Welcome to the penultimate newsletter of 2024! I’m pleased to say that the team are now fully recovered from October, and already planning next year. As well as our day to day work supporting local people, businesses and organisations, there are some major projects we anticipate will come to fruition next year so watch this space! (And if you’ve guessed that one of them might be the Cyber Law, you are correct.)

The other news this month is that JCSC is now officially on Bluesky - you can find us @jcsc.je. We’ll still be posting on our other social media channels (and if you haven’t followed us on LinkedIn, Facebook, Instagram or Twitter, please do!) But we need to be where islanders are, so this moves makes sense for us.

We’ve seen more people in Jersey migrate to Bluesky over the last few weeks and - unsurprisingly - we’ve seen a corresponding uptick in the number of spoof or fake accounts. That includes an account impersonating the Government of Jersey, which was convincing enough that JCSC staff were initially fooled.

We’ve now linked our Bluesky account to our domain to make it clearer that it’s us, and we are encouraging other organisations to do the same, but it’s a good reminder that malicious actors (even those that are more mischievous than malicious) move quickly. When they do, our controls need to change.

With Christmas coming up, please do be careful and watch out for fraud, whether on social media, email, websites, text messages, calls, or QR codes in the post.

Until next month,

Matt

Contents

• WATCH: Generative AI - Malicious Use Cases

• ADVICE: How to avoid scammers this festive season

• JCSC Director wins CSO 30 Award

• Cyber security in the news

  • UK supermarket chains affected by supply chain att …

  • Cyber security incident leads NHS Trust to cancel …

• Jobs in Cyber

• Learning and Tools of the month

WATCH: Generative AI - Malicious Use Cases

Watch James Mason (Recorded Future), explore how generative AI can support malicious actors by automating exploitation and propagation; how it can equally support security operations, including penetration testing and threat intelligence; and how the cyber security community will need to accelerate to keep pace.

You can watch the video -as well as more videos from the Channel Islands Cyber Security Conference - via our youtube channel.

ADVICE: How to avoid scammers this festive season

Black Friday and Christmas shopping are a scammer’s dream. It’s an emotionally-charged time of year where people are focused on lots of different things. They’re more distracted, so they’re more likely to fall for fake adverts or fake profiles. They’re also in a rush, so they’re less likely to notice that a website looks dubious and enter their details anyway.

These factors add up to a profitable time for scammers: last Christmas, people in the UK reported losing more than £11.5 million to online criminals. On average, people lost £695 each. Although figures don’t exist for Jersey over the same period, we know Islanders lose hundreds of thousands of pounds to fraud every year.

This is an area where the overlaps between fraud and cyber security are stark. That’s why we’ve produced advice for members of the public to help them navigate this time of year. You can read it in full online by tapping the button below.

JCSC Director wins CSO 30 Award

Our very own Matt Palmer has been recognised by CSO online as one of the 30 IT leaders in the UK who are making significant contributions to to information risk management and security.

Cyber security in the news

UK supermarket chains affected by supply chain attacks

This week, Morrisons and Sainsburys supermarkets were among the 3,000 customers who were affected by a supply chain ransomware attack. Both supermarkets use Blue Yonder, a supply chain management platform which was targeted by a ransomware attack that lead to widespread disruption.

Supply chain is a key risk area for businesses: in an increasingly-connected world, the cyber security of any business is - in part - reliant on the cyber security measures of its suppliers.

Cyber security incident leads NHS Trust to cancel appointments

Also this week, a cyber security incident has led Wirral University Teaching Hospital to declare a major incident. The hospital - which provides care to more than 400,000 people - has cancelled many outpatient appointments and asked people to attend A&E only in emergencies.

While the nature of the attack isn’t clear, it is the latest of several ransomware attacks affecting NHS trusts. It also demonstrates how much modern healthcare relies on connectivity, and underlines the importance of cyber security in healthcare.

Jobs in Cyber

Are you recruiting a cyber role locally? Tell us at [email protected] and we will share with the community.

Learning and Tools of the month

For cyber security and IT professionals

Each month, we provide a round up of tools that our team have found useful, and which could be useful to cyber security professionals. If you’ve found a helpful tool you’d like to share, please email us and we’ll include it in a future newsletter.

Windows API function cheat sheet

This tool provides a comprehensive reference library of Windows API functions. Find out more.

OSINT Bookmark: A directory of OSINT tools

Useful for domain administrators who need to audit Active Directory passwords to check. for weak, duplicate, default, non-expiring or empty passwords. Find out more.

Verifying Bluesky Accounts

To avoid impersonation and the associated risk of fraud, we would strongly suggest all organisations using this social media platform validate official accounts by changing the handle to your own domain. This can be done in the bluesky app by going to settings > account > handle and clicking ‘I have my own domain’. You then simply add the information provided as a TXT record in your DNS.

Rory Steel from Digital Jersey has posted a helpful video about this on LinkedIn.