Follow ISA Cybersecurity on LinkedIn for the latest cybersecurity news
Weekly CyberTip: You’re never too small for a cyber attack
While most of this week’s CyberNews headlines focus on government agencies and infrastructure, it’s key to remember that businesses of any size can be subject to cyber attack. Consider a recent report from Barracuda Networks that suggests that staff at businesses with fewer than 100 employees can receive 350% more phishing and other social engineering attacks than personnel at larger companies. We all need to be security aware and cyber resilient, whether our customers are a community – or a country.
SLGA issues update regarding December cyber attack
On June 28, the Saskatchewan Liquor and Gaming Authority (SLGA) updated its website notice providing an update on the cybersecurity incident that affected the organization’s computer systems on December 25, 2021.
The revised post removes original language suggesting that SLGA’s investigation and ongoing monitoring had not found evidence that SLGA clients’ personal information had been misused. According to a report by CTV News Regina, the SLGA is now notifying some clients that some potential sensitive personal information collected by the authority over the past five years may have been exposed on the dark web.
The CTV report indicates that the information accessed may include “place and date of birth, driver’s licence, height, weight, eye colour, employment history, criminal record history and financial disclosures.” Current and former employee information, including names, financial information, and social insurance numbers may have also been exposed in the breach.
The threat actors behind the attack are believed to be “RansomHouse”, a crime gang that emerged in December 2021 around the time of the original attack on the SLGA. RansomHouse currently lists six alleged victims on its dark web portal – the first of which is the SLGA – including claims about breaches at ShopRite, Africa’s largest retail chain, and global microchip manufacturer AMD.
Unlike many current hacking enterprises, RansomHouse does not use ransomware in its operations, focusing exclusively on data exfiltration and threat of publication of that data unless the victimized company succumbs to extortion.
There is no indication that the SLGA has paid any ransom. Law enforcement, cybersecurity resources, and the Office of the Privacy Commissioner are reportedly assisting the SLGA with the ongoing investigation.
NATO emphasizes cyber defenses in new strategic concept manifesto
The North Atlantic Treaty Organization (NATO) has issued its latest strategic concept document. NATO issues an updated strategic concept approximately once every ten years, with this year’s document being announced at NATO’s annual meeting, held this year in Madrid, Spain. The strategic concept document placed a higher profile on cyber defenses and cyber threats than ever before. Threats using “conventional, cyber and hybrid means” by the Russian Federation were cited, and the report warned the People’s Republic of China (PRC)’s “malicious hybrid and cyber operations and its confrontational rhetoric and disinformation target Allies and harm Alliance security. The PRC seeks to control key technological and industrial sectors, critical infrastructure, and strategic materials and supply chains.”
The document made it clear that the cyber defenses at NATO allies – including Canada – are being strengthened, and that NATO could consider any cyber attack against a member nation to be a hostile action against the entire alliance: “A single or cumulative set of malicious cyber activities; or hostile operations to, from, or within space; could reach the level of armed attack and could lead the North Atlantic Council to invoke Article 5 of the North Atlantic Treaty”.
Norway latest nation to experience cyber attack
Norway’s National Security Authority (NSM) has confirmed that a June 29 cyber incident affected many of the country’s key websites and online services. The distributed denial of service (DDoS) attacks, which briefly disrupted access to a number of private and public institutions, are being attributed to pro-Russian criminal enterprises.
“The attacks are aimed at a number of large Norwegian companies that offer important services to the population,” according to Sofie Nystrøm, Director General at NSM. “We have seen similar attacks in other countries recently, but none of these have reported lasting consequences,” referring to an attack just two days earlier on Lithuanian government interests, along with cyber campaigns against Italian and Romanian infrastructure in recent weeks as well. “We are quite certain that no sensitive information was taken,” Nystrøm insisted on Norwegian television, and Norwegian Prime Minister Jonas Gahr Støre confirmed that the attacks had not caused any significant or lasting damage.
The NSM issued instructions to local organizations for the mitigation of DDoS attacks. In a Norwegian language post on its website, the NSM emphasized that the key to defense against DDoS is a secure information and communications technology (ICT) infrastructure.
The attacks are believed to be retribution for Norwegian support for Ukraine against the Russian invasion, now in its fifth month.
