Archive for February 8, 2024

« Older Entries

Beware Highway 407 Drivers…. This Is One Of The Most Convincing Phishing #Scam Websites I Have Seen In A Long Time

Posted in Commentary with tags on February 8, 2024 by itnerd

A reader alerted me to a phishing text that is going around that is directing people to https://hwy407etr.com to pay a bill for Highway 407 which is a toll highway in Toronto. The thing is, that this isn’t the actual Highway 407 website. But you’d never know it because it is very well done. Let me illustrate:

This is the fake website. The real one which is https://407etr.com looks like this:

The general theme of the website is pretty much the same, and I can easily see people being caught out if they don’t pay attention to which website they are going to. What’s even more interesting is if you go to “Create My Account” or “Log In”, it takes you to the real Highway 407 website. Having said that, I would close the browser completely and start over by going to the real 407 website just in case the threat actors have done something to try and capture login details.

Now if you click on “Make a Secure One Time Payment” you get this:

You’ll note that the payment amount is already filled in. How does the website know what dollar amount that you owe if you haven’t logged in? Well, it doesn’t because its just a ruse. The endgame becomes clear once you click “Continue”:

The endgame for the threat actors is to snatch your credit card details. Now I wasn’t able to go beyond this because there was logic to check the validity of the card that you entered. But it’s crystal clear what they are up to.

Now as far as I know, the people who run Highway 407 don’t use text messages to communicate to you. So if you get one of these text messages, it’s a scam and you should delete it ASAP.

Leave a comment »

SIEU Local 1000 Pwned By LockBit

Posted in Commentary with tags on February 8, 2024 by itnerd

California’s largest state worker union, SEIU Local 1000 which represents 96,000 California state workers, was affected by a ransomware attack. The union local posted details here:

As many of you are aware, on Thursday, January 18th, 2024, SEIU Local 1000 experienced a network disruption by an outside actor. As we investigated the incident we learned that it was caused by certain data being encrypted. We are aware of the discussion happening on social media about the type of attack we are purported to have had and the actor by whom it was apparently done. We are currently working with outside experts to ensure ongoing network security and assist and advise as we continue to restore our operations. This incident was a criminal cyber act and is being treated as such as we assist law enforcement.  

As we continue to restore our systems and work through an ongoing forensics investigation, we are attempting to determine whether personal information may have been accessed during the incident. If so, we will notify all affected individuals by mail. The notification will include information about the incident and offer credit monitoring and identity theft protection services. 

The usual sources that I go to have confirmed that this union local among others have been added to the LockBit site:

The attack apparently has exposed SSNs, home addresses, birth dates, etc, and it is suspected that they stole 306 GB of data. 

 Darren Williams, CEO and Founder, BlackFog had this to say:

“The attack on the California state worker union was a low blow by LockBit. State worker unions typically do not have the resources required to implement the latest security measures, making them a very easy target for cybercriminals. Unions typically get their funds from member dues to manage their operations, andit’s unlikely that allocating these resources to cybersecurity is a top priority.

However, unions, like all organizations, must think of cybersecurity as a worthwhile and business-critical investment, as the cost of a ransomware attack is much greater. Implementing technology that prevents ransomware and data exfiltration will go a long way in defending against cyberattacks and protecting members’ data. With the right cybersecurity measures in place, unions won’t have to weigh the option of using their resources to pay a ransom.”

Once again, I have to point out that we all have to step up and do everything possible to keep criminal groups like LockBit from carrying out attacks like these. Because until that happens, nobody is safe.

Leave a comment »

More Bell News Shows Bell Didn’t Make As Much Money As They Think They Should Have… And Blames The Government For That

Posted in Commentary with tags on February 8, 2024 by itnerd

Following up on this story where I point out that Bell is slashing jobs, not rolling out fibre and scaling back their speed offerings, and selling radio stations along with slashing jobs at what used to be called The Source, Bell also reported their Q4 and full year results. You can read that here, but here’s the TL:DR:

  • There was a a 3.9% increase in wireless service revenue as Bell got 170,831 net subscriber activations.
  • There were 55,591 retail Internet net subscriber activations in Q4. Which according to Bell is the second best Q4 result in nearly two decades.
  • Bell’s net earnings fell by 23.3% to $435 million in the quarter.

And whose fault is that that their earnings fell 23.3%? Here’s who Bell blames:

While it’s clear that we are continuing to execute with discipline in a competitive marketplace, we need to take additional measures in response to increasingly unsupportive federal government and regulatory decisions, legacy business declines and a macroeconomic environment with higher interest rates and continued inflation. As our business is hampered by regulatory decisions that discourage investment, we are slowing the pace of our network expansion and capping fibre speeds. 

