Archive for March, 2022

« Older Entries
Newer Entries »

Apple 3D Maps Come To Toronto, Montreal And Vancouver

Posted in Commentary with tags on March 25, 2022 by itnerd

Over the years I have criticized Apple for not bringing some of their marquee features and products to Canada. Apple Cash and Apple Card are two examples that come to mind. But last night my opinion on that shifted slightly. Apple put out a press release last night to announce that its revamped Apple Maps experience is now available in the Canadian cities of Toronto, Montréal, and Vancouver. The update delivers more detailed maps, complete with custom-designed 3D landmarks. Here’s a few examples from Toronto. Starting with the Hockey Hall of Fame:

Next up is City Hall:

And finally Scotiabank Arena:

I’ve also noticed that in Apple CarPlay, some buildings are also in 3D as well. This Apple Maps update is also available in Montreal and Vancouver. And joins London, Los Angeles, New York, Philadelphia, San Diego, San Francisco, and Washington, D.C. in having this experience.

Now if Apple would only bring the Apple Card and Apple Cash to Canada, then life for many Apple users in Canada would be complete.

Leave a comment »

CRTC Approves Rogers Takeover Of Shaw…. And That’s A Mistake

Posted in Commentary with tags , on March 25, 2022 by itnerd

Yesterday, the CRTC approved the takeover of Shaw by Rogers. In it’s decision, it said this:

The Commission approves, subject to a number of modifications and the fulfilment of specific conditions of approval, an application by Rogers Communications Inc. (Rogers), on behalf of Shaw Communications Inc. (Shaw), for authority to transfer the effective control of the broadcasting undertakings licensed to Shaw or its subsidiaries to Rogers or its subsidiaries. The Commission concludes that the transaction as modified by the Commission is in the public interest and advances the objectives set out for the Canadian broadcasting system in the Broadcasting Act (the Act).

Those conditions are:

  • A $27.2 million payout to the Canada Media Fund, Independent Journalism Fund and other cultural agencies
  • Time-bound commitments to Shaw customers, such as notifying them 90 days before current contracts end about the impending merger
  • Rogers also must report annually on its increased contribution to local news
  • Hiring more journalists at its Citytv stations
  • Producing an extra 48 news specials annually “that reflect local communities.”

Now this decision only covers broadcasting elements of the transaction. It doesn’t cover the cellular parts of the deal for example. But regardless, the CRTC has once again proved that they don’t have the interests of Canadians in mind. This deal would reduce competition, raise prices, and not benefit Canadians at the end of the day because they would have less choice in the telco marketplace. And it proves that the CRTC needs to be abolished in favour of a regulatory body that protects Canadians and holds telcos accountable. Because when the head of the CRTC meets his telco friend in a bar for a beer, then any pretence of impartiality goes out the window. Which by extension means that decisions like this are suspect by default.

Now to be fair, there are other hoops that this deal has to go through. And one can hope that common sense prevails and nukes this deal from orbit. But somehow I see this as the beginning of the end for affordable telco services in Canada.

Leave a comment »

Seven Teens Arrested By UK Police And Accused Of Being The Lapsus$ Hacking Gang

Posted in Commentary with tags on March 24, 2022 by itnerd

Here’s a plot twist. London Police have arrested seven teens in relation to being the Lapsus$ hacking gang. That’s the gang that has pwned Nvidia, Microsoft, and Okta among others. The BBC has the details:

A 16-year-old from Oxford has been accused of being one of the leaders of cyber-crime gang Lapsus$.

The teenager, who is alleged to have amassed a $14m (£10.6m) fortune from hacking, has been named by rival hackers and researchers.

City of London Police say they have arrested seven teenagers in relation to the gang but will not say if he is one.

The boy’s father told the BBC his family was concerned and was trying to keep him away from his computers.

Under his online moniker “White” or “Breachbase” the teenager, who has autism, is said to be behind the prolific Lapsus$ hacker crew, which is believed to be based in South America.

Lapsus$ is relatively new but has become one of the most talked about and feared hacker cyber-crime gangs, after successfully breaching major firms like Microsoft and then bragging about it online.

The teenager, who can’t be named for legal reasons, attends a special educational school in Oxford.

City of London Police said: “Seven people between the ages of 16 and 21 have been arrested in connection with an investigation into a hacking group. They have all been released under investigation. Our inquiries remain ongoing.”

And what’s interesting is this:

“White” was outed – or “doxxed” – on a hacker website, after an apparent falling out with business partners.

The hackers revealed his name, address, and social media pictures.

