Here are the top 7 stories you need to know about this week.
There were 235 known ransomware incidents against Canadian organizations in 2021. Over half of them targeted critical infrastructure providers, like health care, energy and manufacturing.
“Ransomware operators will likely become increasingly aggressive in their targeting, including against critical infrastructure,” said the report issued by the Canadian Centre for Cyber Security, a unit of CSE. (Aljazeera)
My thoughts: I’ve read many articles on how hackers want to attack critical infrastructures because of how desperate we are to get them back up and running. Therefore, organizations are more likely to pay the ransom in order to restore operations. What’s also interesting is how more cyber criminals are attacking infrastructures than encrypting personal data.
“The Communications Security Establishment (CSE) and the RCMP are urging Canadian businesses to upgrade their cyber security — and to report any ransomware attacks, even if they decide to pay the hackers.” (Global News)
My thoughts: I think it’s important to note that organizations not disclosing their ransomware attacks reduce visibility into the extent of the Cyber Pandemic. We obviously understand why companies would keep it on the down low. I just find it interesting that the CSE and RCMP are urging organizations to report attacks. It’s indicative of how serious of a situation this is becoming.
“The average cost of recovering from such attacks has increased even more dramatically — from $970,000 in 2020 to $2.3 million in 2021, the agency said.” (Global News)
Thoughts: Lovely fun fact for the day.
Unknown actors breached Ubisoft’s popular video game, Just Dance. Ubisoft suspects the hackers may have copied personal data of the game’s users. However, they have not yet confirmed. The hackers got in through a misconfiguration that Ubisoft quickly fixed. (The Daily Swig)
My thoughts: How would you react to find out your personal information was compromised and potentially spread across the internet?
Back in 2019; remember when 4.2 million people’s personal information was leaked by an internal employee at Desjardins? Well, those customers were not very happy and filed a class action lawsuit.
According to reports, in December 2021, Desjardins settled for $201 million (not final number though) because later it came out that 9.7 million people were actually affected. (Bonkers). (CBC)
My thoughts: When organizations think of a ransomware attack, they often think about how much it would cost them internally to remediate the issue. Rarely do companies think about their end-users or clients and how they will react. This lawsuit is a great example of how end-users or clients can retaliate and ask for retribution ultimately adding more unforeseen cost to this unfortunate event.
It was revealed that the Log4j vulnerabilities led to a series of unfortunate events including the Biden Administration being affected as well as Vietnamese crypto trading platform ONUS. The vulnerability has the potential to gain access of remote devices. (Politico)
My thoughts: This story gets so messy, it’s worth the read. The next point ties in well with this story.
The benefits of IoT devices are countless and it’s estimated that 127 new IoT devices go online every single second (Security Weekly). That’s a lot! The use of cloud-based devices is increasing rapidly, but network-connected devices are posing many risks. Organizations overlook protecting these devices. So, the first step is to identify the vulnerabilities. Often unmanages & unprotected devices include:
The second step is considering IoT devices as part of your cyber resilient strategy. Not something to overlook especially in manufacturing, transportation and agriculture.
Share the news with your network.