Follow ISA Cybersecurity on LinkedIn for the latest cybersecurity news
Weekly CyberTip: Festive Season Cybersecurity
Here are eight quick tips to help strengthen your cybersecurity over the holiday season:
- don’t click on unfamiliar links or attachments in emails – contact the senders directly through an independent source to verify their legitimacy
- watch for obvious grammar/spelling mistakes in emails, a common indicator of phishing attempts, and be extra cautious of emails or messages that don’t address you by name, using vague/generic terms like “Dear Sir/Madam” or “Valued customer”
- verify a website offers a secure and encrypted connection by looking for a padlock icon and “https” in the address bar
- use “long and strong” passwords or phrases, and never use the same password for multiple accounts
- be wary of deals that seem too good to be true, especially from companies you haven’t dealt with before
- avoid public Wi-Fi, especially for financial transactions
- avoid oversharing personal information and travel plans/absences on social media
- be vigilant for parcel delivery and suspended account scams via SMS, phone, or email
Keep the holidays happy and stay cyber safe over the festive season!
Canada and Five Eyes issue spearphishing campaign alert
On December 7, the “Five Eyes” nations of Canada, the U.K., Australia, New Zealand, and the United States issued a joint advisory warning that the Russian-backed threat actor Star Blizzard (formerly known as “SEABORGIUM”) is responsible for a recent string of sophisticated and successful spear-phishing attacks.
“Many sectors have been targeted, including but not limited to academia, defence, governmental organizations, NGOs, think-tanks and politicians. We strongly suggest organizations review the advisory and be vigilant of the techniques described in this advisory, and apply the mitigation measures,” according to the report.
The advisory identifies the actor’s modus operandi, noting Star Blizzard’s use of social engineering tactics to gain trust, employing fake personas, and creating malicious domains and email accounts to appear legitimate. The hackers frequently attempt to use personal email addresses to bypass corporate security controls, and employ a variety of techniques like using EvilGinx to bypass two-factor authentication, phishing with malicious links in emails or attachments, and accessing compromised accounts to steal emails, attachments, and contact lists for further exploitation.
The advisory provides a list of proactive measures to be taken to mitigate the risk of these attacks, including strong passwords, multi-factor authentication, device and network security, vigilance in recognizing suspicious emails, and monitoring mail-forwarding rules.
CCCS releases updated report on cyber threats to the democratic process in Canada
On December 6, the Canadian Centre for Cyber Security (CCCS), part of the Communications Security Establishment (CSE), released an update to its bi-annual documentation regarding threats to Canadian voting and election security. Entitled “Cyber Threats to Canada’s Democratic Process: 2023 Update,” the “assessment addresses global cyber threat activity targeting elections and the implications for Canada’s democratic process and identifies four global trends.”
According to the report, over a quarter of national elections worldwide in 2022 were affected by cyber threats, and that this trend should be a warning that Canada’s next federal election (which will happen no later than October 2025) is more likely than ever to be affected by cyber threats as well. The report points at Russia and China as the main sources of state-sponsored cyber threat activity. Further, it warns that hackers of all nationalities are using more and more sophisticated evasion techniques to avoid detection, expanding their use of artificial intelligence (AI) to in their attacks, and generating online disinformation campaigns using fake text, images, and video content. These various trends and techniques demand heightened vigilance in the time leading up to Canada’s next election.
Through the report, the CCCS and the CSE aim to help maintain the integrity of the democratic process. “The Cyber Centre’s ongoing relationship with Elections Canada includes monitoring services to detect cyber threats, working with them to secure their computer networks, and incident response assistance, if necessary. CSE assesses that it is unlikely that sensitive information held by Elections Canada will be compromised by cyber threat actors and unlikely that cyber activity will disrupt voting infrastructure in a national election,” according to the report.
University of Waterloo issues warning about spike in phishing attempts
On December 8, the University of Waterloo (UW)’s Director, Information Security Services issued a bulletin to the UW community warning of an “increase in phishing attacks to uwaterloo.ca email accounts”. According to the broadcast email sent to students and employees of the school, recipients of the latest phishing emails “are asked to provide various forms of personal information, including but not limited to password, Duo code, date of birth, and social insurance number. Attackers will solicit this information through various means.”
Examples of recent phishing emails included PDF attachments containing malicious links or email addresses, and fake forms or application documents.
“Attackers often use compromised accounts from UWaterloo, and other institutions, to legitimize their attacks. They will also attempt to draw you away from UWaterloo services, making it more difficult for IST to detect and disrupt these attacks,” warned the email.
The email provided practical advice and resources to those who may have been duped by the fraudulent emails or text messages, providing additional resources and best practices available on the UW website.
Report: average ransomware ransom in Canada over $1.1M
Released December 6, a new report from Palo Alto Networks Canada entitled “2023 Ransomware Barometer” found that, “while the volume of ransomware attacks has remained relatively consistent among mid-market companies (100-1,000 employees), the average ransom paid has increased significantly to more than $1.130 million CAD – an increase by almost 150% in two years. Additionally, the average ransom demanded saw a steep rise by 102% to C$906,115 in 2023 up from C$449,868 in 2021.”
The report also highlighted the serious long-term effects of ransomware attacks on Canadian organizations. “More than half (58%) of affected mid-market companies say that it took more than a month to recover, however, one-quarter (24%) said that it took longer than four months, up from 17% in 2021,” according to the report – highlighting the critical importance of incident response and business continuity planning.