How SMBv1 Leaves Your Organization’s Server Open to Cyberattacks

How SMBv1 Leaves Your Organization’s Server Open to Cyberattacks

Information Security, Servers
How SMBv1 Leaves Your Organization’s Server Open to Cyberattacks Servers are the core of every organization’s I.T. operations. Many organizations, however, leave this core component open to cyberattacks through SMBv1. What Is SMBv1? SMBv1, which stands for Server Message Block version 1, was created by Barry Feigenbaum in the early 80s as a file sharing protocol for DOS. In the 90s, Microsoft started using SMBv1 in its operating systems as a protocol for sharing access to files, printers and other resources on a network. SMBv2, which stands for Server Message Block version 2, was introduced in Windows Vista and Windows Server 2008. SMBv3 was introduced in Windows 8 and Windows Server 2012. In 2014, Microsoft publicly regarded SMBv1 as obsolete and best avoided. SMBv1 isn’t installed by default in the…
Read More
How to Stop the Costliest & Destructive Malware Emotet

How to Stop the Costliest & Destructive Malware Emotet

Information Security
How to Stop the Costliest & Destructive Malware Emotet In the history of malicious software (malware) development, the malware called “Emotet” has emerged to be among the most costly and destructive. According to the United States Computer Emergency Readiness Team (US-CERT), Emotet costs the U.S. state, local, tribal, and territorial (SLTT) governments up to $1 million per incident to clean up. Emotet victims are, however, not limited to the U.S. territory alone as this malware targets everyone regardless of location and affecting both in the private and public sectors. What is Emotet? How It Works? Emotet is a malware that was first detected by Trend Microin June 2014. Emotet first appeared as a banking trojan – a malware that’s designed to steal critical information stored or processed through online banking…
Read More
When Cyberattacks Force Organizations to Use Paper

When Cyberattacks Force Organizations to Use Paper

Information Security, Security
When Cyberattacks Force Organizations to Use Paper Computers revolutionized the way we do business, to the point that reliance on computers is almost total for many organizations. This almost total reliance on computers, however, makes many organizations vulnerable to cyberattacks, such as ransomware attacks. The recent ransomware attack on the City Hall of Del Rio, Texashighlights the downside of the digital age. The City Hall of Del Rio succumbed to a ransomware attack resulting in the “transactions at City Hall … being done manually with paper”, the City of Del Rio said in a statement. The City of Del Rio said that its City Hall was attacked by a ransomware last January 10, which prompted the city’s IT department in disabling the city’s servers, the shutting off of the internet…
Read More
Canadian University Shuts Down IT Network After Cryptojacking Attack

Canadian University Shuts Down IT Network After Cryptojacking Attack

Information Security
Canadian University Shuts Down IT Network After Cryptojacking Attack St. Francis Xavier University, one of Canada’s oldest universities, was forced to temporarily disable all its network systems in response to a cryptojacking attack. The university, in a statement, said that a malicious software (malware) infected its network which then attempted to utilize the university’s collective computing power in order to mine the cryptocurrency Bitcoin. The university added that it's bringing its IT systems back online in a staggering process to minimize potential risk. This cyber incident at St. Francis Xavier Universityhighlights the dangers of a cryptojacking attack. What Is Cryptojacking? Cryptojacking happens when a cyberattacker uses without consent the computing power of another for the purpose of mining a cryptocurrency such as Bitcoin. Mining a cryptocurrency like Bitcoin is similar…
Read More
1 in 5 Canadian Businesses Hit by Cyberattack in 2017, StatCan Survey Shows

1 in 5 Canadian Businesses Hit by Cyberattack in 2017, StatCan Survey Shows

Information Security
1 in 5 Canadian Businesses Hit by Cyberattack in 2017, StatCan Survey Shows A survey conducted by Statistics Canada (StatCan), Canada’s national statistical office, showed that 1 in 5 Canadian businesses were hit by a cyberattack last year.  From January 2018 to April 2018, StatCanconducted the first of its kind survey that aimed to provide a snapshot of the cybersecurity challenges encountered by Canadian businesses – those with 10 or more employees. StatCan’s survey results showed that over one-fifth or 21% of Canadian businesses reported that they were hit by a cyberattack last year which affected their operations. The survey showed that large businesses (41%) were more than twice as likely as small businesses (19%) to identify an impactful cyberattack. Direct Costs of Cyberattacks Listed below are the direct costs of cyberattacks…
Read More
Countdown to Nov. 1, 2018: Enforcement Date of Canada’s Mandatory Data Breach Reporting Law

