Follow ISA Cybersecurity on LinkedIn for the latest cybersecurity news
Weekly CyberTip: Addressing Emails
Even with good security measures in place, data breaches can occur simply by “over sharing” information via email. When typing an addressee name, the auto-complete feature in your email client may pre-fill an unintended address, or use an individual’s personal email contact instead of their business address if you have both in your address book. Always take an extra moment to verify that you have used the correct email address before sending a message – and always think twice before “replying all” to a message especially if you are including an attachment or potentially sensitive content. That extra second or two could help avoid a serious disclosure.
SentinelOne researchers discover decade-old bug in anti-virus software
In a report released May 5, security researchers at SentinelOne reveal their discovery of two high-severity flaws in Avast and AVG software that went undiscovered for at least 10 years, potentially affecting millions of users.
According to the report, the “vulnerabilities allow attackers to escalate privileges enabling them to disable security products, overwrite system components, corrupt the operating system, or perform malicious operations unimpeded.”
The researchers’ findings were reported to Avast in December 2021; Avast has since silently released security updates to patch the vulnerabilities in the software. While most systems will automatically receive the fixes (available in version 22.1 or later), users applying manual patches or operating isolated or air-gapped devices are encouraged to take steps to apply the patch as soon as possible.
To date, the researchers have not discovered any evidence of exploitation of the vulnerabilities in production systems.
IKEA Canada confirms internal data breach – 95,000 Canadian customers potentially affected
IKEA Canada has sent breach notification emails to customers providing details of an internal data breach and disclosure. As a result of a “generic search” conducted on Ikea’s customer database by an employee between March 1 and March 3, some customers’ personal information was revealed. Upon detecting the unauthorized exposure of the data, officials took action to prevent the data from being used, stored, or shared with third parties. Ikea has confirmed that no financial or banking information was accessed in the incident.
“We have also reviewed our internal processes and reminded our co-workers of their obligation to protect customer information,” according to Kristin Newbigging, Communication Operations Manager at Ikea Canada.
Ikea Canada has submitted a breach report to the Office of the Privacy Commissioner of Canada (OPC).
Costa Rica, Peru the latest governments to be victimized by Conti ransomware
The Conti ransomware gang has announced the release of another batch of data stolen from the Costa Rican government, bringing the total to an estimated 97% of a data trove stolen April 18.
Several branches of the Costa Rican government were victimized in the original attack. In response to the government’s refusal to pay an estimated $10M (all figures USD) ransom, Conti has gradually leaked the data stolen in the incident – including over 850GB from the Finance Ministry alone. The double extortion attack not only exfiltrated a significant amount of data, but also knocked out services and systems responsible for tax collection, social security, and import/export processes through the customs agency.
In a conference call on May 2, Jorge Mora, the Director of Digital Governance at Costa Rica’s Ministry of Science, Technology and Telecommunications reported that the number of cyber attacks hitting his country is at an unprecedented level. In one recent 24-hour period, some four million attacks were recorded on Costa Rica’s public institutions. The attacks featured 2.7 million instances of malware, 800,000 phishing emails, 84,000 crypto-mining attempts, and well over 1 million Conti-style command and control attacks.
While protection systems recently implemented by the government helped detect the attacks, the government was still forced to disconnect and reconfigure Internet services in response to the cyber onslaught.
On April 27, Conti also announced that it had hacked the website of Peru’s National Directorate of Intelligence. Here too, the ransomware gang is threatening to release potentially sensitive data if its ransom demands are not met.
Central and South American governments have been targeted in recent months because, in a number of cases, institutions lack the resources, capabilities, or governance to defend their critical digital infrastructures. At the beginning of 2020, just 12 of the 33 countries in the region had an approved national cybersecurity strategy. For example, in the Peruvian attack, Conti’s message to the National Directorate of Intelligence specifically noted that there was no data encryption on the network.
2021 saw several cyber attacks in South America, among them a December attack on Brazil’s Ministry of Health, a massive breach affecting Argentina’s entire population of 44 million persons in October, and the infiltration of a Chilean customs agency earlier in the year.