Archive for the Commentary Category

50% Of Customers Think They’ll Get Better Services By Threatening To Switch Providers: Salesforce

Posted in Commentary with tags on August 10, 2022 by itnerd

Salesforce has released their 2022 Trends in Communications Report — featuring key data and insights gathered from a survey of 500 industry experts and 6,000 consumers worldwide. 

The report reveals new customer expectations and industry insights against a backdrop of industry changes, with standout findings including: 

  • Half of customers (50%) believe they get the best service when they threaten to switch to a different provider
  • 51% of customers reported they prefer to do business online, with 64% reporting having used their provider’s website over the last month
  • Most customers don’t recognise the benefits of 5G in providing more reliable internet for underserved communities (53%), immersive entertainment (72%), internet of things (IoT) capabilities (72%), or real-time control of remote devices (74%). 

You can find the full report here if you’re interested in more data points from the study. It’s pretty timely given the recent Rogers outage and the fallout from that, along with the fact that Canadians pay way too much for their telco services.

Twillio Phishing Attack Hits Cloudflare Employees

Posted in Commentary with tags on August 10, 2022 by itnerd

Cloudflare yesterday disclosed that at least 76 employees and their family members have been targeted by the Twilio phishing attack. The recipients received texts on personal and work phones, originating from four numbers associated with T-Mobile-issued SIM cards and was ultimately unsuccessful. The messages pointed to a seemingly legitimate domain containing keywords including ‘Cloudflare’ and ‘Okta’ in a campaign designed to get employees to hand over their credentials. 

Sidebar: If you need some advice about how to not be a victim of a phishing scam, Microsoft has some good advice.

Mark Bower, VP of Product Management of Anjuna Security had this comment:

     “Turning trusted employees into oblivious insiders is the perfect vector to bypass traditional controls and we can expect many more attacks of this nature. They are cheap, and effective. Once inside with high levels of privilege, coordinated attackers can launch mayhem and theft – manipulating data, stealing even highly sensitive data like keys from running applications. The most effective defense is to force attackers into attempting to break modern CPU-level hardware controls around sensitive data in the cloud, massively delaying impact and keeping blast radius to the absolute minimum, ultimately frustrating attackers who will move on to unprotected lower hanging fruit.”

I will also add that companies really need to step up the training of their employees as well as running phishing simulators to ensure that their employees aren’t unwitting participants in threat actors trying to gain access to a company’s resources.

CDW Canada Launches Its First Security Self-Assessment Tool

Posted in Commentary with tags on August 10, 2022 by itnerd

CDW Canada recently launched their 2022 Security Study, Advancing the Maturity of Canadian Organizations, which found that robust and advanced cybersecurity practices are key to better business outcomes. 

As a result, CDW Canada created their very own CDW Security Self-Assessment Tool, which organizations can use for free to evaluate how their cybersecurity stacks up against their peers.

Upon completing the security assessment, you will receive a personalized report outlining: 

  • How secure your business is compared to your peers. 
  • Security approaches and best-practices to adopt. 
  • Recommendations to help improve your businesses security posture. 

This is an easy way to figure out where you stand when it comes to your security posture. Thus I would recommend trying it out so that you can take action on any areas that need improvement.

TELUS Announces Investments In St. Albert And Fort McMurray

Posted in Commentary with tags on August 10, 2022 by itnerd

TELUS has had a number of announcements related to investments that they’re making in communities around the country. And today they have two more announcements to make:

  • TELUS announced today a $10 million investment across the City of St. Albert in 2022. This is part of TELUS’ $17 billion investment in operations, network infrastructure, and spectrum across the province now through 2026, creating 8,500 new jobs for Albertans and connecting more families and businesses to TELUS’ world-leading 5G and TELUS PureFibre networks. 
  • TELUS also announced today a $3 million investment across Fort McMurray in 2022 to continue bringing its blistering-fast 5G network speeds to the city, giving residents and businesses access to the fastest 5G network in Canada. This is part of TELUS’ $17 billion investment in operations, network infrastructure, and spectrum across the province now through 2026, creating 8,500 new jobs for Albertans and connecting more families and businesses to TELUS’ world-leading 5G and TELUS PureFibre networks. 

