Archive for April 13, 2021

Guest Post: Government Most Hit By Ransomware Attacks In 2020 Followed By Banking Says Atlas VPN

Posted in Commentary with tags on April 13, 2021 by itnerd

Ransomware is malicious software that restricts access to a victim’s files or devices until the ransom is paid. Last year, this type of attack was one of the cybercriminals’ favorite methods for targeting organizations.

According to the data presented by the Atlas VPN team, the government sector was the most affected by ransomware attacks in 2020, followed by Banking. In total, 50% of last year’s ransomware attacks were directed at these industries among the top 10 most-targeted sectors.

Government organizations took the biggest share of ransomware attacks last year — 31,906, while the banking sector suffered 22,082 attacks. Other industries that made it to the top five include manufacturing (17,071), healthcare (15,701), and finance (4,917).

Ruth Cizynski, the cybersecurity researcher and writer at Atlas VPN, shares her thoughts on ransomware attack trends in 2020: 

“Financial organizations have always been popular targets among cybercriminals due to their wealth.  In the meantime, the government and healthcare sectors are known to be especially vulnerable to cyberattacks. As the latter industries also played a critical role in dealing with the global pandemic last year, they became an easy prey to hackers.”

WannaCry ransomware was favored by cybercriminals

Like most cyber threats out there, ransomware comes in many different types. However, some ransomware families were more popular last year than the others.

Out of all the ransomware types, WannaCry, also referred to as WCry, was most favored by cybercriminals. This cyber threat was responsible for 220,166 or nearly 87% of all last year’s top ransomware families’ attacks. 

Locky ransomware also continued to plague organizations last year. There were 15,816 Locky cases detected in 2020. 

Other ransomware families that were highly active last year include Cerber (5,448),  Ryuk (3,376), GandCrab (2,326), Sodinokibi (2,275), Crysis (1,744), Crypwall (1,019), Egregor(827), and DoppelPaymer (526). 

To read the full article, head over to: https://atlasvpn.com/blog/government-most-hit-by-ransomware-attacks-in-2020-followed-by-banking

Leave a comment »

My Wife And I Got Our COVID Vaccines…. Here’s What That Was Like For Us

Posted in Commentary on April 13, 2021 by itnerd

Early last week my wife and I got our COVID vaccines and I wanted to take a moment to talk about what that experience was like as I got a lot of questions about it since posting this Tweet:

Here’s a recap of our experience.

First of all, there was booking the appointment. Now some friends of ours alerted us that we were eligible because we were 50 or over in a “high priority” postal code. I am going to assume that this might have something to do with the fact that there is an assisted living facility down the street from us that had a number of deaths that were due to COVID. That led us to booking an appointment with Unity Health to get our vaccine. Or at least trying to. It took three days of constantly checking the website to find a pair of appointments for us. When we did, we hurriedly booked them. One was for last Monday at the St. Joseph’s Hospital site in the west end of Toronto for myself. The other was for the next day at the St. Michael’s Hospital site in downtown Toronto for my wife. One thing that I did notice is that the booking site uses Cloudflare to stop denial of service attacks and provide load balancing. Presumably, to ensure that everyone gets a fair chance to book appointments. Thus my first piece of advice would be keep trying to book an appointment because appointments will become available. Once you book an appointment, which requires you to have your OHIP card handy, you get an email and a text message on your phone confirming your appointment. Make sure you read the email as it has a lot of handy info about the site you’re booked into. For example, parking info, whether there are washrooms available, and how early you should show up are all in that email.

