Weekly CyberTip: Lessons learned from the LastPass breach
In an report by the North Carolina Bar Association, legal and cyber experts weigh in with an excellent, unbiased analysis of the recent LastPass data breach: what happened, what was stolen, and the options for customers who may now have password vaults (albeit still encrypted) in criminal hands. If you are a LastPass customer, have you assessed how to respond to the incident? If you do not use LastPass, but you are using – or considering – a password locker, what lessons can you take from the breach? Either way, review this article. There are many takeaways, not the least of which is that it is essential for the “master” password for any password locker must be protected with strength and length. In the event that there is another vault breach like the LastPass incident, this may be the only factor buying you time before you can change your credentials.
U.K.’s Royal Mail international services still down after cyber attack
Another high-profile cyber attack against an essential service took place on January 11, with the news that the U.K.’s Royal Mail had experienced a cyber incident affecting international export services.
In updates posted January 14-15, Royal Mail confirmed that they are “temporarily unable to despatch items to overseas destinations,” and urged customers to hold off on mailing items destined abroad until further notice in order to avoid backlogs and further service delays.
Domestic services are unaffected, and Royal Mail’s “import operations continue to perform a full service, with some minor delays. Parcelforce Worldwide export services are still operating to all international destinations though customers should expect delays of one to two days,” according to the latest update.
The LockBit ransomware gang is believed to be responsible for the attack, according to a report by the BBC. Royal Mail has reportedly received ransom notes that appeared digitally and where auto-printed on network printers in various Royal Mail offices; these messages allege that data has been “stolen and encrypted”. Royal Mail has not confirmed the nature of the attack, only advising that they are working with third parties around the clock to investigate the matter.
The UK’s National Cyber Security Centre issued a terse statement on January 11 confirming their co-operation with Royal Mail in the investigation: “We are aware of an incident affecting Royal Mail Ltd and are working with the company, alongside the National Crime Agency, to fully understand the impact.”
Royal Mail was privatized in 2011 after centuries as a government entity.
Report: Education/Research, Government, and Healthcare most attacked industries in 2022
Researchers from Check Point have issued a year-end analysis of 2022 cyber attack trends.
The report suggests that the global volume of cyberattacks reached an all-time high in Q4/2022, with an average of 1168 weekly attacks per organization; over-all, global attacks were up 38% in 2022 over 2021. In North America specifically, the numbers were even more stark, with a 52% increase in attacks in 2022 over 2021.
The top three industries under attack were reportedly education/research, government, and healthcare. Education/research was the single-most targeted sector, experiencing a 43% increase in 2022 over the previous year.
Two trends were identified as potential causes of the dramatic rise in cyber attacks:
- a growing and evolving ransomware ecosystem, with “smaller, more agile criminal groups that form to evade law enforcement”; and
- hackers are expanding their targets within the enterprise, attacking “business collaboration tools such as Slack, Teams, OneDrive and Google Drive with phishing exploits”
LCBO issues statement regarding cybersecurity incident and response
On January 12, the Liquor Control Board of Ontario (LCBO) issued a press release announcing that they had experienced a “cybersecurity incident, affecting online sales through LCBO.com”.
The statement advises that a threat actor had compromised an LCBO website designed to obtain customer information at checkout. Customers that provided personal information on the site between “January 5, 2023, and January 10, 2023, may have had their information compromised. This could include names, email and mailing addresses, Aeroplan numbers, LCBO.com account password, and credit card information,” according to the statement.
The LCBO website and mobile app are now fully operational after “a thorough review and testing,” and “enhanced security and monitoring measures” are now in place.
Opinion: Why are there more cyber attacks lately?
In interviews with representatives from Check Point and the Toronto Metropolitan University (TMU), a Canadian Press opinion piece offers possible explanations for the rise in cyber attacks in recent months.
Robert Falzon, head of engineering at Check Point Canada, is “absolutely” certain that there are more cyber attacks, pointing the finger at the ready availability of tools and techniques to mobilize hackers quickly and easily.
Meanwhile, Charles Finlay, executive director of the Rogers Cybersecure Catalyst Centre at TMU feels the root cause of the rise in hacking activity is, quite simply, profit. Cyber crime is a multi-billion dollar industry annually, so individual threat actors right up to state-sponsor crime syndicates are looking for a slice of the pie.
The interviews also confirm that today’s criminals are indiscriminate, targeting any organization they feel may be susceptible to attack; or are working in volume by sending out thousands of phishing emails in the hopes of successfully breaching a few victims.
Read the full Canadian Press article, as quoted by CityNews in Ottawa.