#CyberFLASH: VANCOUVER – From spam to phishing scams and ransomware, Canadians face a number of cyber security threats.

Apple Hosts Event At Company's Town HallVANCOUVER – From spam to phishing scams and ransomware, Canadians face a number of cyber security threats.

And it turns out we rank quite high when it comes to a number different types of attacks, according to Symantec’s annual Internet Security Threat Report.

“Certainly, one of the biggest threats facing Canadians right now is something called ransomware. Globally, Canada is number four. They’re seeing over 16,000 attacks per day,” says Kevin Haley with Symantec Security Response.

“Ransomware is a type of threat that will encrypt the files on your machine and it will charge you a ransom in order to get access to your files back. We in fact saw a 35 per cent increase from 2014 in this type of attack.”

But that’s not the only threat you face by powering on your laptop or tablet.

“In social media, Canada is actually number five. They are the fifth-most attacked country for social media scams,” says Haley.

Read more here

#CyberFLASH: Outbreak of ransomware attacks hit hospitals, enterprises

image-4An outbreak of ransomware attacks have hit at least five U.S. and Canadian hospitals in the past two weeks, prompting renewed calls from experts to leverage automated backup to mitigate this type of attack.

“[T]his recent string of ransomware attacks targeted at hospitals proves that automated backup is no longer a nice to have, but a must for any professional organization,” said Norman Guadagno, chief evangelist at Boston-based cloud backup firm Carbonite. “In light of the ransomware attack on Hollywood Presbyterian Hospital, it comes as no surprise that attackers are turning their attention to hospitals now. It’s certainly not a coincidence.”

Hospitals are not the only victims, according to Dmitri Alperovitch, co-founder and CTO at cybersecurity firm CrowdStrike in Irvine, Calif. “We’ve seen ransomware attacks across many industries, including healthcare, state and local governments, SMBs and large businesses,” he said. “According to a Cyber Threat Alliance report, ransomware accounts for a total of approximately $325 million in damages. But, in reality, the numbers are likely much higher.”

“[A]ny organization — not just a hospital — that has valuable business data readily accessible and has the financial resources to shell over a lot of money is a bull’s eye for hackers,” Guadagno said.

Read more here

#CyberFLASH: Canadian cyberthreats differ from those in the U.S., report says

CANADA-storyThe U.S. and Canada both see their fair shares of malware such as Dridex and other banking trojans, but there was one threat conspicuously absent from Canada’s list of common threats – ransomware

While prominent in the U.S., ransomware is just not a thing north of the border Trend Micro researchers revealed in it Canada threat landscape report.

“For whatever reasons the market forces just aren’t driving them in that direction,” Christopher Budd, global threat communications manager at Trend Micro, told SCMagazine.com.

Though the report didn’t specify a reason for ransomware’s absence, Budd hinted that cost-benefit analyses by cybercriminals could show that using ransomware may have a low-yield because Canadians are not culturally attuned to falling victim such attacks.

Budd pointed out that ransomware attacks have worked their way around the globe, initially rising to prominence in New Zealand and the U.K., before cybercriminals used it to target Americans. So, it is possible that Canadians may be targeted more in the future, he said.

OpenCandy adware toolbar and Dridex malware are currently the most prominent threats in Canada.

Cybercriminals in the U.S. influence the Canadian threat landscape by providing the infrastructure for hosting malicious content. And the majority of malicious sites that Canadians visit are predominantly hosted in the U.S. – malicious hosting in Canada simply isn’t as sophisticated as it is in other countries.

Read more here

#CyberFLASH: Security predictions 2016: More ransomware, tougher cyber insurance

image-2Twelve months ago when I became ITWorldCanada.com’s contributing writer on cybersecurity the state of things was pretty bleak: 2014 marked another record year of data breaches, there was no miracle technology that would seal the cracks in an enterprise and every expert was predicting attackers would find new ways to get around defences.

As I look ahead to 2016 every expert I talk to says attacks will continue to find new ways of getting around defences, there’s no miracle technology coming that will seal the cracks in an enterprise and it will probably be another record year of data breaches.

In the face of that what’s a CISO to do?

For one thing, continue sealing the cracks in the enterprise the old-fashioned way: Security awareness training, using two-factor authentication wherever possible, network segmentation, limiting the number of people with administration privileges and access to sensitive data, patching, increase spending on intrusion detection and prevention (including analytics), be part of a threat intelligence (either formally by buying a service, or informally with colleagues) and solid backup and restore. On top of that, have a tested disaster recovery plan.

In addition, be aware of certain trends experts say will mark 2016 as different from the year before. Here’s some of them:

–The evolution of technology means IT departments more than ever have to understand what business units want, and then propose secure ways of doing it, says Bob Hansmann, director of security analysis and strategy Ratheon Websense security labs.

Read more here

#CyberFLASH: Ransomware, bogus emails from your ‘boss’ mark growing skill of cyber-criminals

03748212-700x500Cyber-criminals are hacking into corporate computer systems and using the public profiles of top executives to fine-tune email scams that are duping Canadians out of hundreds of millions of dollars each year, a CBC News investigation has discovered.

“It came on the scene in a massive way, from virtually nothing to $19 million in 2014″ in losses reported, said Daniel Williams of the Canadian Anti-Fraud Centre, a federal government agency.

He also says that research by the CAFC and police suggests that less than three per cent of these email scams ever gets reported, meaning the incidents and the losses are probably much higher.

“Most probably in the range of $500 million to $1 billion,” Williams says. “It’s big, big money. It’s very organized, very sophisticated crime groups with a lot of resources putting a lot of effort … really on an industrial scale.”

Police and security officials warn that among the newer, more sophisticated tricks criminals have learned is how to customize forged emails by using insider information and the names of CEOs and accounting staff to pull off increasingly convincing scams.

These criminals are also netting larger and larger payouts by targeting financial industries, law offices and medium-sized businesses with malicious software that can freeze computer hard drives and hold a company’s data for ransom.


“It was just a regular email from a co-worker, and with a voicemail attachment. So I proceeded to click,” one woman told CBC News about her experience at a mid-sized investment firm in downtown Toronto.

Her computer froze immediately after clicking the attachment.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.