Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Scotland. Show all posts
West Lothian ransomware attack
cyber attack 2025 Cyber Attacks Cyber Breach Edinburgh council Scotland Scottish councils cybersecurity West Lothian ransomware attack

Experts Warn Scottish Councils Still Ill-Prepared for Cyber Attacks Amid Recent Breaches

 

Cybersecurity professionals have raised concerns that local authorities across Scotland remain underprepared for cyber threats and are hampered by outdated IT infrastructure.

In recent days, multiple Scottish organisations have fallen victim to cyber incidents. Among them are Edinburgh and West Lothian Councils. In Edinburgh, an attempted cyber attack targeting the education department disrupted students’ access to crucial revision materials during exam season. The attack involved a targeted "spear-phishing" attempt—an advanced, more personalised form of phishing. Fortunately, staff identified the threat after receiving a suspicious meeting invitation earlier that day.

Earlier that week, a suspected ransomware attack affected schools in West Lothian. Though no sensitive or personal data was compromised, the council had to implement backup plans to keep schools operational.

Cybersecurity experts are now sounding the alarm, warning that many public bodies are neither equipped to prevent such attacks nor adequately prepared to recover from them.

Dr Karen Renaud, a cybersecurity expert and reader in the Department of Computer and Information Sciences at Strathclyde University, said many organisations lack the foresight and systems needed for effective recovery following a breach.

“If you fail to plan, you plan to fail,” she warned. “Many organisations don’t even have a plan to recover after a successful attack. They put most of their eggs into the ‘resistance’ basket. Balancing things out and trusting everyone to play their part does not need to cost that much more.”

Dr Renaud emphasized that resilience needs to be prioritised alongside resistance.

“Resistance is usually achieved by using technical measures and ensuring that staff are well aware of secure actions they should take. Many organisations fail to give the same amount of time and attention to resilience, so when they get breached things fall apart.

There is a simple technique called replication where you ensure that a fully replicated system can take over if one system fails or is breached.

She also criticised the notion that human users are the weakest link in cybersecurity, calling it a flawed perspective.

“If humans are falling for phishing attacks, they either have not been trained effectively to cope with the new AI-generated phishing attacks or the organisation has not implemented measures like two-factor authentication to act as a safety net in case people do get deceived.

On the surface it might look as if humans are the vulnerability - the actual vulnerability is that organisations respond by applying more and more constraints, rules and restrictions on employees.
When you treat humans as the problem, they will become the problem.

Organisations need to start treating their employees as the solution and giving them the knowledge and ability to be the solution.”

Dimitros Pezaros, professor of computer networks at the University of Glasgow, echoed similar concerns, pointing to the risks posed by legacy IT systems, particularly in public sector environments where regular software updates, or patching, may not be straightforward.

He noted that investment in cybersecurity remains insufficient across many public organisations.

“In contrast to other parts of our civil infrastructure, such as roads and bridges, we have traditionally approached software systems as less critical, hence prioritising requirements such as speed of development, deployment and reduced cost - at the expense of cybersecurity,” he explained.

“We have been able to get away with it and with retrofitting cybersecurity to existing systems, mainly due to the lack or slowness of pervasiveness of software systems. However, in this modern day and age where software and digitalisation are pervasive and are used to drive critical systems, the frequency and intensity of cyber attacks are, and will increasingly be, such that lack of native cybersecurity will be extremely costly to retrofit later, while the consequences of cyber attacks can be dramatic.”

Professor Pezaros also pointed out a rising trend in cyber attacks across multiple sectors—including local councils, healthcare, and retail—where attackers aim to extort victims by threatening to release or withhold access to sensitive information.

“As a minimum, organisations should be able to report cyber incidents promptly and honestly, let relevant stakeholders know what has happened and what elements of the system have been compromised and, operationally, be able to react swiftly to detect breaches and minimise damage, for example through employing principles of data and system segregation. Also, be proactive, making sure that any data they store remains encrypted.”

The wave of cyber threats has prompted mounting political pressure on the Scottish Government to take action. Miles Briggs MSP, education spokesperson for the Scottish Conservatives, commented on the urgency of the situation:

“Last week’s cyber attack, which left pupils in Edinburgh unable to access revision materials days before their exams, shows there are still huge vulnerabilities in the way our councils store information.
Organisations are often too quick to blame people for the problems rather than admitting their cybersecurity system isn’t up to scratch.

SNP ministers need to ensure that public bodies and local authorities have robust cybersecurity mechanisms in place to avoid further security breaches.”

Scottish Liberal Democrat leader Alex Cole-Hamilton added that prior incidents have shown the lasting and costly impact of cyber attacks on public services:

“We know from previous cyber attacks on SEPA and NHS Dumfries and Galloway that these attacks can be complex, expensive and the full impact not truly understood for a considerable period of time.
As more of our lives move online, there are also going to be an increasing number of malicious actors out there trying to cause chaos or make a profit.

The Scottish Government must ensure that local authorities, health boards and public bodies have the support they need to toughen up their digital infrastructure and avoid disruption to people’s lives.”
Read more »
Technology
Artificial Intelligence Businesses Deep Fakes Financial Loss Scotland Technology

Why AI-Driven Cybercrime Could Be Your Business's Biggest Risk


 


The way technology keeps shifting its paradigm, the line between genuine interactions and digital deception is becoming increasingly difficult to distinguish. Today’s cybercriminals are leveraging the power of generative artificial intelligence (AI) to create more closely intricate and harder-to-detect threats. This new wave of AI-powered cybercrime represents a humongous challenge for organisations across the globe.

