Saint John, N.B., is rebuilding its computer network rather than submitting to criminals who launched a cyber attack against the city in November.
City manager John Collin updated council Monday on the city’s efforts to rebuild its IT system following a ransomware attack; he said no ransom was paid.
Hackers launch ransomware attacks by infecting computers with software and often demand money in exchange for the attack to end.
Collin said the city’s network was disconnected from the internet as soon as the Nov. 13 attack was discovered, and he said it’s not believed any personal identifying information such as banking details was stolen.
“I’m happy to report we have no indications whatsoever that there was any spread of the ransomware from any city-owned assets or systems to others,” he told council.
Collin wouldn’t say what parts of the network were affected by the attack or provide any information he said could help the “hostile actors.”
“We do not want to give to these criminals any information that could help refine their tactics and techniques, nor do we wish to provide such information to copycats,” he said.
Collin said, however, that the attack penetrated deeply into the city’s IT system, and therefore, he added, rebuilding the network was more cost effective than repairing the damage.
“Instead of repair, we have decided to build an entirely new network,” he told council. “Not only will this afford us the opportunity to take advantage of all the latest innovations in cybersecurity and in network design, it will also remove the risk of any virus remnant that could occur if we took the approach of a repaired system.”
The cost of the network rebuild, Collin said, will be covered by insurance and the city’s IT reserve fund. “We will not need to adjust up any yearly budget or alter our service delivery to our community because of this IT attack,” he said.
The rebuild of the IT system is expected to take a few more months. Collin said the full cost of the attack and the system rebuild is still being evaluated, adding that he’ll report to council when the total amount is known.
Ahh, October. The time of the year when the air gets crisp, the leaves begin to change and Cyber Security Awareness begins! We may be biased, but we think October is the best month of the year.
We live in a world that is continuously more connected than ever before. The Internet touches almost every aspect of one’s daily life, whether realized or not. Cyber Security Awareness Month (CSAM) is designed to engage and educate the public and private sector through online events and initiatives to raise awareness about the importance of cybersecurity, provide them with tools and resources needed to stay safe online and increase the resiliency of the Nation in the event of a cyber incident.
The Government of Canada has already provided some great tools to help jump start your online security. We specifically like this infographic on 5 ways to run a #CyberSafeBusiness.
TORONTO _ A shadowy group of cybercriminals that attacked a prominent nursing organization and Canadian Tire store has successfully targeted other companies with clients in governments, health care, insurance and other sectors.
Posts on their NetWalker “blog” indicate the recent infiltration of cloud-services company Accreon and document company Xpertdoc, although only the College of Nurses of Ontario has publicly acknowledged being victimized.
Experts say NetWalker surfaced about a year ago but its attacks took off in March as the criminals exploited fears of COVID and people working remotely. The ransomware, like similar malware, often infiltrates computer networks via phishing emails. Such messages masquerade as genuine, prompting users to provide log-in information or inadvertently download malware.
Earlier ransomware attacks focused on encrypting a target’s files _ putting them and even backups out of reach. Increasingly, attackers also threaten to publish data stolen during their “dwell time,” the days or weeks spent inside an exploited network before encryption and detection.
The intruders promise to provide a decryption key and to destroy stolen records if the organization pays a ransom, often based on what the attackers have learned about its finances, by a given deadline.
To underscore the extortion, NetWalker criminals publish tantalizing screen shots of information they have, such as personnel, financial, legal and health records.
“The data in these cases is extremely sensitive,” said Brett Callow, a Vancouver Island-based threat analyst with cyber-security firm, Emsisoft. “Lots of companies choose not to disclose these incidents, so the individuals and (third-party) organizations whose data have been compromised never find out.”
In an interview, Richard Brossoit, CEO of Montreal-based Xpertdoc, said this month’s attack was a “little terrifying” at first. Fortunately, he said, damage was limited and no confidential client or personal information was compromised, although some records might be permanently lost.
“Once we were able to isolate the problem and knew it was minimal that our customers weren’t really affected at all obviously it was a very big relief,” Brossoit said.
With new computers, his several dozen employees were back up and running within days, he said. Still, Xpertdoc did hire specialists to deal with the cyber-criminals.
“We were able to negotiate a very low ransom,” Brossoit said. “They didn’t ask too much and we were able to actually negotiate much lower than what they were asking.”
Morneau Shapell, one of dozens of potential third-party victims, said it accepted Xpertdoc’s assurances no sensitive information had been compromised.
Accreon, which has until the first weekend in October to pay up, would not discuss its situation.
NetWalker did recently publish gigabytes of internal data from a Canadian Tire store in Kelowna, B.C. In response to a query, Canadian Tire Corporation said store computers were hit and authorities were investigating.
“This incident has not affected the Canadian Tire Corporation computer networks that process customer information or purchases,” the company said, adding store employees were told their personal information had been compromised.
The nurses’ college, which angered members by taking more than a week to publicly admit the attack discovered Sept. 8, did say it was getting back on its feet, although some services remained down.