On the day I had my appointment, I drove down to St. Joseph’s Hospital and arrived at the parking garage 15 minutes early. A five minute walk later, I got to the vaccine site. It was well signed and easy to find. Once I entered the clinic, I was greeted by a security guard who quizzed me about what time my appointment was. Once I replied, I was instructed to sanitize my hands and I was handed a paper mask via a pair of tongs to go on top of the cloth mask that I was wearing. I was then directed to a station where I was asked to show my OHIP card and I was quizzed about a variety of things including if I had COVID or I was exposed to anyone with COVID. I was then directed to a second station where I was quizzed again about the same items and I was asked to show my OHIP card again. After that I was asked to stand in line. There were five people ahead of me and there were clear places to show where you should stand to ensure physical distancing. I also noted that there was a booth where a woman was preparing syringes with the vaccine. Once the syringe was prepared, another person would pick up the syringe and escort the person at the front of the line to a booth. In my case, I was in line for a grand total of 5 minutes before being escorted to a booth. In the booth the Dr. quizzed me about exactly the same things that I was quizzed about by the first two booths that I had been at earlier.

I will say that they are thorough.

After that, I finally got the vaccine. Moderna in my case. Not that it really matters as the best vaccine is the one that goes in your arm. More on that in a bit. I was then escorted to a “recovery area” where I had to take a number and wait for 15 minutes to see if I had any reactions to the vaccine. The number was entered into a iPad which started an individual timer for me which is pretty slick. When my number was called, was escorted to a check out area where my information was confirmed including my email address and my cell phone number. I was then told I would get an email and text message when my next appointment was booked. I then left the facility. I wasn’t three steps out the door before my iPhone dinged and I got a text message saying that my next appointment was booked. It was booked for 112 days from last Monday. I know that because I asked Siri how many days it was until my next appointment.

Total time invested: 30 minutes.

Side effects? Well, here’s what my wife and I experienced:

  • In my case, my body temperature went up to about 99 degrees Fahrenheit after the vaccine. Also for about a couple of days, I felt lethargic. But by the weekend I was back to normal. As mentioned earlier, I got the Moderna vaccine.
  • In the case of my wife, she had bouts of dizzy spells for about a day or so and was lethargic. But was normal again by the weekend as well. I should note that she got the Pfizer vaccine.
  • In both of our cases, the injection site which was our respective left arms were sore and swollen for couple of days. But both of those things disappeared by the weekend.

So with that out of the way, I want to cover a few touchy points.

  • I’ve been asked if I had a preference in terms of vaccine brand as some vaccines, specifically the Astra Zeneca and Johnson and Johnson have been linked to rare blood clots. The answer is no. The best vaccine is the one that goes in your arm as it’s going to give you protection from COVID. And given that these blood clots happen less than 1% of the time, and your chances of catching COVID is far higher than that, I’ll take my chances with the vaccine.
  • I’ve been asked if I was hesitant in terms of getting the vaccine. The answer is no. But not everyone is like me. If you’re hesitant about getting the vaccine, that’s okay. You have the right to feel however you feel. But I would say that you need to seek out whatever information that you need from reputable sources to give you to comfort level you need to get the vaccine. I would recommend this link for reputable info if you’re in Canada. This link if you are in the US. And this link if you’re in the UK. There are likely similar links for other countries as people from over 20 countries visit this blog every single day. But like I said, seek out reputable information and make your call based on facts rather than what you see on Facebook or Twitter.
  • The most important thing that I would say is that getting the vaccine isn’t about you. It’s about those around you. Yes it is true that if you get the vaccine that your chances of having a severe COVID related outcome drops dramatically. But it’s about spreading COVID around to others. While there is still a risk of that happening even if you have had the vaccine, which is why you need to still follow public health advice after you get it, that risk drops dramatically if you get the vaccine. So in effect, you are protecting others by getting a vaccine. Specifically your friends and family. It’s also the best way that the world has at present to get out of this pandemic and get back to something approaching normality. And every vaccinated person moves the metaphorical needle closer to that goal.

In closing, if I had to grade the whole experience, I would grade it an “A-“. The minus comes from the fact that I had to try really had to get appointments for myself and my wife. The rest of the experience was top shelf. And that was cemented by the fact that my wife had pretty much the same experience the next day at the St. Michael’s site for Unity Health. Thus if you are eligible for the COVID vaccine, I would recommend getting it as soon as you can. While the process requires you to invest some time up front, the long term benefit is going to be worth it. Which is we can get on with our lives sooner.

