Canada, Together with Other Countries, Issues Advisory Aimed at Helping Organizations Protect Themselves Online

Canada, Together with Other Countries, Issues Advisory Aimed at Helping Organizations Protect Themselves Online

Information Security
Canada, Together with Other Countries, Issues Advisory Aimed at Helping Organizations Protect Themselves Online Canada joins four other countries, Australia, New Zealand, UK and the US, in issuing a joint technical advisory that details approaches for organizations to stay safe from malicious cyber actors. The advisory called “Technical Approaches to Uncovering and Remediating Malicious Activity” highlights technical approaches to uncovering malicious activity and includes mitigation steps according to best practices. The following are the highlights of the joint advisory: Uncovering Malicious Activity To uncover malicious activity, the advisory recommends to organizations to conduct the following: 1. Indicators of compromise (IOC) Search IOC search refers to the hunt of an artifact – referring to any element of a software – on the network or in an operating system that suggests with…
Read More
Healthcare & Essential Services Involved in COVID-19 Response Targeted by Threat Groups

Healthcare & Essential Services Involved in COVID-19 Response Targeted by Threat Groups

IT Support, Security
Healthcare & Essential Services Involved in COVID-19 Response Targeted by Threat Groups The national cybersecurity agencies in two countries, the UK and the US, recently issued a joint alert warning that threat actors are targeting healthcare and essential services involved in the response to COVID-19. In a joint alert, the United Kingdom’s National Cyber Security Centre (NCSC) and United State’s Cybersecurity and Infrastructure Security Agency (CISA) warned that advanced persistent threat (APT) groups are targeting organizations involved in both national and international COVID-19 responses, including healthcare bodies, pharmaceutical companies, academia, medical research organizations and local governments. APT groups refer to malicious actors, typically nation-state or state-sponsored, whose sole purpose is to gain access to victims’ computer networks and remain there undetected for an extended period. According to NCSC and CISA,…
Read More
Cybersecurity Considerations When Video-Teleconferencing

Cybersecurity Considerations When Video-Teleconferencing

Information Security
Cybersecurity Considerations When Video-Teleconferencing As the COVID-19 crisis fast-forward the work-from-home and study-from-home adoption, many are increasingly using the video-teleconferencing platform. This platform, however, has become the new target by cybercriminals. What Is Video-Teleconferencing? Video-teleconferencing, also known as VTC, is a technology that allows two or more people in different geographic locations to conduct meetings or online classes in real-time by using simultaneous audio and video transmission. Video-teleconferencing is often confused with Voice over Internet Protocol (VoIP). The reason why video-teleconferencing is often confused with VoIP is that video-teleconferencing is often an integral part of a VoIP system. VoIP, which serves as a foundation of unified communications, includes not just video-teleconferencing service, but also voice and instant messaging services. Microsoft’s Skype, Google’s Duo and Zoom are examples of video-teleconferencing software…
Read More
Cybercriminals Were Paid Nearly a Million Dollars After Ransomware Attack on Canadian Insurance Company

Cybercriminals Were Paid Nearly a Million Dollars After Ransomware Attack on Canadian Insurance Company

Information Security
Cybercriminals Were Paid Nearly a Million Dollars After Ransomware Attack on Canadian Insurance Company A recently published decision by the High Court of Business and Property, a division of the High Court of England and Wales, revealed that the attacker or attackers behind the ransomware attack on a Canadian insurance company were paid nearly a million U.S. dollars. The ransomware attack at a Canadian insurance company and the issuing ransom payment, which were hidden from the public, only surfaced after the insurer of the Canadian insurance company, an insurance company based in the UK, filed a case in court to recover the ransom paid to the attackers. Ransomware is a type of malicious software (malware) that encrypts victims’ computers or data, locking out legitimate users from accessing these computers or…
Read More
Canadian Centre for Cyber Security Recommends Disconnecting Vulnerable Citrix Devices from the Internet

Canadian Centre for Cyber Security Recommends Disconnecting Vulnerable Citrix Devices from the Internet

Information Security, IT Support
Canadian Centre for Cyber Security Recommends Disconnecting Vulnerable Citrix Devices from the Internet The Canadian Centre for Cyber Security has issued a security alert, advising Canadian organizations to disconnect their Citrix devices from the internet to prevent cyber-attacks. According to the Canadian Centre for Cyber Security, ongoing exploitation of the security vulnerability in Citrix devices officially designated as CVE-2019-19781 has been observed within Canada. The security vulnerability in Citrix devices allows an attacker to gain direct access to an organization’s local network from the internet. In exploiting this vulnerability, an attacker doesn’t need access to any accounts. As such, exploitation can be performed by any attacker. Citrix, for its part, said that CVE-2019-19781, if exploited, could allow an unauthenticated attacker to perform arbitrary code execution. This vulnerability is rated Critical,…
Read More
300 Employees Lost Jobs Following a Botched Ransomware Recovery Process

