In this week's Cyber Weekly:
Thanks to all 8930 subscribers. It really takes a community to fight against cyberattacks. By sharing and commenting on these newsletters, we can reach more people and help others from becoming a statistic. Share your comments below or simply like the post.
Also, follow me on LinkedIn for daily tech discussions >> Luigi Tiano.
Canadian food retail giant Sobeys was supposedly hit by a BlackBarta ransomware attack, leaving multiple IT systems offline and impairing store service operations. Its point-of-sale and payment systems in all 1,500 of its stores across ten provinces were affected. The retail giant admitted to facing disruptions at some stores due to company-wide technical issues. It was only when local media privacy watchdogs from Quebec and Alberta confirmed receiving confidentiality incident notifications from the retailer, when it was thought to be a cyber attack.
Sobey’s Parent company has yet to confirm the attack. However, confidentiality notifications only go out when there is a security incident.
Empire is the parent company that owns retail banners that include Sobeys Inc., Foods West, Foodland, FreshCo, Thrifty Foods and Lawton's Drug Stores – operating under a variety of well-known banners including Safeway and Foodland. (bleepingcomputer)
Thoughts: Regardless of how companies respond to incidents in public, they will be required by law to take steps to protect the interest of their end-users. In this case, they sent out a notification of an incident to their end-users even if they didn’t want to address the situation to the public. I think the changes in data privacy laws are going to accelerate companies to be proactive and react responsibly.
A Russian-Canadian has been arrested in Canada by US authorities for the involvement in a global ransomware gang known as LockBit. Mikhail Vasiliev, 33, was arrested in Ontario on November 9th and is awaiting extradition to New Jersey to face charges.
Mikhail Vasiliev's arrest is "the result of over two-and-a-half-years of investigation into the LockBit ransomware group, which has harmed victims in the United States and around the world," US Deputy Attorney General Lisa Monaco said.
LockBit had been used against more than 1,000 victims who faced ransom demands amounting to millions. LockBit members have made at least $100M in ransom demands to those victims and have extracted tens of millions of dollars in actual ransom payments. (bbc)
Thoughts: This is great news, but let’s be honest. We want to know how they tracked and caught him. It took them over two years! Do ransomware gang members remain with a specific gang for long enough to be caught? I’m looking forward to how this story unfolds.
Australia will consider making it illegal to pay ransoms to cyber criminals, following a recent flurry of high-profile hacks that resulted in millions of people having their personal and sensitive information compromised. Clare O'Neil, Australia's Home Affairs Minister, stressed on Sunday that the government does not currently pay ransoms to hackers and is opposed to it. (reuters)
The flurry of ransomware attacks affect at least one-third of the country's population. There were up to 12 high-profile attacks this year including:
Thoughts: This would be a bold and interesting move from the country. It could be adopted by other lawmakers in other countries.
Last week, a 19-year-old Australian man had been arrested for using a leaked Optus database to extort his victims. The database had information of over 10,000 people. The man sent SMS messages to 93 people in a blackmailing attempt. None of the suspects seem to have fallen for the scam. Australian police found out that the scammer used a Commonwealth Bank of Australia account in attempt to receive the ransom.
The suspect now faces charges for:
If found guilty, he may face up to 14 years in prison. (bleepingcomputer)
Thoughts: Well, this young adult basically threw his life away for nothing. Also, this is a great example of how one attack can spin into multiple threats toward the victims.
F-35 fighter jets face greater threats from cyber-attacks than from enemy missiles (Interesting Engineering)
The yearly global cost of cybercrime is estimated to be $10.5 trillion by 2025 (Cybersecurity Ventures Magazine)
Watch my video about why I think the cost of ransomware doesn't matter
I started Assurance IT with my childhood friend Ernesto Pellegrino in 2011. Our mission is to help 100,000 companies become cyber resilient through our services and free content. We focus on helping mid-sized organizations with data protection and data privacy. Our primary services include: endpoint management, cloud backup, DRaaS, Office 365 backup, and Quebec's Law 25 training.
Access monthly conversations with IT & Tech Leaders about the hottest cyber security topics in the industry.