1 Comment »

Durham Region Government Gets Pwned By Ransomware

Posted in Commentary with tags on April 13, 2021 by itnerd

News has service that the Durham Region Government has been pwned by ransomware. IT World Canada got wind of this and when they asked Durham Region about the pwnage, they got this response:

A statement from the region’s communications department says they’ve contacted the “relevant authorities and regulators.”

“Our IT teams, working with the service provider, took immediate steps to secure our systems. The incident did not impact the Region’s core IT systems.

“Our experts are now investigating the matter to determine the information that may be involved and the impact of this incident. It is important to note that the vulnerability related to the service provider has been addressed and our systems have been secured.

“We are committed to protecting the privacy of all residents and we are taking this matter very seriously. We are sorry for the inconvenience this may cause affected parties.

This isn’t good for anyone as the damage is likely worse than they’re letting on. David Masson, Director of Enterprise Security, Darktrace had this to say:

Once again, we have seen threat actors attack regional government in Canada. In this instance, attackers struck by exploiting third-party software as a means of entry, exposing a fundamental weakness of even the most secure organizations – the supply chain. 

What this recent attack drives home is the critical need for an approach to security that stops threats even once they have penetrated the perimeter. Double threat ransomware – where data is not only encrypted, but also stolen – seems to have been used, and on this occasion the data has been exposed on the web. The adversaries behind the attack had likely been lurking in the Municipality of Durham’s systems – undetected – for some time, able to move laterally and search for sensitive data. While individuals could be hurt by data exposure, affected organizations are also likely to experience reputational damage.

With ransomware attacks ramping up, all organizations have to accept that they can no longer rely on perimeter-based tools to prevent threats, nor can they rely on their own supply chain. Organizations need solutions that can respond to threats even once they have made their way inside a digital infrastructure, which is why many Canadian organizations are leaning on self-learning AI, which is able to detect even the most subtle indicators of attack and has the ability to autonomously respond to threatening activity in real time – before the damage is done.

I know I keep saying this, but I hope this spurs companies to up their cybersecurity game to stop this sort of thing from happening as the effects are far reaching and painful.

Leave a comment »

New Dell Inspiron Family & XPS 13 OLED Announced

Posted in Commentary with tags on April 13, 2021 by itnerd

Today, Dell Technologies announced a redesigned, new line up of Inspiron laptops and there’s a device for every type of user – from students doing remote learning and parents juggling WFH to young professionals binging the latest shows, blogging, keeping up with friends, etc. Here are the highlights:

  • A variety of sizes and form factors — From 13, 14, 15 and even 16-inch screens, the new Inspiron devices come in minimalist, modern designs to fit all your computing needs.  
  • Packed with the latest PC innovations— A nearly borderless display, expansive keyboard, larger keycaps and spacious touchpad make it easier to view and navigate your content.
  • Look your best while streaming online — An HD webcam helps you look your best even in low-lit environments. Paired with the finely tuned microphone, you’ll come through crisp and clear in all your virtual hangouts. 
  • There’s also an OLED screen version of the XPS 13 for the best viewing experience

Check out the Inspiron blog post for more details.

Leave a comment »

Invicti Security Reports on Lost Year in Web Application Security

Posted in Commentary with tags on April 13, 2021 by itnerd

Invicti Security™, a global leader in web application security, today released the spring volume of its Invicti AppSec Indicator Report, which examines the prevalence of web vulnerabilities across more than 3,500 targets in every industry and more than 100 countries. The findings indicate that as organizations shifted focus to support remote work and business continuity amid the challenges of 2020, web application security suffered.

