

The NCSC’s Reporting Service

The NCSC is a UK Government organisation that has the power to investigate and take down scam email addresses and websites. A record number of online scams were removed from the internet last year thanks to the NCSC’s Active Cyber Defence programme. They disclosed that more than 2.7 million scam campaigns were removed from the internet in 2021, nearly four times more than in 2020.

You can help to play your part in protecting others by reporting suspicious activity online and help make the internet a safer place.

In Scotland, report all scams to Advice Direct Scotland by calling 0808 164 6000 (Mon-Fri 9am-5pm) or online at www.consumeradvice.scot. Visit scamwatch.scot to use the Quick Reporting Tool.

If you become a victim of cyber crime you can report this to Police Scotland by calling 101.

Trending Topics

Malicious Apps Risk

A new report from the NCSC has warned of threats posed by malicious apps, which will be used to help the development of policy interventions to improve app stores’ security and privacy controls.

The report reveals that people’s data and money are at risk because of fraudulent apps containing malicious malware created by cyber criminals or poorly developed apps which can be compromised by hackers exploiting weaknesses in software.

It’s vital that apps are built to security and privacy best practice to protect the data and privacy of individuals and organisations. DCMS is launching a call for views from the tech industry on enhanced security and privacy requirements for firms running app stores and developers making apps. Under new proposals, app stores for smartphones, game consoles, TVs and other smart devices could be asked to commit to a new code of practice setting out baseline security and privacy requirements. This would be the first such measure in the world.

The NCSC provides advice on how to make sure your device is secure as possible.

DCMS has published new research on cyber security in enterprise connected devices. For more information visit, https://www.gov.uk/government/publications/cyber-security-in-enterprise-connected-devices

Screen Sharing Scams

The Financial Conduct Authority (FCA) has warned of an increase in screen-sharing scams, which allow fraudsters to embed themselves in victims’ digital devices and access online banking and investment details. In one case, a 59-year-old who was persuaded to download remote desktop software to secure an investment, lost over £48,000 while scammers accessed her banking details, her pension, and applied for loans on her behalf.

Criminals can also advertise investment opportunities on social media to try to lure you in with adverts offering easy money quickly. They want to obtain your money or personal information. We have shared advice in our blog on how to spot a cryptocurrency scam.

The FCA is calling on all investors to be ScamSmart and check the advice on their Scamsmart website, including their Warning List before making any investment decisions. They also have tips for avoiding investment scams. If you think you have fallen for a scam, report it to your bank and Police Scotland by calling 101.

CyberFirst Summer Courses for Students

The NCSC has announced that its free CyberFirst courses are now open for registration to introduce Scottish students aged 14-17 with a passion for computing and tech to the fascinating world of cyber security.

The three courses guiding pupils step by step through their understanding of the cyber security industry are CyberFirst Defenders, CyberFirst Futures and finally CyberFirst Advanced. All courses are free, and the majority are provided in ten, half-day online sessions. The learning programme has been SCQF credit rated by SQA.

Applications are now open for these FREE summer courses for students in S4 to S6. To find out more and to book a place please visit The Smallpeice Trust website for further information.

CyberFirst-Summer-2022-Standard-Social-Image

Scotland’s Census

Filling in the Census is a legal responsibility for every adult in Scotland and must be completed by the end of May. If you haven’t completed the survey yet, visit https://www.census.gov.scot/

Census staff may contact you to complete your questionnaire. If you receive a visit from a member of staff to your home address, they will provide identification. Census will never ask you for money or personal financial information, so if you do receive something asking for these, you can be sure it is a scam. You can read more on how census will contact you on their website, along with advice on how to spot a scam.

Fake Charity Websites

A BBC investigation has found that online scammers have been using hundreds of fake charity websites to trick people wanting to donate to Ukraine. Many of these scams pretend to be real people in Ukraine that need help, and others are setting up bogus websites claiming that they have raised money to be donated.

