#CyberFLASH: A spear phishing attack that nearly worked

FEATURE-Phishing-SHUTTERSTOCK-620x250These days determined cyber attackers don’t fire broadsides at organizations they want to infiltrate — they take the time to find out who holds certain sensitive positions and targets them.

If the staff in your enterprise hasn’t got that message yet, there’s news story from the U.S. about a spear phishing attack that nearly tricked a firm’s comptroller CISOs could pass on to all employees so they understand.

The email seemed to come from the CEO about an upcoming acquisition, and asked the comptroller to work closely — in fact, “exclusively” — with a lawyer on the deal. The message was detailed, professional, right down to suggesting the company had already notified the U.S. Securities and Exchange Commission (SEC) on the deal.

There was no hyperlink or attachment for the comptroller to click on, which is usually the way malware is delivered. No, this attack was more crafty: The CEO authorized the comptroller to “proceed with any payments that (the lawyer) may request on my behalf. You need to keep this matter extremely confidential as you are the only one currently aware of the situation.”

Had the comptroller fallen for the scheme she likely would have forwarded a sizeable amount of money to who knows where.

Fortunately, the attacker made a mistake: CEO signed the email with his full name, which he doesn’t do. The comptroller was justifiably suspicious and checked.

Read more here

#CyberFLASH: Car hacker sought by Canadian military

car-hackerThe Canadian military is looking for a car hacker to hack into its vehicles to test how vulnerable they are to cyberattacks.

A tender notice posted Tuesday on the Canadian government’s procurement site says the Department of National Defence is looking for bidders who can assess a vehicle, find vulnerabilities and develop and demonstrate attacks on the vehicle.

Earlier this year, security hackers showed that they could kill the engine of a moving Jeep on the highway over the internet via the car’s Fiat Chrysler telematics system. That prompted Fiat Chrysler to recall 1.4 million cars and trucks in the U.S. A month later, Tesla delivered a software patch to its customers after cybersecurity researchers said they had taken control of a Tesla Model S and turned it off at low speed.

The Department of National Defence said while other kinds of cyberattacks can lead to the theft of money or information or the disruption of operations, those involving vehicles are “a more important concern since the safety of their users or the other users on the road might be at stake.”

It noted that a car built in 2014 may include up to 100 computers exchanging up to 25 gigabytes of data every hour via the vehicle’s internal communications system as they run 60 million lines of code managing 145 actuators and 75 sensors. That internal communications system called a Controller Area Network (CAN) bus is the target of cybersecurity hackers’ attacks. Besides being used for internal communications, it may interact with entertainment, GPS and communications systems that are connected to the outside world, allowing for remote attacks.

Read more here

#CyberFLASH: SCADA cyber security, Canada not doing enough, says expert


1297516661469_ORIGINALIn North America, a Canadian security expert has warned that the country’s utilities are not doing enough to secure their supervisory control and data acquisition (SCADA) systems.

Former assistant director of intelligence at the Canadian Security Intelligence Service Ray Boisvert said SCADA technology – which is essential to smart grid decision making – in both Canada and the US are vulnerable to cyber attack, reports IT World Canada.

Mr Boisvert, currently president of consultancy I-Sec Integrated Strategies, said: “Canada is no more ready that the US on these devices.”

“There needs to be considerable investment in hardening and protecting these industrial control systems.”

Boisvert rated Canada’s efforts as B, although he admitted no country yet has an A.

Need for OT security
Speaking at a trade event this week, he said some hydro systems owned by cities or townships “are really, really vulnerable. They have no funds, and very little awareness of cyber security.”

Robert Wong, executive vice-president and chief information and risk officer at Toronto Hydro, the largest municipal electricity distribution company, told IT World Canada that he agreed with this assessment of the utility industry’s preparedness against cyberattacks.

Read more here

#CyberFLASH: Security expert believes Ashley Madison website hack was an inside job


John McAfee thinks he knows who hacked Ashley Madison.

In an article for the International Business Times, the eccentric creator of McAfee antivirus software alleges that the extramarital relationship website was breached by a “lone female who worked for Avid Life Media.”

Last month, a group calling itself the Impact Team leaked private data of more than 30 million users along with internal company documents and emails.

It’s those internal documents — including such mundane items as maintenance schedules and an office layout — that McAfee claims led to him to conclude the breach was an inside job, not the work of outside hackers to whom the information would be of little value.

As for the notion that the hacker was a female, McAfee references lines from manifestos released by the Impact Team that refer to men as “scumbags” and name two site users who joined Ashley Madison the day after Valentine’s Day.

“To call an act the day after Valentines Day “spiteful” is a thought that would enter few men’s minds. If this does not convince you then you need to get out of the house more often,” he wrote.