Really Bell? I find it hard to be sympathetic when they still made money. And I find it even harder to be sympathetic when Bell decides to slash all these jobs after they finish their “Bell Let’s Talk” mental health campaign. Because slashing these jobs is sure to cause some mental health issues for those who are losing their jobs. But maybe I am looking at this wrong?

In any case maybe Bell needs to better “execute with discipline” given the environment which includes an “increasingly unsupportive federal government and regulatory decisions”. That might make their balance sheet look better. But again, maybe I’m looking at that wrong as well.

Leave a comment »

LinkedIn Study Unveils the Top 10 Most In-Demand Skills Canadian Professionals need to look out for in 2024

Posted in Commentary with tags on February 8, 2024 by itnerd

Today, LinkedIn is unveiling 2024’s Most In-Demand Skills offering an insider look at the key skills employers need most right now. The good news is young professionals may already possess the skills and job experience they need to succeed in the workforce regardless of what has been considered a formal education in the past. A recent LinkedIn study revealed 61% of Canadian Executives disagree with the notion that a four-year degree is crucial for their organization’s success.

And good thing there’s appetite from workers to keep learning new skills, which are key to getting the attention of hirers:

Professionals should take pride in the skills they already possess and embrace learning new ones to navigate job changes – planned or not!

Listed below are 2024’s top 10 Most In-Demand skills in Canada:

  1. Communication
  2. Customer Service
  3. Leadership
  4. Project Management
  5. Teamwork
  6. Management
  7. Analytical Skills
  8. Problem Solving
  9. Sales
  10. Time Management

To assist job seekers in boosting their skills and standing out this year, LinkedIn is also offering FREE LinkedIn Learning courses available until May 31, 2024, to help professionals learn these sought-after skills.

Below, you’ll find the courses aligned with the top skills currently in demand by employers in Canada:

For the full list of the Most In-Demand Skills visit here.

Leave a comment »

ESET Honoured as Best Zero Trust Vendor at 17th Annual Reseller Choice Awards in Canada

Posted in Commentary with tags on February 8, 2024 by itnerd

ESET has been honoured with a prestigious Reseller Choice Award, named the Best Zero Trust Vendor.

ESET, a global leader in cybersecurity solutions, is thrilled to announce its latest accolade at the 17th Annual Reseller Choice Awards in Canada. ESET has been recognized as the Best Zero Trust Vendor, marking this win to be its 16th Reseller Choice Award. The recognition from resellers emphasizes ESET’s excellence in providing trustworthy and effective security solutions based on the principles of Zero Trust, reinforcing its position as a trusted leader in cybersecurity and meeting the evolving security needs of organizations in an era of increasingly sophisticated cyber threats.

Held in Toronto on February 1, 2024, the 17th Annual Reseller Choice Awards hosted representatives from Canadian Managed Service Programs, Value-Added Resellers, Information Technology Solution Providers, Managed Security Service Providers and Information Technology Consultant vendors and distributors from across the country at an in-person gala to compete for awards in more than 50 categories. Accepting the award was Zoey Dimitrova-Chappell, Director of Marketing at ESET Canada. 

Every year, the Reseller Choice Awards aim to provide recognition for vendors and distributors in the IT sector. Winners are selected following a national survey of qualified vendors; those with the most votes from the channel community win.

For more than 30 years, ESET has been developing industry-leading IT security software and services for businesses and consumers worldwide. From a small, dynamic company, ESET has grown into a global brand with more than 110 million users in 202 countries and 13 international research and development centres — including one in Montreal.

The Reseller Choice Awards are organized by eChannelNEWS.com, the news media division of TechnoPlanet.

image003.png

Leave a comment »

Data From Salesforce Shows Canadians Want To Eat Out This Valentine’s Day, Despite Rising Food Prices

Posted in Commentary with tags on February 8, 2024 by itnerd

With Valentine’s Day quickly approaching next week, Salesforce released data on intriguing Canadian consumer insights. The data reveals a diverse range of ways that Canadians are spending, gifting and celebrating the big day of love this year. For example:

  • The majority of Canadians (55%) are looking to celebrate over a romantic dinner at a restaurant, despite economic factors such as the price of food (41%) and dining (40%) weighing on respondents’ minds.
  • In contrast, nearly one-third (29%) of the respondents want a quiet evening at home enjoying a more relaxed atmosphere. 
  • 13% per cent want to spend Valentines Day with family, whereas 14% turn to friends for friendship and camaraderie
  • Self-care also takes priority this Valentines Day with 13% wanting to indulge in self care services and 11% are celebrating by treating themselves. 
  • With a vision to create lasting memories with loved ones, 10% of Canadians are looking forward to travel this Valentines Day
  • Almost three-quarters of Canadians (74%) plan to buy a gift this year, with flowers (42%) and an evening out (40%) being the most gifted items planned for this year.