“We share our members’ distress and frustration that this has happened,” college CEO Anne Coghlan said in a statement. “Members can rest assured that we will notify them directly if we identify any risk to individuals.”
The consequences of ransomware can go beyond the financial and reputational. This month, for example, a hospital in Duesseldorf, Germany, was unable to admit a patient for urgent treatment after an apparent cyber-attack crippled its IT system, authorities said. The woman died.
Such attacks have become increasingly frequent. Earlier victims in Canada include municipalities among them Stratford and Wasaga Beach in Ontario and the Regional District of Okanagan-Similkameen in B.C. health-care organizations and charities. Cloud storage companies, with troves of third-party data, have also become attractive targets.
This year, the University of California San Francisco paid US$1.14 million to regain access to its data. The encrypted information, the school said, was “important to some of the academic work we pursue as a university serving the public good.”
Just how often victims pay _ and how much _ is hard to know. One analysis by New Zealand-based Emsisoft, using available data, estimates ransomware losses for Canadian enterprises could run up to US$1.7 billion this year.
“It’s really difficult to get accurate statistics,” said David Masson, a director with cyber-security company Darktrace. “Those who pay won’t be telling you. If you do pay, you’re probably going to be attacked again because very quickly…you’re going to get a reputation that you paid.”
Those behind NetWalker appear to be Russian speaking. They provide the malware for a cut to “affiliates,” who promise not to attack Russian or Russia-friendly targets.
“Their attacks are becoming increasingly sophisticated,” Callow said. “These groups are using the exact same tools as nation-state actors. In some cases, they may actually be nation-state actors.”
Experts say up-to-date anti-virus software, segmenting networks and keeping separate backups are among critical protective measures. In addition, Masson said knowing what is going on within a network is crucial, while Brossoit advised hiring specialists should an attack happen.
This report by The Canadian Press was first published on Sept. 27, 2020.
OTTAWA _ Federal authorities were scrambling for answers over the weekend after revealing that hackers used thousands of stolen usernames and passwords to fraudulently obtain government services _ with the extent of the damage still unclear.
More than 9,000 hijacked accounts that Canadians use to apply for and access federal services have been cancelled after being compromised in what the Treasury Board of Canada described as “credential stuffing” attacks.
“These attacks, which used passwords and usernames collected from previous hacks of accounts worldwide, took advantage of the fact that many people reuse passwords and usernames across multiple accounts,” the federal department said in a statement.
The hacked accounts were tied to GCKey, which is used by around 30 federal departments and allows Canadians to access various services such as employment insurance, veterans’ benefits and immigration applications.
One-third of those accounts successfully accessed services before all of the affected accounts were shut down, said the Treasury Board, which is responsible for managing the federal civil service as well as the public purse.
Officials are now trying to determine how many of those services were fraudulent.
The GCKey attack included thousands of Canada Revenue Agency accounts, through which Canadians can access their income-tax records and other personal information as well as apply for financial support related to the COVID-19 pandemic.
A total of 5,500 CRA accounts were targeted through the GCKey attack and an earlier “credential stuffing” scheme, the Treasury Board said.
“Access to all affected accounts has been disabled to maintain the safety and security of taxpayers’ information and the Agency is contacting all affected individuals and will work with them to restore access to their CRA MyAccount,” the department said.
Yet at least one victim says she has yet to hear anything from the government after someone hacked into her CRA account earlier this month and successfully applied for the $2,000-per-month Canada Emergency Response Benefit for COVID-19.
Leah Baverstock, a law clerk in Kitchener, Ont., says she first realized her account had been compromised and contacted the revenue agency herself when she received several emails from CRA on Aug. 7 saying she had successfully applied for the CERB.
“The lady I spoke to at CRA, she’s said: ‘This is a one-off,”’ said Baverstock, who has continued to work through the pandemic and did not apply for the support payments.
“And she told me a senior officer would be calling me within 24 hours because my account was completely locked down. And I still haven’t heard from anybody.”
Baverstock expressed frustration at the lack of contact, adding she still does not know how the hackers accessed her account. She has since contacted her bank and other financial institutions to stop the hackers from using her information to commit more fraud.
“I am quite concerned,” she said. “Somebody could be leaving under my name. Who knows. It’s scary. It’s really scary.”
The Treasury Board did not reveal how many of the CRA accounts were compromised or the cost of the suspected fraud, but said federal officials as well as the RCMP and federal privacy commissioner were conducting separate investigations.
And while the CRA says victims will get letters explaining how to confirm their identities to regain access to their accounts, it did not say how those receiving the Canada Child Benefit, CERB and other services will be affected by their accounts being suspended.
The government warned Canadians to use unique passwords for all online accounts and to monitor them for suspicious activity.
The Canadian Anti-Fraud Centre says more than 13,000 Canadians have been victims of fraud totalling $51 million this year. There have been 1,729 victims of COVID-19 fraud worth $5.55 million.