They also posted a biography of his hacking career, saying: “After a few years his net worth accumulated to well over 300BTC [close to $14m]… [he is] now is affiliated with a wannabe ransomware group known as ‘Lapsus$’, who has been extorting & ‘hacking’ several organisations.”

No honour among thieves I guess. But it does mesh with a story that I posted earlier today. In any case, they have been released and are under investigation. So we may hear more about this in the coming days.

2 Comments »

Is Lapsus$ Run By A Teenager Living With His Mom In The UK?

Posted in Commentary with tags on March 24, 2022 by itnerd

Here’s a plot twist in the whole Lapsus$ saga. Bloomberg is reporting that a Teen is suspected by Cyber researchers of being Lapsus$ mastermind. Cybersecurity researchers investigating the hacking group, on behalf of the companies that were attacked, said they believe the teenager, who lives at home with his mother in Oxford, England, is a mastermind. Cybesecurity expert Brian Krebs has posted a story that speaks to this as well, along with further details about the Lapsus$ group.

Based on this, I have a fair amount of commentary from a variety of experts. The first being Lucas Budman, CEO of TruU:

This is yet another example of bad actors continuing to exploit the vulnerabilities of the password.  As an industry we need to decide do we want to continue to try to “plug the proverbial hole in damn” by resetting passwords and/or adding 2FA (which is effectively a single factor at this point as the password is likely compromised already) in response to these events.  Or, are we ready to “use a new damn” and move on to passwordless MFA.

Peter Stelzhammer, Co-Founder of AV-Comparatives is next with this commentary:

“Hackers are no longer pupils, just doing it for fun. While pupils are eager to learn the ways of hacking, what must be understood is that if taken out of hand, it becomes online, organized crime. While hackers are sometimes hired as someone to do their job of their own accord, usually, it is always for the money.”

“Often it starts with social engineering and ends with a successful breach. Cybercriminals are most of the time well educated and geniuses in their field. The money made in cybercrime is much more than in the global drug market.”

Finally, we have Darren Williams, Founder and CEO, BlackFog with his perspective:

“So far this month we’ve seen Lapsus$ claim attacks on Okta, Samsung, Vodafone and Microsoft to name a few, so you’d easily be forgiven thinking there is a gang of cybercriminal masterminds behind these attacks. The ‘gang’ or potentially the teenager working from his mother’s house, made their mark in the ransomware world with the attack on Portuguese media conglomerate Impresa. Lapsus$ demonstrated a sense of humor following the incident when they tweeted that “Lapsus$ is the new president of Portugal”. Whether a criminal gang or a teenager from Oxford it’s clear that the ‘organization’ has the ability to infiltrate some of the world’s largest organizations at a speed that makes these attacks impossible to prevent using traditional perimeter defence tools. More than 84% of all attacks involve data exfiltration, exposing data on the Dark Web and/or public web sites. By refocusing security efforts on anti-data exfiltration, organizations are able to mitigate extortion attempts, regulatory fines, reports and ultimately the loss of trust in the business.”

Regardless who runs this hacking group, the main thing that you have to know is that they are dangerous because they are extremely effective. You need to take action in terms of strengthening your security posture so that you don’t become the next victim of Lapsus$.

1 Comment »

Canadian Nonprofits Are Investing In Digital Transformation To Drive Efficiency And Growth: Sage

Posted in Commentary with tags on March 24, 2022 by itnerd

Sage, the leader in accounting, financial, HR and payroll technology for small and mid-sized businesses, today released a new study on the Canadian nonprofit sector, Grow Together: How digital transformation empowers Canadian nonprofit organizations to embrace change. The study found that nonprofits have seized the opportunity during the pandemic to rethink and change the way they operate to gain efficiencies and better serve their communities, despite the difficulties caused by COVID-19.

Transforming operations to overcome challenges

In partnership with Leger, a Canadian research firm, Sage found that 9 in 10 nonprofits consider their digital transformation efforts a top priority to update business processes and gain efficiencies:

  • 27% have already gone through the process and are digital-first
  • 47% are in the process of digitizing key processes
  • 16% have plans to digitize key processes

The pressure on nonprofits to transform their operations is driven by both external and internal challenges. The pandemic has inflicted the following top five common external challenges on nonprofits:

  • Program disruptions (43%)
  • Staffing shortages (39%)
  • Decreases in funding (36%)
  • Uncertainty related to service delivery mechanisms due to the pandemic (36%)
  • Increased demand for services (32%)

Furthermore, two-thirds of nonprofits believe these external barriers will persist in 2022. As such, the need to accelerate or continue digital transformation initiatives is pressing to help overcome these acute challenges.