Clearly TELUS is making moves to ensure that communities across the country are connected. And I fully expect more announcements to be made in the days to come.

Hero Innovation Group Introduces Hero Financials

Posted in Commentary with tags on August 10, 2022 by itnerd

Hero Innovation Group Inc., a Vancouver-based fintech solutions provider, is pleased to announce the launch of Hero Financials (“Hero”), a full-service alternative-to-banking solution for the Canadian market. Hero is designed specifically for young Canadian consumers, with a total addressable market of up to 6 million users. Its product offerings are highly customizable and are strategically designed to address the unmet financial needs of Canadian kids, teens, GenZers, and their parents.

Hero allows kids and teens to make their own financial and spending decisions and set a strong foundation for themselves to make smart money decisions. The solution is paired with SideKick, a prepaid Mastercard that equips kids with vital financial literacy skills. It is a turnkey solution, supported with a mobile application as well as a built-in budgeting tool, savings function, contactless payments, and security backed by third-party inscription. 

Hero provides the foundational steps that accompany kids into a financially independent and responsible future, while also building parent-child trust and confidence by eliminating the need to borrow parents’ credit or debit cards to access funds. With Hero, transfers are sent in real-time, and funds can be used both in-store and online, via contactless and chip payments wherever a prepaid Mastercard is accepted. It can be used for purchases, savings and to gain essential financial literacy skills, without the limitations and restrictions imposed by traditional consumer banks. 

As a multi-user product, parents can receive notifications of their child’s spending in real-time, restrict and block purchases on items by product category and lock funds in their child’s account, which only they can later unlock. Users will soon be able to take advantage of the Round-Up feature, whereby purchases are rounded up to the nearest dollar and the spare change is automatically deposited into a savings account, called Vault, for use later. Hero will also soon support digital payments through a wallet function, whereby users can make payments from their Hero accounts via third-party mobile payment apps such as Google Pay, Apple Pay and Samsung Pay without the need to present a physical card for purchases.

Hero has been designed specifically to address the financial needs of Canadian children, teens and Generation Z, a sizeable demographic with over $50 billion in estimated purchasing power. Figures show that this consumer cohort is ‘grounded’ and values savings, with 72% putting money away for the future. It is a segment that also highly values flexibility and choice, with 45% preferring to make purchases in-store, and 16% shopping solely online.

Hero is user-friendly, with no hidden fees, and offers a selection of different plans to choose from. Subscribers will also benefit from the platform’s ease of use, convenience, and efficacy in maintaining budgeting and financial management needs. 

Hero Group’s first flagship product, SideKick, has been met with great acceptance among international education professionals, parents worldwide, and the student community. Recently, SideKick was named ‘Service Provider of the Year’ at the 2nd ST Secondary Awards. The awards, organized by Study Travel Network, honour outstanding contributions to the high school education sector from schools, service providers, agencies and associations worldwide. 

SideKick was initially designed as a solution for inbound students coming to Canada, and following the initial success of the international product, many parents in Canada expressed interest in using a product to support their kids’ financial management needs locally. As such, the Company decided to enhance its service offerings to the next generation of consumers in both the international and domestic markets. Through Hero FinancialsTM, the Company is aiming to replicate SideKick’s success in the domestic Canadian market. Both products offer diverse and innovative features developed by Hero Group’s robust proprietary technology, an area that the Company continues to develop and invest in.

Hero Financials is available via the product’s official website:

Guest Post: Russia And China-Sponsored Hackers Threaten The World With Cyberattacks

Posted in Commentary with tags on August 10, 2022 by itnerd

State-sponsored cyberattacks are carried out to espionage secret government data, disrupt services or identify and exploit national infrastructure vulnerabilities. According to the data collected by the Atlas VPN team, Russia and China sponsored over 50 cyberattacks in 2022, with Ukraine being the most targeted country.

Russian-backed hackers carried out 27 cyberattacks in 2022. The attacks mainly targeted Ukraine due to the war started by Russia. Ukrainian government websites, organizations, and broadcasting companies suffered a total of 23 espionage, data destruction, or denial of service attacks.

