Follow ISA Cybersecurity on LinkedIn for the latest cybersecurity news
Weekly CyberTip: The top five most impersonated organizations in phishing attacks
While we should always be on the lookout for phishing (email), vishing (voice), and smishing (SMS) attacks, there are some organizations that are more likely to be spoofed than others. According to a new report from the Canadian Centre for Cyber Security (CCCS), the top five most impersonated organizations in attacks on Canadians are: the Canada Revenue Agency (CRA), Canada Post, Amazon, UPS, and Netflix. Always be vigilant, but be extra careful when handling messages from these institutions!
Canadian infrastructure “almost certainly” among cybercrime targets over next two years
According to a new report from the Canadian Centre for Cyber Security (CCCS), Canadians are increasingly targets of ransomware attacks, with organized cybercrime activity posing a threat to national security, economy and critical infrastructure. The August 28 report says that “financially-motivated cybercriminals will almost certainly continue to target high-value organizations in critical infrastructure sectors in Canada and around the world.”
The report, entitled “Baseline cyber threat assessment: Cybercrime”, is intended to inform cybersecurity professionals and the general public about the threat to Canada and Canadians posed by global cybercrime. The report presents a brief history of cybercrime, documenting its origins, its evolution into a global, multi-billion-dollar market, and its potential impacts on Canada and Canadians.
The report points to ransomware as a particular concern, calling it “almost certainly the most disruptive form of cybercrime facing Canada because it is pervasive and can have a serious impact on an organization’s ability to function”.
In the assessment of the CCCS, “Russia and, to a lesser extent, Iran very likely act as cybercrime safe havens from which cybercriminals based within their borders can operate against Western targets,” charging that “Russian intelligence services and law enforcement almost certainly maintain relationships with cybercriminals and allow them to operate with near impunity.”
The report also contains a selection of statistics, including most attacked sectors, most impersonated sectors, and the most impersonated individual organizations.
Callaway suffers data breach
In notice letters sent to customers on August 29, golf equipment giant Topgolf Callaway disclosed that it had suffered a data breach on August 1. According to the letters, which were sent to over 1.1M Callaway customers in the United States, Callaway personnel noticed “unusual activity” on their systems at the beginning of the month. Their team responded quickly, with the only immediate external impact being a brief outage on their ecommerce site.
However, in the intervening weeks, Callaway determined that unauthorized access to customer information had occurred during the incident. Data including “customer name, mailing address, email address, phone number, order history, account password and answer to security question may have been accessed by an unauthorized party,” according to the letters. Callaway assured customers that “full payment card numbers and government identification numbers” were not involved in the potential disclosure.
Customers of Callaway and its sub-brands Odyssey, Ogio, and Callaway Gold Preowned sites may have been affected by the incident. All affected user passwords have now been changed, and Callaway has warned customers to change the passwords on other platforms and services if they had been reused elsewhere. Callaway customers should also be on the alert for potential phishing attacks leveraging any data that may have been accessed by the unidentified threat actors.
Third-party breach affects University of Sydney in Australia
The University of Sydney has announced that a breach at a third-party service provider exposed personal information of recently applied and enrolled international students.
In a breach announcement on their website, the university reported a preliminary investigation had found no evidence that local students, staff, alumni, or donor data have been affected.
“The issue was isolated to a single platform and had no impact on other University systems. There is currently no evidence that any personal information has been misused. We are working to contact impacted students and applicants and will continue to monitor our systems. We are working with all parties to best support and protect any students and prospective students whose information may have been compromised,” according to the announcement. Further updates are expected from the school as the investigation continues.
The University of Sydney was founded in 1850 and has nearly 70,000 students and about 8,500 academic and administrative personnel.
Multiple LogicMonitor customers suffer ransomware attacks
On August 29, hackers exploited weak default passwords on LogicMonitor’s cloud-based infrastructure monitoring platform, launching attacks on a number of customers of the system. Threat actors reportedly used knowledge of admin account credentials to create local accounts and deploy ransomware using the platform’s on-premises LogicMonitor Collector sensors.
While the LogicMonitor website was silent on the incident, their Director of Community Allison Fasching – who goes by the handle A11ey on LogicMonitor’s customer message board – responded to customer questions about the incident: “We can confirm that LogicMonitor is currently investigating a security incident that affected a small number of customers, and we are taking all necessary and recommended steps to mitigate any impact. All known affected customers have already been notified, and we are working with these customers to take preventative measures. We recommend all customers take the time to secure their accounts with the already available feature sets available in customer portals, such as mandating 2FA.”
The first confirmed sign of an issue was reported on the company’s system status page, which announced: “LogicMonitor is currently investigating technical abnormalities, which may be impacting customer accounts. We will update once we have further information on the full scope of impact.”
The identity of the threat actors or the victims, the type of ransomware, or other demands/impacts have not been disclosed.