In addition, four in five Canadian nonprofits said they are experiencing the following internal challenges, which are causing operational friction within their organization:

  • Lack of staff with the right skill set to manage the digital transformation journey (25%)
  • Inefficiencies and delays due to multiple, disparate systems (23%)
  • Manual, time-consuming reporting (23%)

Making strategic choices

Supporting digital transformation has been difficult for nonprofits when resources, financial or otherwise, have been stretched to their limit during the pandemic. In fact, 28% of Canadian nonprofits experienced a decrease in 2021 revenue, with four in ten experiencing more than 25% decrease in revenue. One-third of nonprofits saw a decrease in funding from both foundations and corporations over the last twelve months.

Facing both resource constraints and the need to overcome operational challenges, management of nonprofits are changing their approach to utilizing new technologies.

Nonprofit organizations that have begun their digital transformation are beginning to reap the benefits with clear efficiencies, including:

  • Clearer data and reporting mechanisms
  • Stronger tools to stay organized across the business
  • Easier transition to working remotely
  • Time saved on administrative duties

The nonprofit sector believes that technology is vital for both the immediate well-being of their teams as well as their long-term success.

Planning ahead

Looking ahead into 2022, nonprofits are beginning to express some optimism:

  • 4 in 10 are forecasting a revenue increase for 2022, with 44% expecting an increase of 25% or higher
  • 35% expect year-over-year revenue to remain flat
  • 15% expect a decrease in revenue
  • 8% are uncertain of their revenue projections

Growth is top-of-mind for these nonprofit organizations. Four in ten are planning to prioritize the expansion of their donor base, build their digital presence on social media and increase brand awareness. To achieve these priorities, their top investments will include the increased use of digital/automated platforms, increased marketing budget, and hiring skilled staff.

To learn more, please download the full Grow Together: How digital transformation empowers Canadian nonprofit organizations to embrace change report.

Methodology
Sage partnered with Leger, national research and analytics firm, to survey 75 non-profit financial directors across Canada between January 12th and January 25th, 2022. We also conducted focus groups with six non-profit financial directors between January 27th and February 7th, 2022.

Leave a comment »

Terranova Security Announces Cyber Hero Score

Posted in Commentary with tags on March 24, 2022 by itnerd

Terranova Security, the global partner of choice in security awareness training with more than 20 years of experience educating the world’s cyber heroes, has announced Cyber Hero Score. This new feature allows organizations to quantify risk by assigning unique ratings to each end user or user profile based on their cyber security behaviors. Cyber Hero Score is a visionary addition to the Terranova Security offering, primed to disrupt the industry by going beyond assessment surveys in determining employee risk levels, using personalized metrics.

Cyber Hero Score can be used for individuals, user profiles, teams, departments, countries, and business units. This intel facilitates how organizations build tailored cyber awareness training campaigns based on actual end user behaviors and progression over time. A Cyber Hero Score will draw from multiple factors, including the:

  • Role, function, and regional location within the organization 
  • Risk and security awareness knowledge levels 
  • Access permissions to sensitive information 
  • Proximity to previous data breaches

Security awareness training metrics, such as course participation and completion rate, phishing simulation results, and behavior change performance over time, are also considered. By accurately assessing risk and security awareness levels, organizations can quickly identify high-risk users or profiles, pinpoint specific behavior change areas, and personalize the resulting training campaigns to suit those unique realities. As a result, organizations can significantly reduce the human risk factor.

Cyber Hero Score is an asset for all organizations, regardless of whether their employees work within a remote/hybrid model or in-office. Training administrators must clearly understand team members at higher risk of being targeted by a cyber-attack and if they have adequate knowledge and skills to safeguard against attempts to compromise sensitive data. Organizations will leverage Cyber Hero Score to risk-based campaigns that respond and adapt to behavior changes based on an individual’s unique awareness training journey. This feature underpins a security-first mindset that helps mitigate risk, build cyber threat resilience, and grow security awareness across all departments, regions, and functions.

For more information on how Cyber Hero Score plays an integral part in building cyber threat resilience and growing a cyber-aware security culture through targeted, risk-based training, visit the dedicated webpage on the Terranova Security site.

Leave a comment »

Nuspire Provides Advice For Customers Of Okta Who Might Be Affected By The Lapsus$ Hack

Posted in Commentary with tags on March 24, 2022 by itnerd

You might recall that threat actor group Lapsus$ posted screenshots in their Telegram channel of what they claim to be Okta customer data. Okta is a leading provider of authentication services and Identity and Access Management (IAM) solutions. They’re used by organizations worldwide as a single sign-on (SSO) provider, allowing employees to securely access a company’s internal systems, such as email accounts, calendars, applications and more. Okta has responded with their version of events as well.