Countdown to Nov. 1, 2018: Enforcement Date of Canada’s Mandatory Data Breach Reporting Law

Information Security
Countdown to Nov. 1, 2018: Enforcement Date of Canada’s Mandatory Data Breach Reporting Law November 1, 2018 marks the enforcement date of the Canadian law that requires organizations in the private sector to report data breaches. The Canadian Governmentofficially set November 1, 2018 as the enforcement date of the mandatory data breach reporting obligation of organizations in the private sector in line with the Digital Privacy Act, a law that amended the Personal Information Protection and Electronic Documents Act (PIPEDA). PIPEDA is a Canadian privacy law for private sector organizations which came into force in January 2001. This law sets out rules that organizations in the private sector must follow whenever they collect, use or disclose personal information in the course of their commercial activities. Canada’s Digital Privacy Act, which…
Read More
Canadian Towns Hit by Ransomware Cyberattacks; Lessons Learned from These Attacks

Canadian Towns Hit by Ransomware Cyberattacks; Lessons Learned from These Attacks

Information Security
Canadian Towns Hit by Ransomware Cyberattacks; Lessons Learned from These Attacks The Canadian town of Midland in Ontario recently acknowledged it has paid ransom after experiencing a crippling ransomware cyberattack. In a statement, Midland Townsaid that it has “initiated the process to pay the ransom in exchange for the decryption keys.” The town added, “Although not ideal, it is in our best interest to bring the system back online as quickly as possible." What Is Ransomware A ransomware is a type of a malicious software (malware) that encrypts files, making them inaccessible to users, and demands from victims ransom in exchange for the decryption keys that unlock the encrypted files. Ransomware attackers typically ask their victims to pay ransom in the form of cryptocurrency like Bitcoin and convert it to…
Read More
Company-Wide Policy Needed to Mitigate Business E-Mail Compromise

Company-Wide Policy Needed to Mitigate Business E-Mail Compromise

Email, Information Security, Security
Company-Wide Policy Needed to Mitigate Business E-Mail Compromise An analysis of 3,000 Business E-Mail Compromise (BEC) scam campaigns showed that a company-wide policy is needed to mitigate this threat. What Is Business E-Mail Compromise (BEC) Business E-Mail Compromise (BEC), also known as CEO fraud, refers to a sophisticated scheme that tricks an organization into paying a sum of money to a scammer. BEC Threat Scenario After analyzing 3,000 BEC scam campaigns, Barracuda Networksfound that the term “CEO fraud” in referring to this type of cybercrime has justification as 43% of the impersonated email senders were the CEO or founder. The Barracuda Networks study, however, found that the majority or 57% of the impersonated email senders weren’t the CEO or founder. Out of the 57% impersonated email senders, 4.5% were C-level…
Read More
Critical Flaw in Apache Struts Exposes Businesses to Cyberattack

Critical Flaw in Apache Struts Exposes Businesses to Cyberattack

Information Security
Critical Flaw in Apache Struts Exposes Businesses to Cyberattack A critical flaw in Apache Struts, an open source tool used by many businesses in creating web applications, has recently been uncovered by a cybersecurity researcher at Semmle. What Is Apache Struts? Apache Struts is a popular open source tool for creating web applications. According to Apache Software Foundation, the non-profit organization that oversees Apache Struts projects, most organizations – including the Fortune 100 companies – are using Apache Struts for their enterprise web applications. Latest Security Vulnerability in Apache Struts The latest security vulnerability uncovered by Semmle researcher Man Yue Mo in Apache Struts can provide an attacker an entry point in corporate networks. “This vulnerability affects commonly-used endpoints of Struts, which are likely to be exposed, opening up an…
Read More
Fax-Based Cyberattack Puts Organization’s Networks at Risk

Fax-Based Cyberattack Puts Organization’s Networks at Risk

Information Security, Security
Fax-Based Cyberattack Puts Organization’s Networks at Risk Standalone fax machine, fax-to-mail service and all-in-one printer fax machine are cybersecurity threats to your organization’s internal network, this according to the recent disclosure made by security researchers at Check Point. Millions of fax machines are still being used in offices worldwide. Healthcare organizations, law firms, banking and finance companies, in particular, still rely on fax machines in sending and receiving sensitive documents. Some organizations use fax machines in sending and receiving critical documents in compliance with government regulations, while others use it for legacy reasons.According to Check Point researchers, they’ve discovered a security vulnerability in modern-day fax machines, including fax-to-mail services and all-in-one printer fax machines, which allows cyber attackers to hack these once considered secured machines through a process called “remote…
Read More