Weekly CyberTip: Put Your Breach Plan on Paper
Many individuals and businesses understand the importance of having a breach recovery plan. However, it’s also important to make sure you have your plan outlined on paper. If you only have your strategy saved digitally, you run the risk of losing it in the event of a breach when you need it most.
Over 200 Cyberattacks by Russia Against Ukraine, Microsoft Says
Russia has launched a staggering 237 cyberattacks against Ukraine since just before the start of its invasion of the country.
According to a study released last week by Microsoft’s digital security unit, many of the attacks, which involved at least six different Russia-sponsored hacking groups, would coincide with missile or ground attacks.
“We believe it’s important to share this information so that policymakers and the public around the world know what’s occurring, and so others in the security community can continue to identify and defend against this activity,” said Microsoft VP Tom Burt in a post about the findings.
Thirty-two per cent of the total 38 destructive attacks between February 23 and April 8 are estimated to have singled out Ukrainian government organizations at the national, regional and city levels, with over 40% of the attacks aimed at critical infrastructure.
“The attacks have not only degraded the systems of institutions in Ukraine,” added Burt, “but have also sought to disrupt people’s access to reliable information and critical life services on which civilians depend and have attempted to shake confidence in the country’s leadership.”
Canada, U.S. Among 61 Nations Vowing for an Open Internet
Canada, the U.S. and 59 other countries have signed a declaration vowing to work for an “open, free, global, interoperable, reliable and secure” internet.
The Declaration on the Future of the Internet, whose signatories include all European Union member states and 32 non-EU countries, sets out goals like affordability and net neutrality, though it provides few details on how they will be achieved.
The three-page document also takes aim at authoritarian governments that ban services and shut down online access. Notably missing from the group of signatories are nations, such as Russia and China, that are known to restrict their citizens’ full access to the internet.
“We are united by a belief in the potential of digital technologies to promote connectivity, democracy, peace, the rule of law, sustainable development and the enjoyment of human rights and fundamental freedoms,” the document states.
In a statement, Canada’s government said it will talk with nations, non-governmental agencies and others on how to fully realize the principles of the declaration.
“The internet is the backbone of the global economy. It allows us to stay connected with our colleagues, friends and loved ones,” the statement reads. “However, in recent years, the internet has come under threat from bad actors seeking to undermine these benefits and cause harm. That’s why the Government of Canada is committed to supporting an internet that is open, trusted, interoperable and secure for the benefit of all Canadians.”
Deepfakes Set to Be Used Extensively in Organized Crime, Europol Warns
Deepfake technology is set to be used extensively in organized crime over the coming years, according to new research by Europol.
The EU law enforcement agency says deepfakes, which use “deep learning” artificial intelligence to create fake images, is expected to be weaponized in three key areas: disinformation, non-consensual pornography and document fraud.
“In the months and years ahead, it is highly likely that threat actors will make increasing use of deepfake technology to facilitate various criminal acts and conduct disinformation campaigns to influence or distort public opinion,” the research report states. “Advances in machine learning and artificial intelligence will continue enhancing the capabilities of the software used to create deepfakes.”
The report added that “deepfake capabilities are becoming more accessible for the masses through deepfake apps and websites.”
To effectively deal with these kinds of threats, Europol said law enforcement agencies must develop new skills and technologies. These include manual detection, which involves looking for inconsistencies, and automated detection techniques, including deepfake detection software.
Policymakers also need to develop more legislation to set guidelines and enforce compliance around the use of deepfakes, the report added.
Coca Cola Investigates Hackers’ Breach Claims
Coca-Cola has confirmed it’s investigating claims of a cyberattack against the company by a hacker gang.
“We are aware of this matter and are investigating to determine the validity of the claim,” Coca-Cola communications global vice president Scott Leith recently told The Register. “We are coordinating with law enforcement.”
The company’s investigation comes following claims by the Stormous gang that it had successfully breached some of the company’s servers and stole 161GB of data that included emails, and passwords, account and payment ZIP archives, as well as other types of sensitive information.
Cybersecurity Breach Could Impact Home Heating Customers in Newfoundland
Home heating customers in Newfoundland and Labrador could be impacted by a cybersecurity breach.
In a statement last week, home heating company North Atlantic said an “unauthorized third party” accessed an NARL Marketing employee’s email account April 13. NARL Marketing, North Atlantic’s parent company, operates more than 50 gas stations throughout Newfoundland and Labrador and sells home and commercial heating fuels.
“We understand the email account contains personal information such as names and contact information, banking and financial information for some of our customers and business associates,” the statement read.
The breach was contained, according to the statement, and a team of cybersecurity experts have been engaged to investigate and identify what information was accessed and who was affected. The RCMP and federal privacy commissioner have also been made aware of the breach.
In an email to CBC News, a spokesperson for the company said some customers who purchase home heating fuels from North Atlantic could be impacted, however it’s not clear how many. The company’s retail gas network was not affected.
The spokesperson also said approximately 1,300 emails were sent out by the unauthorized party, with more than 300 returning undeliverable, and there was no customer information included in the emails.
“We have notified those customers and business associates that we understand received emails from the unauthorized user,” the company’s statement said.
“As more information becomes available, NARL will directly notify those individuals whose personal information is involved with this incident and advise what possible further steps may be taken to protect against risk of harm.”