Archive for March 22, 2022

Guest Post: Cryptominers Were The Most Common Malware Family In 2021 Says Atlas VPN

Posted in Commentary with tags on March 22, 2022 by itnerd

Malware comes in many different types, and each works in a unique way to achieve its objective.

According to the data presented by the Atlas VPN team, cryptominers top malware family list in 2021 with over 150K detections. Furthermore, cybercriminals targeted information and communication businesses the most with malware attacks.

In total, 150,909 detections of cryptocurrency miners were seen in 2021. By using CPU and GPU resources of victims’ devices, threat actors mine various crypto for profit.

Web shell scripts accumulated 149,290 detections. A successful web shell attack allows attackers to access sensitive resources or make way for malware or ransomware injections.

The Ulise malware accounted for 145,321 detections in 2021. Such a type of Trojan enters a system as a file dropped by other malware or as a file accidentally downloaded by users when browsing malicious websites.

WannaCry ransomware cryptoworm threats resulted in 97,585 detections. WannaCry spreads across networks infecting Windows computers.

Cybersecurity writer at Atlas VPN Vilius Kardelis shares his thoughts on malware attacks against companies:

“Malware attacks enable attackers to profit off businesses simply and efficiently. Companies that become victims of cyberattacks often become vulnerable to data theft, hijacking, and other similar cyberattacks in the future. By employing good cybersecurity practices and applications, businesses can mitigate malware attack risks.”

Industries targeted by malware

Usually, cybercriminals choose to attack industries, which can potentially bring the most rewards.

The information and communication industry was targeted the most in 2021, with 561,753 malware files in emails. Businesses in this industry were appealing targets due to employees often using computers as their primary work tool.

Cybercriminals sent out 397,072 malware files in emails to the retail industry. Retail companies possess large amounts of customer data, which draws the attention of more cybercriminals.

The construction industry received emails with 356,952 malware files in 2021. The finance industry was on the receiving end of 198,408 malware files in emails. At the same time, the manufacturing industry was the target of 188,373 malware files in emails.

To read the full article, head over to: https://atlasvpn.com/blog/cryptominers-was-the-most-common-malware-family-in-2021

Leave a comment »

Telstra to Deliver Teleport Services for OneWeb in Australia

Posted in Commentary with tags on March 22, 2022 by itnerd

Telstra is expanding its presence in the rapidly growing satellite telecommunications market, building and maintaining three new dedicated teleports across Australia to provide satellite gateway services for OneWeb in the Southern Hemisphere.   

The first of the new teleports, located in Darwin Tivendale, is scheduled to begin installation this month with go-live planned in July. Two further sites – Charlton Toowoomba and Wangara, Perth, WA – are planned for completion later in 2022. Each facility will provide turnkey ground station support for OneWeb’s growing fleet of low-earth orbit (LEO) satellites.

These facilities are being delivered as part of a 10-year deal between Telstra and OneWeb. Telstra’s turnkey approach for OneWeb includes designing, building and activating the teleports with ground station capabilities to meet OneWeb’s requirements.  Telstra will also provide 24/7 monitoring and quality assurance services at each location. 

Telco providers typically own and operate significant terrestrial and subsea assets, including fiber networks, IP backbones and data centers. These resources provide the critical ground service required to support satellite operators’ growing constellations, reduce their costs of entry into new markets and minimize the need for personnel to maintain their own terrestrial infrastructures.

OneWeb has two-thirds of its constellation launched and is providing coverage above the 50th parallel North – reaching areas that have historically been hard to connect with distributed communities and challenging terrain. This includes Alaska, Canada, and the wider Arctic Region. 

Earlier in March, OneWeb signed an MOU with Telstra to explore new connectivity solutions for Australia and the Asia pacific regions.  

Leave a comment »

A Cybersecurity Expert from TELUS Online Security Provides Thoughts And Tips To Keep Canadians Safe During Fraud Prevention Month

Posted in Commentary with tags on March 22, 2022 by itnerd

As our lives continue to become increasingly digital, from embracing the full-time shift to remote work to turning to online banking and tax filing as the new norm, protecting ourselves from online threats is more important than ever. Because frequent readers of my blog will know that there are lots, and lots of threats out there. With more threats appearing every day. That’s why I connected with cybersecurity expert and director of TELUS Online Security, Leigh Tynan to get her views on what’s happening in Canada and what Canadians can do to keep themselves safe during Fraud Prevention Month and beyond. Many thanks to her for her thoughts and tips for this article.

What do you think are the reasons behind the increase in fraud that is being seen in Canada?