By making simple online checks before you give, you can ensure your money reaches genuine registered charities. Our blog includes key advice for donating safely online.

Campaigns / Networks

Trading Standards Scotland, Shut out Scammers Campaign

Trading Standards Scotland is working in partnership with Police Scotland and Local Authorities to co-ordinate a ‘Shut out Scammers’ campaign to help combat a rise in doorstep scams linked to the increase in the cost of living. The campaign helps raise awareness of the latest scams so that communities are informed and feel empowered to question cold-callers and turn away anyone who they don’t feel is genuine. Trading Standards Scotland shares advice on how doorstep scams work and what you can do to help protect yourself.

Other scams to be aware of are identified in the latest Trading Standards Scotland Scam Share newsletter. You can sign up for the weekly newsletter here. Check out their #ScamShare Spotlight PDFs focusing on frequently reported email, phone, text and cyber scams in Scotland.

Neighbourhood Watch Scotland

Sign up to the Neighbourhood Watch Alert system to receive timely alerts about local crime prevention and safety issues from partners such as Police Scotland.

Third Sector Cyber Resilience Network

The Scottish Government’s Cyber Resilience Unit has launched a new network for third sector organisations as a way to provide updates on cyber threats, share resources and promote good practice. The network is open to all staff and volunteers from third sector organisations and will hold regular non-technical webinars, focusing on topics to help manage cyber risks. The network will be an opportunity for organisations to share good practice with each other, so will look at what we can do beyond regular webinars to support that.

If you would like to join the network, please email Anthony Morris, the third sector lead in the Cyber Resilience Unit at [email protected].

Third Sector Cyber Resilience Network: Cyber Incident Management Plan Webinar

The next webinar for third sector organisations is planned for June 22nd 10am – 11.30am, on the topic of incident management planning. They will have guest speakers talking about how incident management plans can help organisations prepare for a cyber incident and what to include in those plans. To register, please sign up here.

Training and Webinars / Events

Cyber Aware Scottish Workers Toolkit

The Cyber Aware Workers Toolkit is an online, interactive short course covering fundamental cyber security knowledge and awareness. It’s available for free for all workers in Scotland.

This online course is ideal for workers in Scotland who are keen to develop their skills and want to share this knowledge with their colleagues. The facilitator guide gives tips and guidance on how to run your own staff training session. You can even embed this resource onto your own website or learning environment.

The toolkit was developed by the Scottish Union Learning and Digital Skills Education on behalf of the CyberScotland Partnership. Email Daniel at Digital Skills Education for more information.

Exercise in a Box, Scottish Business Resilience Centre

The NCSC revealed during its annual security conference CyberUK, that their free tool Exercise in a Box has reached 10,000 users around the world. This service helps organisations practice their response to a cyber incident.

Scottish Business Resilience Centre is facilitating workshops taking Scottish organisations through using this tool. They are offering in-person workshops alongside their virtual sessions covering ‘Ransomware’, ‘Digital Supply Chain’, and ‘Micro Exercises’. The upcoming in-person event in Dundee will be held at the new cyberQuarter which is located within the Abertay University on the 22^nd of June, and is a great opportunity for you to test the resilience of your organisation.

For more details and to book on-going Exercise in a Box events, visit: https://www.sbrcentre.co.uk/events

CyberUK 2022

The NCSC’s flagship event, CYBERUK 2022, took place 10-11 May at ICC Wales, Newport. Held over two days, CYBERUK 2022 was attended by more than 1500 delegates, integrating cyber security leaders with technical professionals, and strengthening the cyber security community.

Keynote speeches are available to watch on the CYBERUK YouTube channel.

Technical Annex

Technical Bulletin

The CyberScotland Technical Intelligence Bulletin is designed to provide information about emerging or escalating cyber threats and is created in conjunction with SBRC’s Cyber Incident Response team. You can sign up to receive the technical bulletin.

Read the latest bulletin here

CyberScotland Bulletin