InfoSec / Cyber

 A stylized image of a panda wearing a dark suit and tie, standing in a bamboo forest. The background is a mix of digital circuit patterns and glowing lights. At the bottom, a graphic overlay with the text, "IS THERE A 'MURKY PANDA' ON THE TIMETABLE? THE LATEST CYBER THREAT." The logo for "D NEWS" is in the bottom right corner.

The Murky Panda (also known as Silk Typhoon) is a cyber threat that has had significant activity since 2023 and has targeted government, technology, academic, legal and professional services. Currently there are reports of the threats only in North America, however, as the Murky Panda has previously targeted compromises in the cloud, it is assumed that they will easily transition to attacks further afield. The threat group is a China-nexus group motivated by intelligence collection.

AI generated image of a key hole overlayed by a finger print on a cyber background. Data protection education logo on the bottom right of the image

🗝️🛡️ In a world where cyber attacks are becoming increasingly sophisticated, protecting sensitive information and user accounts has never been more critical. Traditional passwords are rapidly being replaced by a more advanced and secure solution: passkeys. This article explores the benefits of passkeys, their role in preventing cyber attacks, and what to do if a system does not yet support them.

Microsoft Copilot AI generated image of computers on a world with hackers by the side

The recent news has been full of the global IT outage that affected many systems over the weekend, including airlines and patient access.  Although the incident was not caused by a cyber attack, it is important to note that it was a cyber incident which affects everyone.

A cyber incident is an event with threatens the confidentiality, integrity or availability of information systems, networks or the information they contain.

Review our previous article:

Cyber incidents can be intentional or accidental and can cause major disruptions.  The recently reported CrowdStrike incident caused significant global disruption.  While there are huge impacts to the affected systems, for which there are now fixes available, there will be an aftermath of 'unrest' where threat actors will use people's vulnerability and concern to send phishing emails.

The NCSC has already reported an increased in phishing activity as opportunistic and malicious actors seek to take advantage of the situation.  The emails could be aimed at organisations or individuals.

The NCSC has released this guidance:

Organisations should review NCSC guidance to make sure that multi-layer phishing mitigations are in place, while individuals should be alert to suspicious emails or messages on this topic and know what to look for.

Their full report can be read here: NCSC Major IT Outage

We've made a short micro learning video for you to share with staff about how they might be affected by cyber incidents like this one:



View our other free micro learning videos!

Article images created using Microsoft Copilot AI.
Micro Learning video created using Vyond AI.

What to do in the event of a Cyber Attack 

Incidents or attacks where any security breaches may have taken place, or other damage was caused, should be reported to an external body. 

The SLT digital lead will be responsible for assigning someone to report any suspicious cyber incidents or attacks. This person will need to report this to: 

  • Report Fraud on 0300 123 2040, or the Report Fraud website 
  • the DfE sector cyber team at This email address is being protected from spambots. You need JavaScript enabled to view it. 

You may also need to report to: 

You must act in accordance with: 

Police investigations may find out if any compromised data has been published or sold and identify the perpetrator. 

Preserving evidence is as important as recovering from the crime.

Forward suspicious emails to This email address is being protected from spambots. You need JavaScript enabled to view it.. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).

Little Guide to ACTION FRAUD

  1. Free short cyber training for staff
  2. Children's mental health data leaked after a cyber attack
  3. Cyber Incident Review: The Benefits
  4. Cyber attack on a University
  5. Kent Councils Data Breach
  6. Phishing attacks targeting schools - alert from City of London Police
  7. Update on Advisory for Rhysida Ransomware
  8. The Crime in a Cyber Attack and a Data Breach
  9. NCSC Annual Review is published for 2023
  10. Learning from Data Breaches
  11. Windows 11 security ineffective against attacks on old devices
  12. International Counter Ransomware Initiative 2023 Joint Statement
  13. Top Ten Cyber Security Misconfigurations
  14. ICO Reprimand: company suffered a ransomware attack
  15. The UK Online Safety Bill becomes an Act (Law)
  16. The importance of software updates (PaperCut vulnerability and Rhysida ransomware)
  17. Ransomware, extortion and the cyber crime ecosystem
  18. Cyber Resource: The Cyber Resilience Centre Group
  19. Email and Security: ICO recent guidance
  20. What to do in the event of a Cyber Attack
  21. Cyber Crime: AI Generated Phishing Attacks
  22. Cyber Attack: Exam Boards
  23. VICE SOCIETY - Ransomware attacks on schools
  24. Be Cyber Aware: USB Sticks
  25. Cyber Insurance in the Public Sector
  26. Types of Cyber Attacks: DDos Attack (Microsoft DDoS Attack in June)
  27. Cyber Attack: Leytonstone School
  28. Be Cyber Aware: Firewalls
  29. Be Cyber Aware: Cyber attacks and transparency. A no blame culture
  30. Cyber Attack: Dorchester School
  31. Types of Cyber Attacks: Password Attacks
  32. Be Cyber Aware: Why regular software updates are important
  33. Cyber Attack: Wiltshire School
  34. Keeping your IT systems safe and secure
  35. Why we recommend using PIN codes on printers
  36. Types of Cyber Attacks: DDoS Attacks
  37. Types of Cyber Attacks: Phishing
  38. Types of Cyber Attacks: The Insider Threat
  39. Why your data is profitable to cyber criminals
  40. Types of malware and how they are linked to data protection
  41. How a school fought back after a cyberattack
  42. Types of Cyber Attacks - Credential Stuffing
  43. January Cyber update - How Can Schools Help Prevent Cyber Attacks?
  44. The Education sector now at highest risk of cyber attacks
  45. Cyber Attacks
  46. Emails – good practice and minimising the risk of a data breach

Search