Amidst the pandemic, we’ve been online more than ever before and have been sharing more information. Because of this, cybercriminals have more opportunities to take advantage of our digital footprints, especially during times like tax season. As our lives continue to become increasingly digital, it’s important to take the time to protect ourselves through services like TELUS Online Security Powered by Norton, a multi-layered solution that helps protect your devices, online privacy and identity. In fact, TELUS Online Security is currently offering Canadians a free 3-month trial to experience firsthand this simpler way to stay safer online: https://www.telus.com/en/online-security/standard-free-trial 

What more must be done in your opinion to protect Canadians (specifically seniors) from fraud?

My best advice is to educate yourself and help pass that education on to others who may not have the same resources available to them, like seniors. We set up cameras so we can see what’s going on outside our homes, if we ride a bike, we lock it up when we leave it and we wouldn’t give our car keys to just anyone. Yet arguably our most valuable possession, our identity, we often forget to protect. We need to be aware of the cyber threats out there, and take action to safeguard ourselves.Some actions Canadians can take to help protect themselves from fraud include:

  • Ensuring you have the most up to date software on your computer or mobile devices and subscribe to a device security service to protect you from malware, ransomware,viruses, spyware and other online threats.
  • Creating complex, unique passwords to protect yourself. We put ourselves at immenserisk if we have the same password, or few passwords across all our apps, loyalty programs, banking sites etc. I understand that people feel overwhelmed by all the passwords needed today, so I suggest using a password manager to help keep them all straight. They are simple to use and coordinate across all your devices.
  • Using a VPN to mask your online activity from spyware or online hackers. Most of us use VPN’s all the time for work, but we forget we are at just as much risk in our personal lives.
  • Never trusting a Wi-Fi connection that isn’t your own. I would like to reinforce that if you are going to use public Wi-Fi, please ensure you are protected by a VPN.

What about business related fraud such as business email compromise, executive spoofing, and the like? Are you seeing an increase there?

While TELUS is not selling business-level cyber security solutions, fraud is also on the rise for Canadian businesses. With less than two in five Canadian businesses reporting they feel they can fully detect and fend off cyberattacks (according to a recent report from KPMG) and with Canadian corporations being the third biggest victims of ransomware attacks in 2020 and 2021, behind only U.S. and U.K, it’s more important than ever that Canadian consumers and businesses alike take measures to protect themselves.Whenever you engage with a site online, you’re leaving them with your personal data. This includes seemingly harmless activities like shopping online and signing up for a rewards program. All it takes is for one of these organizations to be hacked for your data to be packaged up and sold online to hackers and identity thieves. This growing trend, which has targeted high profile companies like the Canada Revenue Agency and Canada Post in 2021, has implications for consumer information.

What do you think is the security posture of Canadian businesses and do they need to do more

While it is great that Canadian consumers and businesses are starting to become more aware of cybersecurity and fraud risks, we need to do more to personally educate ourselves and others to understand what steps we need to take to protect ourselves. Cybercriminals are upping their game, and it is time that we up ours to protect against the risk.

A great educational tool is TELUS Wise, a free digital literacy education program that empowers Canadians to stay safe in a digital world. TELUS Wise offers informative workshops and resources on topics like protecting your online security, privacy, and reputation, rising above cyberbullying, and using technology responsibly.

Leave a comment »

Lapsus$ Pwns Microsoft And Leaks Source Code

Posted in Commentary with tags on March 22, 2022 by itnerd

The hacker group Lapsus$ is very busy these days. Besides pwning Okta, they’ve apparently also pwned Microsoft and leaked 37GB of source code according to Bleeping Computer:

Security researchers who have pored over the leaked files told BleepingComputer that they appear to be legitimate internal source code from Microsoft.

Furthermore, we are told that some of the leaked projects contain emails and documentation that were clearly used internally by Microsoft engineers to publish mobile apps.

The projects appear to be for web-based infrastructure, websites, or mobile apps, with no source code for Microsoft desktop software released, including Windows, Windows Server, and Microsoft Office.

When we contacted Microsoft about tonight’s source code leak, they continued to tell BleepingComputer that they are aware of the claims and are investigating.

It is insane how prolific this group has become as victims of this group include NVIDIA, Samsung, Vodafone, Ubisoft, and Mercado Libre. And any company could be next on this group’s hit list. Because if they can get Microsoft, they can get anyone.

1 Comment »

Google Canada Announces Second Cohort For Google Cloud Accelerator For Startups

Posted in Commentary with tags on March 22, 2022 by itnerd

In January, Google put a call-out to startups across the country to participate in their second Google Cloud Accelerator Canada cohort. Today, Google is pleased to announce a new class of groundbreaking startups for the Google Cloud Accelerator Canada. This 10-week virtual accelerator brings the best of Google’s programs, products, people and technology to startups doing interesting work in the cloud. Google is offering these startups cloud mentorship and technical project support, along with deep dives and workshops on product design, customer acquisition and leadership development for cloud startup founders and leaders. 

