Follow ISA Cybersecurity on LinkedIn for the latest cybersecurity news
Weekly CyberTip: Cyber safety on Cyber Monday
Cyber Monday is one of the busiest online shopping days of the year. Today, and as the holidays approach, make sure you stay cyber safe by observing ISA Cybersecurity’s list of the top ten tips for protecting your online personal and financial information online.
Municipality of Westmount recovering from LockBit ransomware attack
The municipality of Westmount in Montreal, Quebec is still working its way through recovery efforts after a ransomware attack on November 20. In their November 25 blog update, the municipality confirms that “some municipal services have been affected, but most activities and services have continued to operate. Email communications to the City, which were interrupted on Monday, November 21, are gradually being restored.” In the meantime, citizens are being encouraged to communicate over the phone or to visit a service location in person.
The infamous LockBit 3.0 ransomware gang has claimed responsibility for the attack, posting an announcement on their dark web portal that threatens to disclose some 14TB of data if ransom demands are not met by December 4. “ALL AVAILABLE DATA WILL BE PUBLISHED!,” shouted a blog post on November 22. The municipality has shown no inclination to pay so far.
CISA and FBI update warning about state-sponsored APT activity exploiting Log4j bug
On November 25, Cybersecurity and Infrastructure Security Agency (CISA) and the FBI updated their joint cybersecurity alert that details advanced persistent threat activity conducted by Iranian state-sponsored threat actors against the network of an unnamed federal civilian executive branch organization. The attackers gained initial access earlier this year by exploiting the Log4Shell vulnerability.
The alert comes following an investigation into a cyberattack against what they describe as a “federal civilian executive branch” organization. Researchers determined that hackers were able to breach the government network by exploiting an unpatched Log4j vulnerability in a VMware Horizon server.
The warning comes almost a full year after the Log4j vulnerability was first disclosed and organizations were urged to apply patches or mitigations.
“CISA and FBI are releasing this Cybersecurity Advisory (CSA) providing the suspected Iranian government-sponsored actors’ tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help network defenders detect and protect against related compromises,” according to the bulletin. “CISA and FBI encourage all organizations with affected VMware systems that did not immediately apply available patches or workarounds to assume compromise and initiate threat hunting activities.”
The cybersecurity advisory (CSA) also warns any organizations that detect a compromise as a result of Log4j to “assume lateral movement” by the attackers, investigate any connected systems and audit accounts with high privilege access.
“All organizations, regardless of identified evidence of compromise, should apply the recommendations in the mitigations section of this CSA to protect against similar malicious cyber activity,” said the alert, which was initially published on November 16.
Majority of Canadians polled feel we need more financial fraud and security awareness training
In a new fraud awareness poll commissioned by Scotiabank, 89% of Canadians agree that more education is needed to support financial fraud and cybersecurity awareness.
To help Canadian consumers recognize and defend against cyber criminals, Scotiabank has launched a revamped Cybersecurity and Fraud portal scotiabank.com/security that provides cybersecurity awareness resources and “fraud simulations where users can evaluate email and text message exchanges, websites, as well as listen to voicemail examples to assess the authenticity of this content.”
“As a large financial institution, we play an important role in educating our customers and keeping them informed about the current trends in threats or scams, to protect themselves and their families from fraud,” said Tammy McKinnon, Senior Vice President, Global Fraud Management, Scotiabank.
Canadians can use the help: “Almost seven out of 10 Canadians (68%) have been targeted or fallen victim to various financial fraud scams via email, phone, text, credit card, or social media,” according to the press release announcing the poll results and the new website. “According to the Canadian Anti-Fraud Centre (CAFC), to date in 2022, fraud losses in Canada total $362.7 million. That amount is likely much higher given that they estimate that less than 5% of victims report to the CAFC.”
ICYMI: Ontario government publishes report about cybersecurity in broader public sector
In a comprehensive report analyzing the state of cybersecurity in Ontario’s broader public sector (BPS), an expert panel identified four key challenges faced by organizations in the Ontario’s BPS:
- Governance and Operating Models (recommending that BPS reinforce existing models, policies, procedures, and accountabilities within current governance structures);
- Education and Training (recommending BPS continue to develop diverse and inclusive cyber awareness and training initiatives across all age levels of learning);
- Communication (primarily the sharing of threat intelligence to support the overall cyber security of the BPS); and
- Shared Services (with a goal of developing, improving, and expanding the use of shared services and contracts).
BPS (which are defined broadly as hospitals, school boards, post-secondary educational institutions, children’s aid societies, community care access corporations, PSOs, and publicly-funded organizations that receives $10 million or more from the Province) are suffering from “systemic underinvestment in both legacy technology replacement and cybersecurity,” according to the report, released October 3.
“Prioritizing improvements in governance should be a key consideration when developing an organization’s overall cyber strategy. A comprehensive governance model involves cyber security standards, policies, frameworks, maturity models, best practices, roadmaps, playbooks, advisory services, threat intelligence sharing platforms and empowers organizations to respond and recover more quickly when faced with cyber incidents,” urged Robert Wong, Chair of a 10-person expert panel comprising some of the leading figures in Ontario’s broader public sector.
“Regardless of the size or mandate of the BPS organization, there is a general desire for more cyber security resources, investments, and expertise,” concluded the report.