Generative AI, a technology known for producing lifelike text, images, and even voice imitations, is now being used to execute more convincing and elaborate cyberattacks. What used to be simple email scams and basic malware have developed into highly realistic phishing attempts and ransomware campaigns. Deepfake technology, which can fabricate videos and audio clips that appear genuine, is particularly alarming, as it allows attackers to impersonate real individuals with unprecedented accuracy. This capability, coupled with the availability of harmful AI tools on the dark web, has armed cybercriminals with the means to carry out highly effective and destructive attacks.

While AI offers numerous benefits for businesses, including efficiency and productivity, it also expands the scope of potential cyber threats. In regions like Scotland, where companies are increasingly adopting AI-driven tools, the risk of cyberattacks has grown considerably. A report from the World Economic Forum, in collaboration with Accenture, highlights that over half of business leaders believe cybercriminals will outpace defenders within the next two years. The rise in ransomware incidents—up 76% since late 2022— underlines the severity of the threat. One notable incident involved a finance executive in Hong Kong who lost $25 million after being deceived by a deep fake video call that appeared to be from his CFO.

Despite the dangers posed by generative AI, it also provides opportunities to bolster cybersecurity defences. By integrating AI into their security protocols, organisations can improve their ability to detect and respond to threats more swiftly. AI-driven algorithms can be utilised to automatically analyse code, offering insights that help predict and mitigate future cyberattacks. Moreover, incorporating deepfake detection technologies into communication platforms and monitoring systems can help organisations safeguard against these advanced forms of deception.

As companies continue to embrace AI technologies, they must prioritise security alongside innovation. Conducting thorough risk assessments before implementing new technologies is crucial to ensure they do not inadvertently increase vulnerabilities. Additionally, organisations should focus on consolidating their technological resources, opting for trusted tools that offer robust protection. Establishing clear policies and procedures to integrate AI security measures into governance frameworks is essential, especially when considering regulations like the EU AI Act. Regular training for employees on cybersecurity practices is also vital to address potential weaknesses and ensure that security protocols are consistently followed.

The rapid evolution of generative AI is reshaping the course of cybersecurity, requiring defenders to continuously adapt to stay ahead of increasingly sophisticated cybercriminals. For businesses, particularly those in Scotland and beyond, the role of cybersecurity professionals is becoming increasingly critical. These experts must develop new skills and strategies to defend against AI-driven threats. As we move forward in this digital age, the importance of cybersecurity education across all sectors cannot be overstated— it is essential to safeguarding our economic future and maintaining stability in a world where AI is taking the steering wheel.


Read more »
Scotland
cyber attack Cyber Attacks FBI Ransomware Scattered Spider Scotland

Young Hacker Linked to Scattered Spider Group Detained


 

Spanish police, aided by the FBI, have made a major breakthrough in combating cybercrime by arresting a 22-year-old man in Palma de Mallorca. The suspect, Tyler Buchanan from Dundee, Scotland, is believed to be a leading figure in the notorious hacking group Scattered Spider. Authorities apprehended Buchanan on June 15 while he was trying to board a flight to Italy. At the time of his arrest, he reportedly controlled $27 million in bitcoin.

Scattered Spider has been responsible for several major cyberattacks over the past two years. These include a significant attack on MGM Resorts in 2023 and breaches affecting companies like Twilio, LastPass, GitLab, Apple, and Walmart. Buchanan is suspected to have played a crucial role in these incidents. He is listed among the top SIM swappers, which is a technique used to take over phone numbers and access sensitive information.

This arrest follows the detention of another key Scattered Spider member, Michael Noah Urban, earlier this year. Urban was charged with stealing over $800,000 in cryptocurrency from multiple victims between 2022 and 2023. Both Buchanan and Urban are part of a broader group of young hackers, usually between 19 and 22 years old, known as 'the Community' or 'the Com'. This global network of hackers often shares their techniques and boasts about their exploits.

In May 2024, the FBI announced a crackdown on Scattered Spider, which had been targeting insurance companies since April. The arrests of Buchanan and Urban show that these efforts are making an impact. However, experts believe that the group's activities are unlikely to stop completely. Cybersecurity specialist Javvad Malik from KnowBe4 explained that cybercriminal groups are often decentralised, meaning they can quickly replace arrested members and continue their operations.

Malik pointed out that groups like Scattered Spider are resilient due to their decentralised nature. The knowledge and tools they use, such as SIM swapping, are widely shared within the cybercrime community. Online tutorials, forums, and dark web marketplaces ensure that these methods continue to spread, even when key individuals are arrested. This means that the group can persist and even grow despite law enforcement efforts.

Although the recent arrests may temporarily disrupt Scattered Spider's activities, experts predict the group will soon resume its operations with new leaders. The capture of Tyler Buchanan is a victory for law enforcement but also a reminder of the ongoing and evolving threat posed by cybercriminal organisations.


Read more »
Subscribe to: Posts (Atom)