JCSC News: A new look, new events and silver linings in the cloud

January 29, 2025 • Estimated Reading Time: 8 minutes

Contents

Dear reader,

Welcome to our first newsletter of 2025, and our first new look newsletter. Christmas already feels a long time ago (the left over Christmas treats are certainly long gone!) and we’re back to business as usual.

Our focus over the last month has been planning for the year ahead, including planning a fuller calendar of events and engagement across the year. (As a newsletter subscriber, we’ll always aim to give you first access to booking events, as you’ll see below.)

But our work is always a mixture of planned and unplanned: we’ve already responded to several incidents in the last few weeks, including an evolution of the targeted cryptocurrency scam we identified last year.

We’ve also been putting our money where our mouth is and focused on getting Cyber Essentials accredited. We’re then moving on to Cyber Essentials Plus.

We’re doing this not just because - frankly - as the Island’s CSIRT, we should; we’re also doing it so that we can use our experience to support organisations who are looking to do Cyber Essentials in the near future.

As we have often said: Cyber Essentials is the minimum standard for cyber security, and it’s relatively easy for most organisations to achieve.

If you are considering Cyber Essentials for your organisation don’t forget that you can find a list of local certification providers on our website, and if you would like some guidance you can book a free 30 minute meeting with our team.

Until next month,

Matt

“Safe in the cloud?” the limits of cloud security

James McLaren, Senior Analyst

This month, I attended the TF-CSIRT Meeting and FIRST Regional Symposium. I was there to give a presentation on how we’re aligning how we respond to cyber incidents with the JESIP interoperability principles used by the Island’s emergency services. Using this shared model will make it easier for JCSC to work with other organisations if Jersey experiences a major incident (think a cyber incident that affects our water or energy supplies.)

And while the talk went well, and it’s good to share our knowledge with the broader CSIRT community, the previous day’s training session on cloud security was particularly interesting.

It seems that many CSIRTs face the same problem we do in Jersey. Users (including some large companies) move their file storage to the cloud under the assumption that the provider is now solely responsible for cloud security. In reality, organisations are still responsible for managing the data they store on the cloud; which devices they allow to connect; how they manage accounts and access; and ensuring authentication.

If those organisations experience a cyber incident, it’s very likely that their expectation will be that their cloud provider is responsible, or that they’ll fix it.

And – as we all know – it’s likely that the first response from the cloud provider will be: “shared responsibility.”

Speaking to other attendees, it’s clear that this misconception is common in jurisdictions of all sizes. It’s certainly one we’ve come across time and time again in Jersey.

If JCSC can help address this misconception through training and advice, we can not only improve organisations’ security, but we can avoid a lot of grief and frustration in the event of an incident.

If you use cloud storage and want to learn more about how you can protect your data, book a FREE cyber advice meeting with one of our team.

Upcoming events

EARLY ACCESS: Lunch and Learn sessions

After the success of the Lunch and Learn sessions we ran during October, we’re running more throughout 2025.

Lunch and Learns are designed to be an entry point for non-specialist audiences, that allow them to leave the session and improve their security the same day. They’re designed for small groups, and tailored to different industries’ needs.

Our first event for Charities and Small Business will take place on Monday 3 February, and is open to the public for booking.

But - as a newsletter subscriber - we want to give you early access to booking for the upcoming sessions. Booking for these sessions won’t open to the public until next week.

  • Wednesday 5 March 13:30 – 14.30: Hospitality and Retail - BOOK HERE

  • Thursday 3 April 13:00 – 14:00: Individuals - BOOK HERE

  • Monday 12 May 12:00 – 13:00: Financial Services - BOOK HERE

  • Tuesday 3 June 10:00 – 11:00: Education - BOOK HERE

In March, we’ll release tickets for the sessions happening later in the year. But, in the meantime, if your organisation could benefit from a bespoke talk or workshop from us, you can contact us via [email protected] to request one.

Securing the Cloud roundtable: Friday 7 February

The Channel Islands Information Security Forum (CIISF) is is holding a lunchtime roundtable to explore and share experiences of managing security in a cloud environment.

Our own Senior Analyst James McLaren will join Will Wilson (Altum Group) and Josh Scott Warren (Prosperity 24/7) to discuss the challenges, tools, and best practice.

Tap the button below to book your free ticket

ICYMI: Cybersecurity in the news

Ransomware campaign launched against Amazon S3 buckets

Threat actor Codefinger has has used compromised security keys to encrypt users’ Amazon S3 buckets and demand a ransom payment. This attack doesn’t rely on any weakness on Amazon’s part, just compromised keys, and causes permanent data loss without the key.

Abusing AWS Native Services: Ransomware Encrypting S3 Buckets with SSE-C

www.halcyon.ai/blog/abusing-aws-native-services-ransomware-encrypting-s3-buckets-with-sse-c

UK Home Office opens consultation on ransomware payments

Currently, UK government departments are banned from making payments, but this consultation looks to expand the ban to all public sector bodies and critical national infrastructure. It would also introduce a payment prevention regime, and introduce mandatory reporting.

While we always advise not making ransomware payments, it isn’t specifically prohibited under the upcoming Cyber Security Law. (Although it be may be banned for specific industries, under other laws.) It’s also still a topic for debate, especially amongst people who have been the target of a ransomware attack. Let us know your thoughts in the poll below.

Should Jersey ban ransomware payments?

Login or Subscribe to participate in polls.

Jobs in Cyber

Are you recruiting a cyber role locally? Tell us at [email protected] and we will share with the community.

Learning and Tools of the month

Each month, we provide a round up of tools that our team have found useful, and which could be useful to cyber security professionals. If you’ve found a helpful tool you’d like to share, please email us and we’ll include it in a future newsletter.

Infostealer identification tool

Infostealers are designed to steal access tokens and allow attackers to bypass passwords, or steal banking or wallet credentials. If you want to remove it from device, it helps to know which one: this tool can help.

Public server-side exploit cheat sheet

Sploitfy is a curated list of public server-side exploits, designed for use in offensive security. (And specifically not for illegal or malicious activities)