Archive for January 25, 2022

Researchers Discover A OneDrive Malware Campaign 

Posted in Commentary with tags , , on January 25, 2022 by itnerd

Researchers with Trellix found a OneDrive malware campaign which targets government officials in Western Asia by using Microsoft’s Graph API to leverage OneDrive as a command-and-control server. The researchers have named the malware ‘Graphite’ due to its use of Microsoft’s Graph API. The attack takes advantage of an MSHTML remote code execution vulnerability (CVE-2021-40444) to execute a malicious executable in memory. The attack was prepared in July 2021 and eventually deployed between September and November, according to the Trellix report.

Saryu Nayyar, CEO and Founder, Gurucul had this comment:

“As described, this is a multi-stage attack over time that is similar to attacks purported by known threat actor group APT28. Without a strong set of security analytics capabilities that includes behavioral analytics to see abnormal communications, remote code execution, unauthorized file access, and other stages leveraging dwell time to stay hidden, security teams will struggle to identify this campaign quickly enough. This is especially true as most vendor solutions are leveraging rule-based machine learning (ML) models that require updates before being able to identify this variant. Current SIEM and XDR solutions are limited in their ability to do more than produce more indicators of compromise and do not provide the necessary detection for identifying an attack out of the box with both context and confidence”. 

This is scary because of the reach of OneDrive within corporate environments. Thus if you’re a user of OneDrive, and let’s be frank, who isn’t using OneDrive, this report is required reading.

DHS Warns Of Ukraine Related Cyberattacks

Posted in Commentary with tags , on January 25, 2022 by itnerd

The Department of Homeland Security reportedly sent out a bulletin Sunday to critical infrastructure operators and local government officials warning of the potential for cyberattacks launched by the Russian government in response to any US involvement in a potential war in Ukraine. This dovetails with the cyberattack on the Canadian government that I reported on earlier today.

Saryu Nayyar, CEO and Founder, Gurucul had this comment:

“It is not surprising that the cyberattacks on the Ukraine were not going to be isolated to them based on the US involvement in Russia’s aggressive military actions. As the CISA points out with attacks such as WhisperGate, ‘identifying and quickly assessing any unexpected or unusual network behavior’ includes activity such as privileged access violations. Cisco Talos reports that system access was most likely based on stolen credentials. Organizations in the US must go beyond traditional XDR and SIEM solutions and incorporate identity and access analytics with user and entity behavior analytics to pick out unusual network activity, lateral movement and unusual access to applications. This activity must be escalated quickly and with confidence to security teams in light of forthcoming attacks. Stolen credentials can be identified based on abnormal usage by threat actors, especially as most other detection techniques cannot discern this being an immediate threat.”

Clearly things are escalating when it comes to Ukraine. Which means that the time to act in terms of staying safe is now. Thus if you’re a company with exposure in that part of the world, and even if you’re not, you’ve got some work to do and quickly.

Guest Post: Americans suffered a whopping 50 billion robocalls in 2021 Says Atlas VPN

Posted in Commentary with tags on January 25, 2022 by itnerd

According to the data presented by the Atlas VPN team, US residents suffered a whopping 50.5 billion robocalls in 2021 — a 10% increase from 2020. On average, each affected person in the US received around 154 such calls the previous year.

A robocall is an automated telephone call that uses auto-dialing software to deliver a pre-recorded message to its recipients.

While residents of all US states received their share of robocalls last year, some were affected more than others.

Texas residents endured the most robocalls out of all the states in 2021. In total, they experienced 5.8 billion such calls, an almost 12% rise from 2020.

The US most populous state California comes in second on the list. Overall, close to 4.6 billion robocalls were directed at Californians in 2021. Compared to 2020, last year saw only a slight 1% increase in robocalls.

Florida occupies the third spot on the list with 4.1 billion robocalls. Compared to 2020, such calls rose by 10% in the sunshine state last year.

Other states in the top ten based on the number of robocalls in 2021 include Georgia (3.1 billion), New York (2.6 billion), North Carolina (2 billion), Ohio (1.9 billion), Illinois (1.85 billion), Tennessee (1.8 billion), and Pennsylvania (1.75 billion).

To read the full article, head over to: https://atlasvpn.com/blog/americans-suffered-a-whopping-50-billion-robocalls-in-2021

Beanfield Metroconnect Acquires FibreStream

Posted in Commentary with tags on January 25, 2022 by itnerd

Beanfield Metroconnect, owner and operator of the largest independent fibre-optic network in Toronto and Montreal, today announced the acquisition of FibreStream, an Internet Service Provider operating in the GTA, Ottawa and Vancouver. This acquisition is part of Beanfield’s ongoing commitment to expand its residential network, allowing for superior services and a reliable network to be readily available to even more customers.