TORONTO, July 9, 2020 /CNW/ – The Cybersecure Policy Exchange (CPX), powered by RBC, today launched a report setting out an ambitious policy agenda that addresses findings from new survey data of 2,000 Canadians collected in mid-May. The report sheds light on Canadians’ online experiences and their priorities related to cybersecurity and digital privacy.
“We live and work in a time of unprecedented technology development and adoption —
further accelerated by events like COVID-19,” said Charles Finlay, Executive Director of Rogers Cybersecure Catalyst. “We need urgent national policies that protect our security and digital privacy, while ensuring equal access for all. That is why we developed CPX–to be a platform for debating and advancing cybersecurity policy that is of critical importance to all Canadians.”
To lay the groundwork for these discussions, CPX undertook a survey of Canadians; some key findings from the report “Advancing a Cybersecure Canada” include:
57% of Canadians reported being the victim of a cybercrime;
31% unintentionally installed or downloaded a computer virus or malware;
28% experienced a data breach that exposed personal information; and
22% had an online account hacked;
13% have been a victim of phishing; and
8% have unintentionally installed or downloaded ransomware.
Since the start of the COVID-19 pandemic, Canadians have adopted new technologies to stay connected making them more vulnerable to privacy and security risks. 55% of Canadians have used Facebook Messenger and 46%have used Zoom.
Only 26% of Canadians with a smart speaker or voice-operated assistant have restricted the information it can access through its settings.
CPX will focus its work on three high-impact technologies:
Social Media Platforms: Online platforms that enable users to connect and share user-generated content.
Only 15% of Canadians trust Facebook to keep their data secure, compared to 62% who trust the federal government and 73% who trust health care providers.
Internet of Things (IoT): Physical networked devices connected to the Internet, from consumer electronics, to larger industrial and infrastructure applications.
68% of Canadians have at least one smart device in their home.
Biometrics and Facial Recognition: Technologies that measure and analyze a person’s physical or behavioural attributes to recognize or confirm identities, such as facial recognition.
41% of Canadians are uncomfortable with being captured by video doorbells like Amazon’s Ring, and 15% support a ban on these products.
This report marks the launch of CPX’s agenda to develop public policy solutions, and raise awareness to the privacy and security challenges of each of these technologies.
“Cybersecurity has quickly become one of the most important issues of our time,” said Laurie Pezzente, Senior Vice-President of Global Cyber Security and Chief Security Officer at RBC. “As a leading organization in cybersecurity entrusted to keep our clients data safe and secure, RBC is proud to support the Cybersecure Policy Exchange and its ambitious policy agenda. Questions of privacy and security are paramount for all Canadians and policymakers, and proper governance of these issues will ultimately contribute to a more prosperous and equitable world.”
On Tuesday, July 14th from 1:30pm – 3:00pm ESTmembers of the CPX team from RBC, Rogers Cybersecure Catalyst and Ryerson Leadership will convene for a live discussion to breakdown their new agenda, survey results and elaborate on the current cybersecurity threat landscape. More information and the registration link can be found here.
Through close public and sectoral engagement with the general public, government, academia and civic institutions on each of these urgent challenges, CPX will work to advance the responsible governance of this technology to protect Canadians.
The full findings are available at https://www.cybersecurepolicy.ca/agenda. An anonymous survey was conducted online by Pollara Strategic Insights on behalf of the Cybersecure Policy Exchange with 2,000 Canadian residents 18 years of age or older, from May 14 to 22, 2020. As a guideline, a probability sample of this size would yield results accurate to +/- 2 percentage points, 19 times out of 20. The data were weighted by region, gender and age, based on the most recent Canadian census figures to ensure that the sample matched Canada’s population.
The Cybersecure Policy Exchange is a new initiative from Ryerson University, dedicated to advancing effective and innovative public policy in cybersecurity and digital privacy. The Cybersecure Policy Exchange is powered by RBC through Rogers Cybersecure Catalyst and the Ryerson Leadership Lab.
In an email obtained by IT World Canada, LifeLabs chief executive officer Charles Brown released a statement to customers on June 11, noting “I cannot change what happened, but I assure you that I have made every effort toward making change to provide you services you can trust.”
Here is the list of changes LifeLabs is introducing, according to the email:
Brown also wrote that the breach delivered LifeLabs a stern reminder that “we must continuously work to protect ourselves against cybercrime” and that “data protection and privacy are now central to everything we do.”
The update from LifeLabs comes on the heels of a report from data protection company Veritas that says public consumers are seeking apologies, fines and even prison sentences for CEOs who fail to protect their businesses. Forty per cent of consumers hold business leaders personally responsible for ransomware attacks businesses suffer, according to the Veritas survey, which interviewed roughly 12,000 consumers. Thirty per cent would demand the CEO be banned from running a company if it suffered a cyberattack. Twenty-three per cent of those surveyed want to send CEOs to prison for mishandling data.