Archive for October 26, 2023

HYAS Examines Predator Mercenary Mobile Spyware

Posted in Commentary with tags on October 26, 2023 by itnerd

HYAS Research Labs has been following research by Canada’s own CitizenLab and Sekoia on the mercenary spyware “Predator”, made by Cytrox, which was discovered to be targeting an Egyptian former MP (link is to AP story, and is also linked below) who announced a potential run for the presidency. 

HYAS security engineer David Brundson investigated the IOCs mentioned in both reports using HYAS Insight and found details that could lead toward threat actor attribution, which he publishes in “Examining Predator Mercenary Spyware”

The HYAS blog provides recaps the threat actor’s attack, delves into strategy and, through HYAS Insight, identifies their likely location.  

Brundson also offers HYAS Recommendations: Individuals concerned about possibly being the target of mercenary spyware should reboot their phones daily, as thus far, it hasn’t been reported that Predator has persistence after reboot. Organizations should strongly consider protective DNS, such as HYAS Protect, which was today named for an InfoSec Innovator Award.

HYAS Blog – Examining Predator Mercenary Spyware: https://www.hyas.com/blog/examining-predator-mercenary-spyware

Leave a comment »

Five Canadian Businesses Each Awarded $125K Prize Packages Through TELUS’ #StandWithOwners Program

Posted in Commentary with tags on October 26, 2023 by itnerd

TELUS is excited to celebrate five deserving Canadian businesses from across the country who  recently each received a $125K grand prize package as part of the fourth annual TELUS #StandWithOwners program in recognition of how their businesses are changing the game, solving the problems of today, and using technology to grow and differentiate their business.

This year’s grand prize winners include:

  • AquaVerti Farms, Montreal, QC – Led by business owners Georges Aczam and Stephen Moss, AquaVerti Farms specializes in the cultivation of hydroponic vegetables and is the first farm in Canada to completely eliminate CO2 emissions from production
  • Cedar Valley, Oldcastle, ON – Mother-son duo, Surria and Ameen Fadel, started their product line of fattoush salad dressing and authentic Lebanese-style pita chips with a $3,000 grant. Now, they’ve expanded into 1,000 stores across Canada
  • Hoot Reading, Winnipeg, MB – Founded by Carly Shuler and Maya Kotecha, Hoot Reading is a social enterprise dedicated to changing children’s lives through literacy. To-date, the organization has delivered over 250,000 free, evidence-based reading lessons by qualified teachers in hundreds of school districts across North America
  • Omy Laboratoires, Quebec City, QC – Pharmacists and cosmeticians Andrea Gomez and Rachelle Séguin are the revolutionary force behind Omy Laboratoires, a B Corp Certified custom dermocosmetics company that offers fresh and personalized products that meet the needs of those neglected by the cosmetic industry
  • VodaSafe, Vancouver, BC – Created by microelectronics engineer and former lifeguard Carlyn Loncaric, VodaSafe is a hand-held sonar device that uses AI to quickly locate people underwater, revolutionizing the way rescuers do their job. Eight hundred units have already been deployed in 46 states and eight provinces so far with global expansion on the horizon

In addition, 15 finalists received $20,000 in funding and additional prizing from this year’s program. A panel of judges selected the winners out of thousands of applicants based on the strength of their submissions and their entrepreneurial spirit. 

Since 2020, TELUS has committed $3.5 million to the #StandWithOwners, providing funding, technology and recognition to help businesses from coast-to-coast thrive in a digital world. 

Leave a comment »

District of Columbia Board of Elections Has Apparently Been Pwned…. PII Has Been Swiped

Posted in Commentary with tags on October 26, 2023 by itnerd

The District of Columbia Board of Elections (DCBOE) is saying that a threat actor may have obtained access to the personal information of all registered voters:

On Friday, October 20, during a daily morning check-in call with DataNet Systems, DCBOE learned that:

  • DataNet Systems’ breached database server did contain a copy of the DCBOE’s voter roll.
  • DataNet Systems confirmed that bad actors MAY have had access to the full voter roll which includes personal identifiable information (PII) including partial social security numbers, driver’s license numbers, dates of birth, and contact information such as phone numbers and email addresses.
  • DataNet Systems could not pinpoint if or when this file may have been accessed or how many, if any, voter records were accessed.

Out of an abundance of caution, DCBOE will reach out to all registered voters. In addition, DCBOE will be engaging with Mandiant, a cybersecurity consulting firm, to assist with next steps.

This remains an ongoing and active investigation.

Ken Westin, Field CISO, Panther Labs had this comment:

There are many troubling aspects to the breach of DataNet Systems’ voter registration data. First is the amount of PII that was harvested from license numbers, SSN, addresses, and contact details. Given this is data of DC residents and the ransomware group responsible are out of Russia, there is a likely chance this information can end up in the hands of Russian intelligence. The fact that DataNet Systems can’t say with any certainty when the data was accessed or for how long is also worrisome and makes me wonder if they were missing key security controls to protect such sensitive data.