The report, released in previous years as the Acunetix Web Vulnerability Report, was developed through an examination of anonymized data collected via Acunetix, an Invicti DAST and IAST product used by thousands of companies and government organizations to discover and scan web assets for vulnerabilities and prioritize them for remediation. The large dataset includes data from more than 188,000 web scans, 173,000 network scans, and more than 290 million monthly HTTP requests provided the basis for the analysis.

Between 2016 and 2019, the number of high-severity and medium-severity vulnerabilities decreased steadily every year, with an average reduction rate of 22% in high-severity vulnerabilities year over year. If that trend had continued, the overall incidence of high-severity vulnerabilities would have decreased from 26% to about 20%. However, progress came to an abrupt halt in 2020, probably as a result of resource reallocation to address Covid-19 business impacts and enable remote work worldwide. 

Among the 2020 report’s findings:

  • The overall prevalence of high-severity vulnerabilities such as remote code execution, SQL injection, and cross-site scripting, increased slightly from 26% to 27% of the targets scanned
  • Medium-severity vulnerabilities such as denial-of-service, host header injection, and directory listing, remained present in 63% of web apps in 2020, holding flat from 2019
  • Several high-severity vulnerabilities are well-understood, but did not show improvement in 2020. One example: the incidence of remote code execution, both well-known and damaging, increased by one percentage point last year.
  • Also of note: the incidence of server-side request forgery (SSRF), the primary vulnerability behind the recent Microsoft Exchange breach in 2021, as well as Capital One in 2019, has not improved year over year.

With many of the Covid-related changes to consumer and business behaviors expected to endure beyond the end of the pandemic, web application security is more critical than ever. From growing usage of business tools such as chat, web conferencing, and collaboration environments, to increased consumer adoption of e-commerce, attack surfaces continue to expand. Recent research indicates that the largest percentage of breaches in 2020 began with a web application, yet at the same time, the number and severity of a variety of other types of attacks reached new highs in 2020, diverting the time and resources of security organizations away from web application security. 

The full report is available here.

Leave a comment »

New Infosec IQ Cybersecurity Culture Survey Quantifies Security Beliefs, Sentiments

Posted in Commentary with tags on April 13, 2021 by itnerd

Infosec, the leading cybersecurity education company, today released one of the industry’s first cybersecurity culture assessment tools. The new Infosec IQ Cybersecurity Culture Survey introduces an actionable, scalable way to analyze and measure employee attitudes and perceptions towards security practices, policies and training strategies across five cultural domains.

The Infosec IQ Cybersecurity Culture Survey collects employee feedback and scores organizations across these five domains: 

  • Confidence: how employees classify their own ability to put their cybersecurity knowledge to practical use
  • Responsibility: how employees perceive their role in organizational security
  • Engagement: how willingly employees participate in an organization’s security awareness and training program and apply available resources and support to improve security behaviors
  • Trust: how employees perceive the security posture and processes at their organization
  • Outcomes: how employees perceive the consequences of a security incident at their organization

The Infosec IQ Cybersecurity Culture Survey helps security awareness managers evolve program goals and success metrics to align with recommendations from leading research firms like Forrester. According to a Forrester report authored by analysts Jinan Budge and Claire O’Malley, “Cultural change takes time and results are difficult to measure.” One technique they recommend CISOs use is “surveying the workforce to measure motivation, ability and triggers. This will allow you to quantify the strengths and weaknesses of an existing or potential SA&T [security awareness and training] program and gain insight into the current state of security culture.”1

Infosec IQ program managers can administer the Cybersecurity Culture Survey as needed and use results to guide changes to cybersecurity policies, practices or training strategies. The tool generates scores across all five domains and provides recommendations for strengthening cybersecurity culture and improving scores in each domain. Recommendations include training content and employee engagement features built within the Infosec IQ security awareness platform and suggestions for increasing the impact of security-related communications.

Click here to learn more about the Infosec IQ Cybersecurity Culture Survey.

Leave a comment »