Weekly CyberTip: Introduction to the Cyber Threat Environment
Looking for a comprehensive, plain language summary of the cybersecurity terminology and threats? Then check out the Canadian Centre for Cyber Security (CCCS) primer on cybersecurity, entitled Introduction to the Cyber Threat Environment. The document provides a brief yet thorough summary of the cyber threat landscape, including threat actors, threat targets, potential impacts, and an illustrated glossary of common cybersecurity terminology from adware infections to zero-day exploits. It’s a great resource for those new to the cybersecurity arena, or providing education to non-technical staff, board members, etc.
ICYMI: StatCan releases Canadian survey on impact of cyber crime
In their bi-annual report entitled “Canadian Survey of Cyber Security and Cybercrime,” Statistics Canada reveals “made-in-Canada” data about recent trends in the cybersecurity space.
Released October 18, the report explains that just under one-fifth of Canadian businesses experienced cybersecurity incidents in 2021, with about 10% of businesses affected specifically by a ransomware attack. While the numbers are alarming, they actually reflect a modest improvement over statistics from 2019.
While a significant percentage of cyber attacks had no apparent motive, the report suggested that the top two known motives for cyber attack in 2021 were incidents involving the theft of personal or financial information, or to directly steal money or demand ransom payments.
The report provided intriguing findings regarding cyber insurance: despite the higher profile of cyber risk insurance in recent years, the market actually shrunk slightly from the previous report, with only 16% of Canadian businesses carrying cyber insurance in 2021, down from 17% in 2019. “Amongst Canadian businesses with cyber risk insurance that were impacted by cyber security incidents, 88% did not make a claim for the incident, 8% successfully made a claim against the insurance, and 2% attempted to make a claim but were unsuccessful,” according to the report.
The report also indicated that fewer businesses were reporting their incidents to police services, instead largely dealing with attacks in-house or with the assistance of third-party experts.
TechTarget Report: ransomware on the rise, hitting schools
In a summary of reported ransomware attacks in the United States for October 2022, researchers from TechTarget Editorial detail 20 ransomware attacks, the highest figure in several months. The report noted that “the education sector remain[s] a popular target for cybercriminals.”
“While the 20 victims included healthcare, transportation, IT and food manufacturers, attacks against the education sector persisted – and in at least one case caused prolonged disruptions. Ransomware attacks on schools and higher education typically increase in late summer and early fall as classes resume,” according to their analysis.
CISA releases warning about threat actors targeting healthcare
On October 21, CISA released a Cybersecurity Advisory (CSA) regarding a threat actor group called Daixin that has been targeting the healthcare sector since at least June 2022. The detailed advisory provides examples of successful attacks, indicators of compromise, and risk mitigation strategies.
According to CISA, “Daixin Team” hackers have been specifically targeting the healthcare sector in order to access sensitive patient records and data, with a particular focus on valuable database, imaging, and diagnostics systems within healthcare facility networks. While the hackers deploy the same malware from victim to victim, their method of delivery the malware may change, including via phishing attacks or vulnerability scanning.
The Daixin Team is just part of the threat to the healthcare sector, which has been under increasing threat in recent months. In the FBI’s Internet Crime Complaint Center (IC3) 2021 annual report, ransomware victim reports are presented across 16 critical infrastructure sectors: the healthcare sector representing the greatest proportion, with fully one-quarter of all complaints (148 out of 649 reports received).
Chilean observatory suffers cyber attack
Think you’re not a potential target for cyber attack? No one is immune: just ask the team operating the ALMA space telescope and observatory in the Chilean Andes, who reported that a cyber attack has knocked out their website, disrupted email and voice services, and forced them to suspend operations. The attack, reported via Twitter on November 2, reported that the initial attack was on October 29; the ALMA website still remained down by November 7.
According to a series of related tweets, the team said the attack had not compromised its powerful antennas or any existing scientific data. “Given the nature of the episode, it is not yet possible to estimate a date for a return to regular activities,” according to ALMA on social media. No word was given on the nature of the attack, or whether any ransom demands had been made.
One of the world’s largest and most advanced telescopes, the Atacama Large Millimeter/submillimeter Array (ALMA) telescope array is used to study the building blocks of stars, planetary systems, galaxies, and the origins of life itself.