I for one would like to see DataNet Systems fully explain this. Maybe the solution is to haul them in front of a Congressional committee and compel them to answer the hard questions? I say that because it seems very odd to me that they can’t provide details as to how this happened.

Leave a comment »

Horizon3.ai NodeZero Users Saved $325K+ A Year Independent Study Shows

Posted in Commentary with tags on October 26, 2023 by itnerd

Horizon3.ai today announced the findings from a commissioned study, “The Total Economic Impact of the NodeZero Platform, October 2023,” performed by Forrester Consulting. It shows how the composite organization studied received vulnerability and risk intelligence that exceeds traditional approaches through use of the NodeZero platform and achieved a three-year 63% return on investment (ROI). In addition, operations time savings freed up the equivalent of one member of their four-member security team to focus on other security initiatives.

The study released today is based on six Horizon3.ai customers from four organizations who were interviewed by Forrester Consulting. These users span the entertainment, manufacturing, healthcare, and construction industries and the quantified benefits they experienced formed the framework for Forrester’s Total Economic Impact (TEI). By aggregating the customers’ characteristics, Forrester created a composite company with 2,000 employees and $500 million in annual revenue for its analysis. Forrester’s multistep approach included an evaluation of the costs, benefits, flexibility, and risk factors yielded from the investment in NodeZero for this profile, while also comparing NodeZero to those customers’ earlier penetration testing and vulnerability scanning approaches.

Key findings for the benefits and cost savings over a three-year period were improvement in security operations productivity by 30% worth $348,000, avoided costs of $255,000 by eliminating third-party penetration tests, and savings of $206,000 from reduced vulnerability scanner expenses. This resulted in a financial benefit of $809,000 for this composite organization, and a total value of $1.63 for each dollar spent. The study also highlights many additional security and business benefits that provided significant value but were not quantified in the study.

Direct quotes from the interviewed organizations reveal a common thread throughout the study about their key challenges prior to adopting NodeZero. They included expensive, inconsistent, and ineffective third-party penetration tests, lack of exploitable vulnerability prioritization, and how the use of siloed or underperforming security tools led to poor insights. Readers will also learn how NodeZero improved the interviewed organizations’ security operations productivity, provided measurable and quantifiable benefits, delivered reductions in cost for previous solutions, and enabled a long list of other benefits.

The identities of the customers are not disclosed in “The Total Economic Impact of the NodeZero Platform, October 2023.”

For organizations that face similar challenges and must make comparable decisions as those found in the Forrester TEI study, Horizon3.ai suggests they download the study and see for themselves what these customers said about NodeZero. These customers note that it has considerably improved their company’s security postures, while providing a notable return on their investment over previous cyber risk assessment approaches.

To read the full TEI study, visit https://www.horizon3.ai/tei-study/

Leave a comment »

A New Rogers Email #Scam Is Making The Rounds

Posted in Commentary with tags , on October 26, 2023 by itnerd

My wife and I haven’t been customers of Rogers for well over a year now. Thus when this email hit my inbox, I knew immediately that it was a scam:

Now besides the fact that my wife and I aren’t customers of Rogers, here’s the other reason why it’s a scam:

This email was not sent from a Rogers.com or an rci.rogers.com email address. Which means it was not sent by Rogers.

But the question is, what is the threat actor up to? To find out, I clicked on the Review Refund button which you should never do and got this:

This is a very, very bad copy of the login screen for “my Rogers” which is Rogers account management website. Here’s the real one:

Besides the look and feel of the website, there’s the fact that the fake one is clearly not being hosted by Rogers:

This is highlighted by the fact that you don’t see Rogers.com anywhere in the web address. Contrast that with the real one:

The real one has “account.rogers.com” in it.

My initial thought was that this looks like your classic credential harvesting scam to me. By that I mean that this scam wants to grab your credentials so that the threat actors can log into your account and do who knows what. Perhaps order an iPhone or two like I’ve seen in this scam involving Rogers. But I would be wrong. Entering a fake email address and password took me to this page:

It looks like they’re trying to steal your credit card details and using the “refund” that you’re supposed to get as a pretext for that. Not exactly new and it likely won’t fool most people. But as I’ve always said, scams don’t have to be successful in volume to be successful. I’ll be alerting Rogers about this so that they are aware. And the fact that you’ve read this means that you’re aware also. Which means that the level of success that this scam could have has decreased.

Leave a comment »

73% Of Small Businesses Reported Cyber Attacks Last Year 

Posted in Commentary with tags on October 26, 2023 by itnerd

According to the Identity Theft Resource Center’s 2023 2023 Business Impact Report, of the 551 US small business owners and employees interviewed, 73% reported a cyber-attack last year targeting employee and customer data.  