Beanfield builds, owns and operates its own fibre-optic network, which results in fast network response times and industry leading network reliability. Through the acquisition of FibreStream, the two companies will grow stronger together as each team is able to share its expertise and resources. Beanfield is working on expanding its network to offer FibreStream customers its superior service in the future. FibreStream customers will not see any changes to their plans or pricing on the existing network. 

Together, Beanfield and FibreStream are not only helping to build and connect communities, but they are also challenging the traditional model of the telecom space in Canada. Both companies are built on the idea of putting the customer first and doing the opposite of what the competition is doing. Beanfield is committed to changing the way connectivity is delivered to residential customers.

Canada’s Foreign Affairs Ministry Pwned By Hackers…. Russia Suspected

Posted in Commentary with tags , on January 25, 2022 by itnerd

Late yesterday it came to light that Foreign Affairs Canada had been hit by some sort of cyberattack with pretty serious consequences according to Reuters:

The incident was detected last Wednesday, a day before Canada’s signals intelligence agency said network operators of critical infrastructure should boost their defenses against Russian state-sponsored threats.

“Critical services … are currently functioning. Some access to internet and internet-based services are currently not working,” said a statement from the Treasury Board, which has overall responsibility for government operations.

As you can tell from that statement, the suspicion is that Russia is behind this. Which isn’t a surprise with their actions against Ukraine and the tensions that it created. Canada doesn’t typically comment on these sorts of things. But I suspect that we’ll hear more about this in the coming days.

UPDATE: Chris Olson, CEO of The Media Trust, had this comment:

“As highlighted by recent events, the ability to disrupt digital channels has become a strategic weapon in today’s geopolitical environment. Shutting off or redirecting websites/mobile apps harms not only consumers looking to access those services but also revenue and communication channels for business and government entities. Avoiding this scenario requires continuous monitoring of client-side experience to detect anomalous activity (domains, vendors) before it propagates and causes extensive damage. Establishing and maintaining digital trust and safety is a priority in 2022.”

UPDATE #2: Saryu Nayyar, CEO and Founder, Gurucul had this comment:

“As Canada’s own intelligence agencies have recommended just prior to the attack, organizations need to upgrade their security capabilities in lieu of potential Russian attacks. Outside of even nation state threats, threat actor groups continue to evolve their campaigns. However, despite existing investments in perimeter and defensive solutions, endpoint, XDR, and SIEM, threat actors are still evading these tools successfully. With stolen credentials and phishing attacks being used to get inside networks easily, upgraded solutions that offer behavioral based threat detection along with adaptable machine learning (ML), not rule-based, and true artificial intelligence models found in a small set of next generation SIEMs are critical to stop these multi-staged attack campaigns.”

Applications Now Open For Second Google Cloud Accelerator Canada Cohort

Posted in Commentary with tags on January 25, 2022 by itnerd

Throughout the pandemic, we’ve seen just how important the role of cloud technology is in almost every sector. From healthcare to education, retail to manufacturing, cloud technology keeps us connected, and helps us maintain continuity in our schools, work and businesses. 

Google knows the need for cloud-based solutions will continue to grow, that’s why they have launched the first Google Cloud Accelerator Canada last year, entirely dedicated to supporting cloud-native technology startups. The accelerator was the first of its kind at Google, designed to bring the best of their programs, products, people and technology to startups doing interesting work in cloud. 

Last year, twelve startups were selected for their inaugural cohort, representing a range of industries including healthcare, hospitality and real estate. They have worked with founders and their teams to help solve some of the top challenges facing their startup and provided 1:1 mentorship from an array of Google Cloud experts. They have also offered support in AI/ML, design/UX, Android, web, product strategy, sales, marketing, and more.

Today, Google is excited to announce that applications are now open for the second Google Cloud Accelerator Canada. The 10-week virtual accelerator will offer cloud mentorship and technical project support, as well as deep dives and workshops on product design, customer acquisition and leadership development for cloud startup founders and leaders. 

The Accelerator is best suited for funded, revenue generating startups who have a minimum of five employees and are well-positioned for their next phase of growth. In order to ensure Google can provide meaningful value, startups should aim to leverage either Cloud or AI/ML technologies in their product, service, or operations, or show an interest in leveraging these technologies in the future.

Applications are now open until March 1, 2022 and the accelerator will kick off this April. Interested startups leveraging cloud to drive growth and innovation are encouraged to apply here.