You can also access all the data here.

Leave a comment »

Bell Cuts Jobs And Cuts Fibre Speeds To Save Money

Posted in Commentary with tags on February 8, 2024 by itnerd

Bell has posted an “open letter” from their CEO Mirko Bibic about some serious cutting that Bell is doing. You can read the full letter here. But here’s the TL:DR:

  • Bell is still salty about being forced to open up their fibre networks to competitors. As a result of that they stopped rolling out fibre. But they’re now going one step further by capping speeds at 3Gbps. That means that 8Gbps that I said that nobody needed is no longer available. In fact, I checked the Bell website and found that in my area, 8Gbps is no longer an option for me to order.
  • Bell is cutting 4,800 positions which is 9% of their workforce.

All of that is bad. But it’s actually much worse. Remember when I posted a story about Bell killing The Source brand and rebranding as Best Buy Express? Well, MobileSyrup is reporting that they’re going to close locations and slash jobs as part of that. That wasn’t mentioned in the open letter. The other thing that wasn’t mentioned in the open letter was the fact that Bell is selling 45 radio stations as part of this. All of this says to me that not only is Bell not in a good place, but they’re no longer in a position to challenge Rogers. Which is something that I am sure that a bunch of people in corner offices at 333 Bloor St. E. and 1 Mount Pleasant Road which are the corporate addresses of Rogers in Toronto are happy about. I say that because whether you like or hate Bell, their push to get fibre deployed fostered competition and forced Rogers to up their game. That’s now not going to happen and consumers will pay the price for that.

5 Comments »

Action1 Updates Its Platform, Introduces “Patching That Just Works” Concept

Posted in Commentary with tags on February 8, 2024 by itnerd

Action1 Corporation is pleased to announce its latest release and the introduction of a new guiding concept for its business. The latest feature update contains multiple enhancements to the Action1 platform, empowering customers to bring their patching efforts ‘down to science,’ ensuring precision and reliability. This update delivers highly requested features and marks the Action1 concept, ‘Patching That Just Works,’ aiming to provide a benchmark patch management solution strongly aligned with user needs.

The essence of the ‘Patching That Just Works’ concept reflects Action1’s ongoing operational philosophy, which has always strongly emphasized user feedback in product development and maintaining a commitment to continuously measure and ensure strong product performance. As part of this commitment, Action1 has consistently delivered quarterly platform updates, each incorporating five to ten significant features based on the input from its extensive customer base. In addition, the company has introduced advanced internal metrics and workflows to ensure the success rate of patch deployment for its customers, minimizing disruptions to business processes. These metrics have delivered a consistent 99% patch success rate for Action1 users, effectively remediating vulnerabilities on managed endpoints.

The latest features include direct access to audit trails, an optimized single reboot process, dynamic endpoint group enhancements for further automation, integration with Okta for single sign-on (SSO), improved single reboot efficiency, and more. These enhancements empower enterprises to automate patching for both Windows and third-party patching while enhancing accountability and security.

Later this year, Action1 plans to introduce further enhancements to its platform as part of its primary product updates. These improvements will include zero-knowledge architecture, a Mac agent, an expanded selection of applications in the Action1 software repository, and others.

About Action1 Corporation 

Action1 is the #1 risk-based patch management platform for distributed networks trusted by thousands of global enterprises. Action1 helps to discover, prioritize, and remediate vulnerabilities in a single solution to prevent security breaches and ransomware attacks. It automates patching of third-party software and operating systems, ensuring continuous patch compliance and remediation of security vulnerabilities. 

The company was founded by cybersecurity veterans Alex Vovk and Mike Walters, who previously founded Netwrix, which TA Associates acquired. 

Learn more at www.action1.com

Leave a comment »

Tidal Cyber Releases Inaugural Election Cyber Interference Threat Research Report 

Posted in Commentary with tags on February 8, 2024 by itnerd

Tidal Cyber today released a new report, Election Cyber Interference Threats & Defenses: A Data-Driven Study, providing a comprehensive look at cyber threats to global elections in 2024 and insights on prioritizing defenses against top adversaries and election interference tactics, techniques, and behaviors (TTPs). Tidal’s study leans on actual data and evidence to pinpoint the most notable potential hotspots for interference, spotlight known and emerging interference TTPs, and use those insights to provide a prioritized list of relevant guidance. 