China has sponsored 24 cyberattacks this year so far. State-backed hackers attacked the United States, Indian and Taiwanese governments and organizations. With the growing tensions between China, Taiwan, and the US, such cyberattacks could happen even more often in the year’s second half.

North Korea-sponsored hackers engaged in 9 cyberattacks. Their main targets were the US and South Korea. Iran sponsored 8 cyberattacks in 2022. Most of their attacks were against countries in the Middle East or the US.

Besides Ukraine as the most attacked country, the US was the second most targeted with 10 attacks. Russia and India followed next, as both suffered 7 state-sponsored cyberattacks.

Cybersecurity writer at Atlas VPN Vilius Kardelis shares his thoughts on state-sponsored cyberattacks:

“As geopolitical tensions rise, so does the possibility of state-sponsored cyberattacks. It is hardly a surprise that mainly China and Russia are responsible for many of the threats that governments and businesses face. Their hackers are well-funded and persistent, which makes them capable of extremely damaging cyberattacks.”

Government espionage

Cyberattacks carried out with the support of governments are typically well-resourced and highly sophisticated, allowing them to inflict tremendous harm on their victims.

State-sponsored hackers carried out 44 cyberattacks against government entities in 2022. Some hackers use malware, which destroys sensitive government information, causing unrepairable damages.

The private sector suffered from 37 state-sponsored cyberattacks. Hackers targeted civil society in 29 state-sponsored cyberattacks. Civil society refers to activists, journalists, and politicians from the opposition party. State-sponsored threat actors carried out 6 cyberattacks on military officials.

Espionage on government, private sector, civil society, and military accounted for 66 cyberattacks.

To read the full article, head over to:

Dramatic Uptick In Threat Activity With Exploits Growing Nearly 150%: Nuspire

Posted in Commentary with tags on August 9, 2022 by itnerd

Nuspire, a leading managed security services provider (MSSP), today announced the release of its Q2 2022 Quarterly Threat Report. The report outlines new cybercriminal activity and tactics, techniques and procedures (TTPs).

Nuspire’s data reveals a significant increase in overall threat activity across malware, botnet and exploits. Malware events increased over 25%, botnets doubled over the first quarter and exploit activity grew by nearly 150%, buoyed by the Log4j vulnerability.

Additional notable findings from Nuspire’s Q2 2022 Threat Report include:

  • VBA agent activity, which has been one of the top offenders over the past year in Nuspire’s Quarterly Threat Reports, has significantly decreased as predicted last quarter, due to Microsoft’s announcement of blocking them by default.
  • A substantial increase in botnet activity near the end of Q2, attributed to Torpig Mebroot botnet, which is a banking trojan designed to scrape and collect credit card and payment information from infected devices. Torpig Mebroot is particularly difficult to detect and remove, as it infects the victim machine’s master boot record.
  • Manufacturing is the world’s most attacked industry vertical. Our data shows the LockBit ransomware gang and Dynamite Panda (APT18) as two of the most prevalent threats to the manufacturing industry in the second quarter.  

Learn more about protecting your organization from increasing cyber threats and download Nuspire’s Q2 2022 Quarterly Threat Report. Register here to see the findings tomorrow.

Beware The Darkverse And The Cyber-Physical Threats It Will Enable: Trend Micro

Posted in Commentary with tags on August 9, 2022 by itnerd

 Trend Micro Incorporated, today released a new report warning of a “darkverse” of criminality hidden from law enforcement, which could quickly evolve to fuel a new industry of metaverse-related cybercrime.

The top five metaverse threats outlined in the report are:

  • NFTs will be hit by phishing, ransom, fraud and other attacks, which will be increasingly targeted as they become an important metaverse commodity to regulate ownership.
  • The darkverse will become the go-to place for conducting illegal/criminal activities because it will be difficult to trace, monitor and infiltrate by law enforcement. In fact, it may be years before police catch up.
  • Money laundering using overpriced metaverse real estate and NFTs will provide a new outlet for criminals to clean cash.
  • Social engineering, propaganda and fake news will have a profound impact in a cyber-physical world. Influential narratives will be employed by criminals and state actors targeting vulnerable groups who are sensitive to certain topics.
  • Privacy will be redefined, as metaverse-like space operators will have unprecedented visibility into user actions – essentially when using their worlds, there will be zero privacy as we know it.