Lapsus$ has previously claimed responsibility for the leaked proprietary data of companies such as NVIDIA and Samsung. Unlike ransomware groups, Lapsus$ does not encrypt data once they gain access. Instead, they exfiltrate the data and threaten to publish what they’ve gathered if demands are not met. The group began by focusing on Latin American victims and some security researchers suspect the group is based in Latin America.

In the interest of helping customers of Okta since it is said that over 300 customers might be affected by this, I reached out to managed security provider Nuspire and JR Cunningham, CSO at Nuspire was kind enough to provide these recommendations:

  • Review your Okta audit logs for suspicious activity focused on superuser/admin Okta accounts.
  • Rotate passwords for high-privileged accounts.
  • Check for privileged accounts created around the time of the suspected breach. (January 21, 2022).

Hopefully that helps companies take a security posture that help to protect them from being the next victim of Lapsus$.

Leave a comment »

OVHcloud Launches Veeam Enterprise Solution in Canada

Posted in Commentary with tags on March 23, 2022 by itnerd

OVHcloud is proud to announce that its Veeam Enterprise solution – powered by OVHcloud infrastructure – is now available in Canada, offering Canadian businesses advanced capabilities to backup, replicate or recover their data in the cloud.

To enrich its portfolio of storage solutions dedicated to supporting businesses, this new offering allows OVHcloud’s Canadian customers, via the activation of a Veeam Enterprise license, to back up their applications in OVHcloud infrastructures or in their own data center. Compatible with physical servers under Windows or Linux, NAS or NAS HA storage, and virtual machines under VMware, the Veeam Enterprise solution reinforces data security for enterprises. It combines the industry-leading services of the European cloud leader with Veeam’s unique platform, entirely dedicated to guaranteeing business continuity.

Take control of your backups with complete freedom

Veeam Enterprise is designed for companies that want to save time and focus on their core business by outsourcing their backups to the cloud. Deployed at OVHcloud or in the customer’s on-site data center, backups are fully controlled by the company, regardless of the number of machines or their location. This control also extends to OVHcloud’s transparent and predictable pricing model, which is based on the actual consumption of the solution (pay-as-you-go). 

Built on the Veeam Backup & Replication technology, the Veeam Enterprise license complements two Veeam services also available from OVHcloud: Veeam Backup Managed, the backup as a Service solution for virtual machines; and Veeam Cloud Connect, which enables outsourcing backups from an existing Veeam Backup server to an OVHcloud data center.

Already available in Europe, the deployment of Veeam Enterprise is now available from the OVHcloud control panel in Canada and the APAC region.

Leave a comment »

You have 43 Minutes To Stop A Ransoware Attack: Splunk

Posted in Commentary with tags on March 23, 2022 by itnerd

A new report from Splunk has warned that network defenders have only 43 minutes to mitigate ransomware attacks once an attacker has begun encryption. Splunk measured known ransomware strains including Ryuk, REvil, BlackMatter, DarkSide, Conti, LockBit and more, with LockBit being the fastest attacking and encrypting ransomware, 86% faster than the median of 43 minutes. The report requires you to register to see it as I did, but it is very much worth reading.

Peter Stelzhammer, Co-Founder, AV-Comparatives had this comment:

“In our common ransomware testing we saw that not only the ransomware itself is code optimized, but also the endpoint protection products do a very good job protecting against those threats. However, it is also fact that the performance of the computer, especially of the CPU, has an impact on the ransomware. Usually the faster CPU is, the more files are getting encrypted, if it’s only about ransomware protection. The best thing is to block the threat is the threat itself before it can start its behavior.”

Mitigating ransomware attacks in 43 minutes or less sounds like a tall order. And it can be. But it shouldn’t stop companies from doing everything possible to make sure that they are not a victim of ransomware. Because prevention may not be easy. But it is possible.

UPDATE: I have two more comments. Chris Olson, CEO of The Media Trust had this to say:

 “Ultimately, these findings demonstrate the futility of responding to ransomware and encryption attacks after the fact. To protect themselves, organizations must pivot to prevention over treatment. The first step is to monitor IT and digital infrastructure in real time, while working to harden entry points which malicious actors can use to gain a foothold before they do.”

“Importantly, today’s businesses must work to gain a detailed understanding of the way that ransomware attackers compromise their systems, from the reconnaissance phase through to execution. It’s easy to overlook the importance of digital attack surfaces such as the Web and mobile devices – but this is exactly where many ransomware incidents begin.”