Despite only 20-34% following cybersecurity best practices such as MFA, mandatory strong passwords or role-based access, 85% of respondents said they felt ready to respond to a cyber incident. 50% claimed to have taken steps to prevent future breaches through training (65%) and utilizing new security tools (53%).

Although the overall number of small businesses suffering a financial impact from a cyber-attack dropped three percentage points from last year to 42%, more respondents said they saw other impacts, such as customers losing trust (32%) and higher employee turnover (32%).

“The good news is that small business leaders are focused on data security and privacy protection. However, we still have a lot of work to do. We must accelerate the transition to newer protections and continue to develop new resources to assist victims based on solid research and unmistakable evidence,” ITRC president, Eva Velasquez said.

George McGregor, VP, Approov Mobile Security had this to say:

   “This is disappointing, with very poor levels of implementation of basic best practices and only half of the companies taking steps to stop breaches.

   “I also think the “good news” in the report – a reported reduced financial impact of breaches – is  probably not to be taken too seriously either. If self-reported it may not be accurate.

   “There will be more and more pressure on small businesses as new reporting requirements come into force and they will be forced to take the issue of cybersecurity more seriously.”

I deal with a number of small businesses. Some get cybersecurity and some think that they aren’t big enough to be to be a target. Or they don’t have the resources to make a serious effort in terms of protecting themselves. All of that is wrong and needs to change in a hurry before something happens that makes them rethink their stance on this.

Leave a comment »

Five Ontario Hospitals Appear To Have Been Pwned In A Cyberattack

Posted in Commentary with tags on October 26, 2023 by itnerd

This hits a bit too close to home.

In a statement put out on Monday, IT provider TransForm Shared Service Organization said that a system outage after a cyberattack was affecting the ability to provide care at five southern Ontario hospitals and requested that patients not go to those hospitals if possible.

“Unfortunately, this incident is impacting their provision of care in various ways. For those patients who have care scheduled in the next few days, the hospitals will contact you directly, if possible, to reschedule or provide alternate arrangements. We are investigating the cause and scope of incident, including whether any patient information was affected,” the statement said.  

The five hospitals include:  

  1. Bluewater Health of Sarnia
  2. Chatham Kent Health Alliance
  3. Erie Shores HealthCare of Leamington
  4. Hôtel-Dieu Grace Healthcare  
  5. Windsor Regional Hospital  

TransForm Shared Service Organization is a not-for-profit, founded by the five hospitals to collectively manage their hospital IT and supply chain needs.

Emily Phelps, Director, Cyware had this to say:

   “Healthcare remains a prime target for cyberattacks due to its invaluable data and limited security measures. The challenge of safeguarding expansive healthcare institutions that use a mix of new and outdated systems creates vulnerabilities for attackers to exploit. Moreover, with the rise of advanced technologies like AI, attackers can act more swiftly, exacerbating the security challenges faced by healthcare providers.

   “To address these concerns, healthcare organizations need to shift from a responsive security stance to a proactive one. This requires access to detailed and context-rich threat intelligence to discern which threats need immediate attention. Healthcare ISACs can offer such intelligence to member organizations. However, simply having this intelligence isn’t enough. It must be sorted and executed in a strategic manner. By blending security collaboration and orchestration with automated threat intelligence systems, healthcare institutions can ensure that crucial information reaches the right hands promptly.”

This could not have come at a worse time for these hospitals as the hospital system is under tremendous strain due to respiratory infections including COVID. Which is why I keep saying that the health care sector needs to do better in terms of protecting themselves from cyberattacks.

1 Comment »

Cado Security Launches Incident Response Preparedness With New Readiness Dashboard

Posted in Commentary with tags on October 26, 2023 by itnerd

Cado Security, provider of the first cloud forensics and incident response platform, today announced Cado’s Incident Readiness Dashboard. This new dashboard provides the ability to proactively run readiness checks, see readiness trends over time, and identify issues that could prevent the organization from rapidly responding to active threats.

The ever-increasing global incident reporting mandates are also putting increased pressure on organizations to ensure they are prepared to determine the scope of an active incident in a timely manner. Some examples include the SEC’s fast-approaching “Final Rule” on incident response and breach disclosures, the European Union’s GDPR’s 72-hour reporting requirement for data breaches, and the upcoming NIS 2 Directive for critical infrastructure organizations coming into effect in 2024.

The Cado Platform enables security teams to:

  • Automate the entire end-to-end incident response process – from collecting, preserving and analyzing forensic evidence, to containing the threat and limiting its impact.
  • Prepare comprehensively for an incident by setting up accesses, testing data acquisition, implementing automation rules, and integrating with third-party systems including incident management platforms such as XDR, SOAR, CNAPP, and SIEM.
  • Test for incident preparedness in order to continuously understand risk posture, know where gaps exist, and where to invest in reducing exposure.

For more information about Cado’s Readiness Dashboard, please visit https://www.cadosecurity.com/cado-incident-readiness-dashboard-comprehensive-cloud-incident-response-preparedness/.

Leave a comment »