As imagined by Trend Micro, the darkverse will resemble a metaverse version of the dark web, enabling threat actors to coordinate and carry out illegal activities with impunity. 

Underground marketplaces operating in the darkverse would be impossible for police to infiltrate without the correct authentication tokens. Because users can only access a darkverse world if they’re inside a designated physical location, there’s an additional level of protection for closed criminal communities.

This could provide a haven for multiple threats to flourish—from financial fraud and e-commerce scams to NFT theft, ransomware and more. The cyber-physical nature of the metaverse will also open new doors to threat actors.

Cybercriminals might look to compromise the “digital twin” spaces run by critical infrastructure operators, for sabotage or extortion of industrial systems. Or they could deploy malware to metaverse users’ full body actuator suits to cause physical harm. Assault of avatars has already been reported on several occasions. 

Although a fully-fledged metaverse is still some years away, metaverse-like spaces will be commonplace much sooner. Trend Micro’s report seeks to start an urgent dialog about what cyber threats to expect and how they could be mitigated.

Questions to start asking include:

  • How will we moderate user activity and speech in the metaverse? And who will be responsible?
  • How will copyright infringements be policed and enforced?
  • How will users know whether they’re interacting with a real person or a bot? Will there be a Turing Test to validate AI/humans?
  • Is there a way to safeguard privacy by preventing the metaverse from becoming dominated by a few large tech companies?
  • How can law enforcement overcome the high costs of intercepting metaverse crimes at scale, and solve issues around jurisdiction?

To read a full copy of the report, Metaverse or MetaWorse? Cyber Security Threats Against the Internet of Experiences, please visit:

Guest Post: Over 80% Of Malware Attacks Target Education Sector As Back-To-School Season Nears

Posted in Commentary with tags on August 9, 2022 by itnerd

With the school season approaching, parents hurry to get their children supplies while students enjoy their last days of summer. 

However, barely anyone realizes that enterprises in the education sector are currently under a barrage of malware attacks. Data presented by Atlas VPN reveals that the education industry has been the primary target for cyberattacks in the last 30 days. 

Over 80% of malware attacks globally were aimed at companies in the education sector, totaling 5.13 million attacks for the period, which comes out to an average of 171 thousand attacks daily.  

The data for the analysis was extracted via Microsoft’s Security Intelligence platform. 

One of the reasons why the education industry became the main target is the shift towards digitalization. The pandemic forced e-institutions to employ technologies that enable students to complete the curricula and exams. 

In turn, a lot of new companies sprang up as they saw the opportunity in the market.

However, video conferencing programs, e-learning software, and other digital tools expanded the cyberattack surface exponentially. 

It is worth noting that the aforementioned attacks are directed toward enterprises, not institutions. In other words, the data provided shows the number of attacks on businesses in the educational sector, not on schools, colleges, and universities.

To read the full article, head over to:

#Fail : Slack Exposes Hashed Passwords

Posted in Commentary with tags on August 9, 2022 by itnerd

If you’re a Slack user, you might have received a request to change your password in the last day or two. I’m here to tell you that this email isn’t a phishing attempt. It’s actually real and you should pay attention to it.

Here’s why.

Slack has admitted to accidentally exposing the hashed passwords of at least 50,000 users, roughly .5% of total Slack users. The workspace application began sending password reset links to affected users last week. While the passwords were not in plaintext and were not visible to any Slack clients, it appears that this issue has been going since 2017.


Sharon Nachshony, Security Researcher, Silverfort had this to say:

     “Hashes of salted passwords being leaked is not as dangerous as exposing them in plain-text, as an attacker would have to use brute-force methods – essentially automating a script to guess passwords – which takes some time.

While this makes exploitation less likely, a threat actor may still be motivated to do this because Slack is used by so many companies. Incidents like these are once again a clear argument for users to enable MFA. If implemented correctly, this would alert the legitimate user to any authentication attempt on their behalf, denying any malicious access attempt.”

MFA (Multi Factor Authentication) or even the new hot technology which is passwordless authentication is the way to go to reduce your attack surface. Companies should look at technologies like these to avoid being pwned because of a password exploit.