Key findings include:

  • The report identifies the top ten countries facing the highest election cyber interference threats: the US, the UK, South Korea, India, Belgium, Pakistan, Belarus, Mexico, Georgia, and Indonesia.
  • A concerning 27% of countries with 2024 national elections face the highest threat levels, facing multiple priority adversary groups and many state-backed groups associated with priority adversary countries.
  • The four priority adversary countries (Russia, China, Iran, and North Korea) are using cyber interference for disinformation and espionage and to potentially disrupt actual electoral processes, such as voting, or manipulate results. 
  • Most voting countries this year face at least some interference threat: Nearly two-thirds (64%) face at least one state-backed cyber threat actor attributed to the three top offenders (Russia, China, or Iran).
  • The study also reveals an alarming trend: Pakistan, Indonesia, Venezuela, Uzbekistan, India, Belarus, and Ethiopia face considerable interference threats and, most vital, underlying concerns with digital infrastructure related to electoral processes.

The report identifies trends in election cyber interference TTPs by analyzing dozens of historical instances since 2008, including the adoption of generative AI technology to make phishing and social engineering, the most common form of election-related cyber attack, more convincing. Additionally, Tidal’s research highlights adversaries adopting new techniques and external factors to continue to make social engineering attacks successful despite improved defenses, spotlights credential abuse attacks on the rise, the resurgence of politically motivated denial of service and defacement attacks, and high levels of ransomware and extortion attacks. 

Tidal also prioritized defensive recommendations around the most prominent TTPs observed across nine election cyber interference attack methods to provide guidance and best practices. Defenders must prioritize regular review and reinforcement of identity security controls, software and application security configuration policies, and endpoint and network threat prevention technology to defend against election interference threats from top adversaries. As relevant adversaries evolve to evade the latest defenses, they are explicitly threatening distinct election cyber interference attacks. Following these recommendations is mission-critical to protect organizations and personnel involved in election and election-related content.

Tidal also prioritized defensive recommendations around the most prominent TTPs observed across nine election cyber interference attack methods to provide guidance and best practices. Defenders must prioritize regular review and reinforcement of identity security controls, software and application security configuration policies, and endpoint and network threat prevention technology to defend against election interference threats from top adversaries. As relevant adversaries evolve to evade the latest defenses, they are explicitly threatening distinct election cyber interference attacks. Following these recommendations is mission-critical to protect organizations and personnel involved in election and election-related content.

Methodology

Tidal Cyber has developed a new methodology for estimating the relative threat of interference in elections in more than 60 countries in 2024, “Election Cyber Interference Threat Rankings,” which measures the prevalence of cyber adversaries facing countries with national polls this year, including specific offender threat groups and adversaries associated with the top top-known cyber interference offenders and priority adversary countries.

Get Informed and Take Action 

For an in-depth understanding of these pressing cyber threats and to access Tidal Cyber’s full range of defense recommendations, download the complete “Election Cyber Interference Threats & Defenses” report at https://www.tidalcyber.com/election-cyber-interference-threats-and-defenses.

Leave a comment »

OT Experts Address Cybersecurity And Infrastructure Protection Subcommittee 

Posted in Commentary with tags on February 8, 2024 by itnerd

Yesterday, the House Homeland Security Committee held a hearing, Securing Operational Technology: A Deep Dive into the Water Sector, before the Subcommittee on Cybersecurity and infrastructure Protection that focused on securing US water systems from cyberattacks.

ICS and OT security specialists from MITRE and Dragos addressed members of the Subcommittee regarding what many water facility operators and defenders may be lacking in terms of technology, staff, and funding, and what operators can do to raise the level of security.

The witnesses emphasized the differences between IT and OT networks and the challenges of defending the latter, especially on the limited budgets.

“Only two to three percent of vulnerabilities even matter to OT operators. If you steal from IT, you steal people’s data. If you target OT, you can kill people,” said Robert M. Lee, CEO of Dragos.

To address the weaknesses in utilities and other CI environments, CISA and other agencies should expand their OT-specific cybersecurity expertise, establish baseline security requirements for OT networks, create uniform incident reporting standards all in an effort to reduce the burden on operators, Lee, Clancy, and the other witnesses suggested.

“There is a considerable opportunity for EPA to step up, CISA and FBI to systematically engage across, and the network of security vendors to make it easier for everyone to coordinate. But these modest reforms should be kept in context with the scale of the threat, and the limited amount of resources available to critical infrastructure operators, particularly in the water sector,” said Charles Clancy, senior vice president and general manager of MITRE Labs.

Mark Cooper, President & Founder, PKI Solutions:

   “The role of critical infrastructure and use of OT segmentation has been a foundational approach to protecting vital infrastructure. However, the evolving cybersecurity threat, shrinking expertise, and staffing issues represent a new threat. The use of automation and intelligence tools to directly address the cyber threat and augment available skills and staffing is the only option to ensure future resilience.”

Critical infrastructure is just that. Critical. There needs to be a concerted and cross agency effort to make sure that this infrastructure is protected before it costs lives.

Leave a comment »

« Older Entries