Here are the eleven startups that make up the 2022 Google Cloud Accelerator Canada class: 

  • Ad Auris (Vancouver, BC): An end-to-end audio creation platform. Used by digital publications to convert their written work into great-sounding audio, instantly.
  • Booxi (Montreal, QC): Booxi is an appointment scheduling software designed for retailers. Their mission is to Make Commerce More Human and help retailers offer a personalized experience to every customer.
  • Cadence (Saskatoon, SK): Cadence is a digital executor assistant, supported by Certified Executor Advisors. Their web app automates Estate Settlement tasks.
  • f8th (Toronto, ON): f8th’s continuous authentication transparently and passively authenticates users and detects fraudsters in real-time without impacting the user experience.
  • IRIS (Burlington, ON): IRIS is a smart cities infrastructure technology company. They help urban and rural communities extend the life of their public infrastructure.
  • Origami XR (Toronto, ON): Origami is a spatial computing company that makes it easy to scan a physical environment using the LiDAR in your phone, and create a 3D digital twin that rivals output from professional scanning equipment.
  • Pharmaguide (Richmond Hill, ON): PharmaGuide specializes in equipping healthcare providers with solutions to increase efficiency and improve patient outcomes. Through direct integrations with multiple health platforms, they can intelligently analyze data and flag patients that could benefit from treatment modifications.
  • Schoolio (Toronto, ON): Schoolio OS aims to bridge teachers, parents and tutors into a single ecosystem, focusing on education transparency, inclusive curriculum and a holistic approach to success measurement.
  • Shaddari Inc. (Montreal, QC): Shaddari Inc. is a precision medicine company that has developed an A.I. that can tell instantly whether a vaccine will be efficient against a new variant of a virus.
  • SmartONE Solutions (Markham, ON): SmartONE creates smart communities, by connecting the smart homes in multi-family residential developments over a common network to transform community living.
  • Tiggy (Vancouver, BC): Tiggy is a 15-minute grocery delivery service on a mission to forever change the way we buy everyday essentials.

It’s an exciting opportunity for Google to work with these founders and startup teams to help grow and scale their business. Programming for the Google Cloud Accelerator Canada begins April 11.

Leave a comment »

Okta Pwned By LAPSUS$ And Companies Who Use Okta Products Are Running Scared

Posted in Commentary with tags on March 22, 2022 by itnerd

Otka is a company that provides single sign-on user authentication tools in the enterprise sector. And they are now the latest company to be pwned by LAPSUS$. What’s worse is that this hack has the possibility allowing the attackers very substantial access to corporate data as their products are used for authenticating users so that they can gain access to applications and networks.

I’ve talked to a few people who work for companies who use Okta products, and they are extremely concerned about this hack as they can see a scenario where they get pwned because of this. Thus the my message would be that companies who use Okta products should be very vigilant as I am pretty sure that the fallout from this hack is only beginning.

UPDATE: Saryu Nayyar, CEO and Founder of Gurucul had this to say:

“While customers are relying on vendors like Okta for Zero Trust and starting to implement SASE, this shows the need for more advanced security operations tools to ensure that threat actors aren’t abusing identity and access policies. Customers must incorporate advanced identity analytics, user behavior baselining and monitoring, and an extensive set of self-training machine learning models to detect and mitigate threats that are able to still evade these new security initiatives. CISOs must invest more in automation-focused Threat Detection, Investigation and Response (TDIR) solutions when it comes to quickly identifying threat actors that are extremely targeted and able to easily sneak through existing defenses.”

UPDATE #2: Kevin Novak, Managing Director, Breakwater Solutions added his thoughts:

“While very little has been posted about this incident, it all points to a security breach that occurred back on January 21, 2022, and of which Okta has indicated it shut it down rapidly.  If however, the compromise involved a successful assault on Client information, such as client credentialing, key materials, or source code pertaining to environments that may lead to client compromises, then Okta May suffer much greater scrutiny from the field for its lack of adequate, timely notification of the event.  Security professionals around the world are debating the list of compromise possibilities based on the pictures posted about the hack, but no definitive word has been shared by Okta.” 

“Of major concern to all is: “what then?”  If the Okta environment is compromised, companies can’t simply flip a switch and authenticate/authorize on a different platform.  These are embedded platforms that require time to swap.” 

“While some have made conjectures about whether this hack contributed to another breach here or there, it would seem that a full compromise of Oktas backend would have become far more obvious by now, but we’ll see more over the next few months.”

4 Comments »