This Cyber Weekly includes:
Hydro-Québec, (a public utility that manages the generation, transmission and distribution of electricity in the Canadian province of Quebec, as well as the export of power to portions of the Northeast United States) found out that six consultants who were actively “working” remotely, had downloaded a software that simulates movement on their computer while working from home. In other words, the software moves the mouse to make it seem like they are actually working. Immediate action was taken and the consultants were let go. Now, Hydro-Québec is widening their investigation into their 11,000 remote workers. Hydro-Québec said they don’t monitor employee activity, but they do monitor their network for threats.
One of the representatives from the news outlet said that this kind of software poses cyber threats as many of them have ransomware built into them. So other than stealing time from the company, these consultants could have imposed much bigger risks to the organization. The original article is written in French. (LaPresse)
My thoughts: Strange to hear a company the size of Hydro-Québec, allows for “rogue” software to be installed on endpoints or perhaps this was a case of Bring Your Own Device (BYOD)? Endpoint management is more important than ever in a COVID / POST COVID era. BYOD initiatives have introduced a slew of risks into the enterprise. Endpoint management and security is what’s needed to determine what software is installed and active on every computer. That’s an extra layer that we also recommend.
Last year, gaming company, Razer, discovered a cyber security breach potentially exposing order details and shipping information of over 100,000 customers. Razer is suing their IT firm, Capgemini, for damages as they were the ones who recommended the IT system.
“The bulk of the US$7 million that Razer is suing for accrues from Razer’s claims to around US$6.85 million in loss of profits from its online website, as well as an unquantified sum for loss of profits from the rejection of its digital bank licence application.
Razer is also seeking a declaration that Capgemini pay full compensation for all damages, losses, and expenses incurred and which Razer may incur as a result of the breach.” (vulcanpost)
My thoughts: The outcome of many cyber security breaches will take place in court since they will amount to multi millions of dollars in damage. With increasing legislation being passed in many countries, we will start to regularly see companies being taken to court in class-action lawsuits in conjunction with their cyber insurance or IT firm(s).
“A DDoS (Distributed Denial of Service) is a cyberattack that aims to crash a network, service, or server by flooding the system with fake traffic. The sudden spike in messages, connection requests, or packets overwhelms the target's infrastructure and causes the system to slow down or crash.
While some hackers use DDoS attacks to blackmail a business into paying a ransom (similar to ransomware), more common motives behind a DDoS are to:
According to Google, a botnet is a network of private computers infected with malicious software and controlled as a group without the owners' knowledge, e.g., to send spam messages.
A botnet called Mantis generated a record-breaking DDoS attack in June that peaked at 26 million HTTPS requests PER SECOND. It hijacked virtual machines and servers hosted by cloud companies. It encrypts a transport layer security (TLS) connection over the internet. (zdnet)
My thoughts: Network Monitoring Defense, Endpoint Detection and Response, Audit Log Management….
Gaming company called Bandai Namco confirms a ransomware attack after a couple of weeks of rumors emerging. Their Asian regions, excluding Japan, were breached by a third party on July 3, 2022. Company information seems to be on the dark web, implying they were the victim of a double extortion. A double extortion is when a company refuses to pay the ransom, the cyber criminals then release private data on the dark web.
The company stated: “There is a possibility that customer information related to the Toys and Hobby Business in Asian regions (excluding Japan) was included in the servers and PCs, and we are currently identifying the status about [the] existence of leakage, scope of the damage, and investigating the cause.” (techcentral)
My thoughts: In recent weeks, it seems like hackers are shifting their focus from government entities to private firms. Do hackers think it’s too difficult or limiting to target governments? Or perhaps just a coincidence? Maybe they see more success in the private sector. It seems like they are A/B testing right now in order to optimize their damage and payout.
When you renew your Veeam Support Contract with us, you get 1TB of Cloud Connect Backup for free - $1000 value - for making the switch. The promo is only available for new Assurance IT customers. Just fill out the form on this page to get started.
Access monthly conversations with IT & Tech Leaders about the hottest cyber security topics in the industry.