McAfee said he reached his conclusions after spending more than a week combing through over 40 gigabytes of leaked Ashley Madison data.

Read more here

#CyberFLASH: Cyberattacks target government of Alberta websites

michael-crerar-cyberAlberta government websites — which hold personal information about everything from protection of children at risk to driver’s licences — are under constant threat of attack, according to the office tasked with keeping them safe.

“On average, this year we have about 500 different attacks every day going on the Alberta government websites,” says Michael Crerar, director of Security Policy and Planning with Service Alberta.

The Government of Alberta hosts about 200 government and agency websites, which provide information on programs and also store personal information from residents in databases.

To keep those pages online, around-the-clock security operations are run from an office in downtown Edmonton, where cyber-security officers monitor and thwart attempted hacks from around the globe. The attacks are preempted, Crerar said, by automated systems and by officers watching trends and events.

“We’re definitely seeing more attacks and they’re becoming more complicated, so our defences have to become more complicated,” he said.

Crerar said the methods used by those attacking the sites are constantly evolving. As such, security officers have learned to adapt quickly.

Read more here

#CyberFLASH: Group stages ‘digital sit-in’ to take down government websites over Bill C-51

3e8bbf09abde7c2cb8cd80f03584f864The members of a group claiming credit for causing a series of government and political party websites to go down on Wednesday afternoon described it as a “digital … sit-in” to protest Bill C-51 and a handful of arrests in Halifax.

“Honestly, we just want people talking about what’s happening here with C-51,” one of the members told the Citizen.

Members of the group, calling itself Op Cyber Privacy, were contacted in an online chat group.

Through the afternoon, a series of denial of service attacks, which overload website servers, brought down a number of government websites.

“(It’s) the digital form of a sit-in protest,” the member said. “We are taking up all the seats of these sites so no one can access them temporarily.”

“It does not damage the website nor do we access information on said websites.”

The group said it had taken down the Conservative party website, the Liberal party website, Peter MacKay’s website and the justice department website, among others.

“The website was down for a short period of time,” said Olivier Duchesneau with the Liberal party.

He said no data had been compromised, adding that denial of service attacks are relatively common.

The group said to expect rolling outages of websites throughout the afternoon and evening. At various times, some of the websites were down. Others were up and running. The group said members weren’t keeping websites down for long.

Read more here

#CyberFLASH: The summer of cyber attacks

Apple Hosts Event At Company's Town HallTwo things can be said about Ottawa’s summer, so far. One is that it has been wet; the other is that it’s been raining cyber attacks on federal government websites.

The most recent have been nuisance attacks on the website of the Canadian Security Intelligence Service, conducted by a little-known group called Aerith. Nothing sensitive was compromised, we were told. In mid-June, the hacker group Anonymous launched a more widespread denial of service attack (get used to the acronym DOS), as a protest against the passage of the new anti-terrorism powers contained in Bill C-51. Anonymous accompanied the cyber attack with a slick propaganda video on YouTube. The attacks temporarily disrupted the websites for the Senate, CSIS, its sister spy agency, the Communications Security Establishment (or CSE) and the Justice department.

A rain of cyber attacks, especially the relatively easy to mount denial of service attacks, may not be anything new, but the temptations of their use for purposes of political protest, which is likely on the rise, and the on-going vulnerability of federal systems, suggests that not all is well with Canada’s cyber security.

The Government’s original cyber security strategy was launched in 2010. It proclaimed three strategic pillars — securing government systems; working cooperatively with other governments at the provincial and territorial level and with the private sector, and helping individual Canadians to be secure online. Five years later it is not clear that any of these pillars are delivering on their promise.

Read more here

#CyberFLASH: CSIS website back up after falling victim to another cyberattack

computer-laptop-keyboard-852The website of Canada’s spy agency, CSIS, finally came back online Tuesday afternoon after a cyberattack shut it down for the second time in as many days.

​A spokesman for Public Safety Minister Steven Blaney says no data was compromised.

“No information was breached,” said Jeremy Laurin in an email to CBC News. “We are taking cyber security very seriously.”

The denial of service attack comes on the heels of similar attacks two weeks ago on websites for the Senate, the Justice Department, CSIS and Canada’s electronic spy agency, CSEC.

The online hacker group Anonymous had claimed responsibility for those earlier incidents to protest the recent passing of the government’s anti-terror legislation, Bill C-51.

‘Aerith’ claims responsibility

This time, a person or group called Aerith, associated with the Twitter handle @TWITRis4tards, is claiming responsibility for Monday’s and Tuesday’s attacks on the CSIS website as well as an attack on the Conservative Party’s website. Conservative.ca is now online again as well.

“Yes I did the attacks. I have more planned,” said Aerith in an email to CBC News, adding that Aerith is a group, not an individual.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.