Darren Williams, CEO and Founder of BlackFog offers this perspective:

 “One of the challenges with traditional defensive approaches to cybersecurity is that they require too much time to adequately protect organizations from these types of attacks. The focus on encryption speed should be irrelevant for modern cybersecurity software.  Instead of focusing on encryption we should be focused on preventing the exfiltration of data from the device and the resulting breach. By looking at the mechanism of action across various ransomware gangs it is possible to stop these attacks at many stages of the attack life cycle and ultimately stop the data exfiltration from the device itself.”

1 Comment »

Microsoft Confirms That They Got Pwned By LAPSUS$

Posted in Commentary with tags , on March 23, 2022 by itnerd

Microsoft last night confirmed that they were indeed pwned by the LAPSUS$ group, or DEV-0537 as Microsoft calls them after the extortion group released 37GB of source code from Microsoft’s Azure DevOps server. The source code is for various internal Microsoft projects, including for Bing, Cortana and Bing Maps as I described in this story from yesterday.

This week, the actor made public claims that they had gained access to Microsoft and exfiltrated portions of source code. No customer code or data was involved in the observed activities. Our investigation has found a single account had been compromised, granting limited access. Our cybersecurity response teams quickly engaged to remediate the compromised account and prevent further activity. Microsoft does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk. The tactics DEV-0537 used in this intrusion reflect the tactics and techniques discussed in this blog. Our team was already investigating the compromised account based on threat intelligence when the actor publicly disclosed their intrusion. This public disclosure escalated our action allowing our team to intervene and interrupt the actor mid-operation, limiting broader impact.

If a company as big as Microsoft can get pwned, then nobody is safe.

Saryu Nayyar, CEO and Founder, Gurucul had this to say:

“Gurucul Labs has done extensive research over many years where we see an Insider Threat quickly becomes apparent as an External Threat and are often not mutually exclusive. This has been more common when insiders are recruited by external groups based on nation-state attack objectives seeking to gain access to networks, steal intellectual property or gain further intelligence on individuals. This is a dangerous and emerging situation where rather than through some combination of blackmail, patriotism, and financial incentives, The Lapsus$ ransomware group has determined that the financial incentive is significant enough to “turn” an insider. Recruiting insiders for stealing sensitive data and executing ransomware, with this combined impact being referred to as a “double extortion” campaign, can be extraordinarily difficult to detect for most XDR and SIEM solutions because they lack the analytics and machine learning models to identify both internal and external malicious activity as being part of the same attack. Customers need the unique approach of combining traditional security analytics, Network Traffic Analytics (NTA), User Entity Behavior Analytics (UEBA) and Identity Access Analytics (IAA) with a risk prioritization engine to determine if users are violating their access privileges in terms of resources and applications, transpiring in any unusual activity based on their role and entitlements, or suspiciously communicating with external parties.  The right solution can enable security teams to escalate in real-time with the necessary context and risk priority in order for the organization to take precise and swift action. Even if the attack has progressed rapidly, it is still important to understand communications and transactional data flow that is indicative of data exfiltration and allow for rapid response to shut it down immediately.”

Peter Stelzhammer, Co-Founder, AV-Comparatives had this to add:

“Even as single sign-on solutions are on the rise, there are some downsides with them, as well with other systems like password managers. It sounds promising to memorize only one password like your master password, but it comes with a downside. In the past years we have seen LastPass, Dashlane, 1Password, Keeper, Onelogin and KeePass with vulnerabilities.  Not all of them lead to breaches, but it shows the dangerousness. Cyber criminals are now on the way to attack the superordinate units instead of the low-level single password of the user. This shows how dependent we all are, from proper coding and vulnerabilities research, full single sign on solutions and password managers. Of course, the best would be using different 20-character passwords with special characters and numbers as well as different login names, but that’s not convenient nor practical. Even with biometric access you fall into a trap. What we have to do is watch the tools we use for vulnerabilities.”

This should serve as a big wake up call that cybersecurity is no longer optional. Because in this case, Microsoft got pwned. Which means that you could be next if you don’t take action now.

UPDATE: Darren Williams, CEO and Founder of BlackFog offers this additional perspective:

“The attack on Microsoft follows the typical pattern we are seeing from the Lapsus$ extortion gang including the recent attack on computer hardware manufacturer Nividia. The Lapsus$ gang in particular has ramped up attacks in March, and which further highlights that the traditional defensive approaches that have been historically relied on are failing organizations today. Perimeter defense tactics are insufficient when it comes to preventing these attacks and the inevitable data exfiltration. The growing importance of anti-data exfiltration techniques must be considered when it comes to preventing these catastrophic losses in the future.”

Leave a comment »

« Older Entries
Newer Entries »