300 Employees Lost Jobs Following a Botched Ransomware Recovery Process

Data Backup, Information Security
300 Employees Lost Jobs Following a Botched Ransomware Recovery Process More than 300 employees of The Heritage Company, an Arkansas-based telemarketing company, lost their jobs following a botched ransomware data recovery process. Just a few days before Christmas, Sandra Franecke, Owner and CEO of The Heritage Company, informed the more than 300 employees of the company that in October last year, the company’s servers were “attacked by malicious software that basically ‘held us hostage for ransom’ and we were forced to pay the crooks to get the ‘key’ just to get our systems back up and running”. While not naming the attack as ransomware attack, the attack described by the owner and CEO of The Heritage Company is typical of a ransomware attack – a type of cyber-attack that uses…
Read More
How to Protect Your Organization’s Network from Complex and Evolving Malware

How to Protect Your Organization’s Network from Complex and Evolving Malware

Information Security, News
How to Protect Your Organization’s Network from Complex and Evolving Malware Microsoft recently reported about Dexphot, an evolving malware (malicious software) that exhibits a level of complexity and evolution aimed at evading traditional security protections and flying under the radar of cyber defenders. Microsoft, in its latest blog post “Insights from one year of tracking a polymorphic threat” reported that it first detected Dexphot in October 2018. On June 18, 2019 alone, the report said, computers infected by this malware reached 80,000. According to Microsoft, while Dexphot won’t attract media attention as this malware’s goal is simply to steal the infected computers’ computing power for cryptocurrency mining to raise revenue for the attackers, this malware “exemplifies the level of complexity and rate of evolution of even everyday threats, intent on…
Read More
Compromised VoIP Phones: New Path to Intrusion

Compromised VoIP Phones: New Path to Intrusion

Security, VoIP
Compromised VoIP Phones: New Path to Intrusion Security researchers at Microsoft Threat Intelligence Center disclosed that they discovered an infrastructure of a known cyber adversary that used the popular office IoT Voice over Internet Protocol (VoIP) as a new path to gain initial access to corporate networks. Researchers at Microsoft Threat Intelligence Center (MSTIC)reported that in April this year, the threat group known as “STRONTIUM” compromised 3 popular office IoT devices, VOIP phone, office printer and video decoder, across multiple customer locations to gain initial access to corporate networks. The researchers found that the said IoT devices were either compromised because the latest security update hadn’t been applied or the default manufacturer’s login details hadn’t been changed. Once the threat group gained initial access to the corporate network via these…
Read More
Human Error Drives Cyber Insurance Claims, Data Shows

Human Error Drives Cyber Insurance Claims, Data Shows

Information Security, News
Human Error Drives Cyber Insurance Claims, Data Shows   Insurance company CFC Underwriting, which conducts business in over 80 countries, reported that human error plays a part in the vast majority of cyber insurance claims.   CFC Underwritingreported that in 2018 the company responded to over 1,000 cyber insurance claims comprised of data breaches, theft of funds, ransomware and extortion, malware and more. In Canada alone, CFC Underwriting said that 32% of cyber insurance claims were about ransomware and extortion, 24% about non-malicious data breach, 20% about malicious data breach, 9% about theft of funds, 9% about malware and 6% referring to other cyber incidents.   "Whether a business suffers a data breach, a ransomware attack, or accidentally sends money to a fraudulent bank account, human error plays a part…
Read More
Cybercriminals Target Another Legitimate Tool: MYSQL Servers

Cybercriminals Target Another Legitimate Tool: MYSQL Servers

Information Security, IT Support
Cybercriminals Target Another Legitimate Tool: MYSQL Servers The recent discovery by researchers at Sophos that attackers are scanning the internet to find vulnerable MYSQL servers for the purpose of infecting them with the GandCrab ransomware shows that attackers are increasingly targeting legitimate tools as a means to sneak into organizations’ networks. MySQL server is a database platform that uses tables to store data and indexes to sort data and speed up performance. This database platform supports desktop and web applications and runs on either Linux or Windows operating system. GandCrab ransomware, meanwhile, is a particular type of malicious software (malware) designed to lock out legitimate users from their computer system or data until a ransom is paid. Researchers at Sophossaid that they set-up a mocked up insecure MySQL server for…
Read More