You can be safe, but what about your vendors?

This Cyber Weekly includes:

1. Announcements
2. Third party breach update
3. We need to talk about LockBit
4. February breach is still affecting company
5. Recent breach affecting pay day

1. Announcements

• Join our livestream today on LinkedIn to chat about Veeam's underutilized feature that everyone should use. Press attend here to know when we go live.
• You may or may not have noticed that I updated my headline (description under my name) to include Podcast Host. It's official. Assurance IT is launching a podcast called 10 Questions to Cyber Resilience this Friday. Twice a month, we are chatting about cyber security topics. Every episode is 10 questions and it gets you one step closer to cyber resilience. Keep your eyes peeled, we have great conversations coming up on the show! Follow Assurance IT to stay updated.

2. Update: TSO Data Breach – You can be safe, but what about your vendors?

Last week, we spoke about the Toronto Sympathy Orchestra getting breached because their third-party email vendor got hacked. Well, it turns out that the Canadian Opera Company and Canadian Stage were also victims of the attack.

In one email from the Canadian Opera Company, it was announced that the cyber criminals are no longer in possession of the data. (GlobalNews)

My thoughts: No matter how safe your organization is, your vendors can get you in some deep water. You need to look at your business as an ecosystem, consisting of internal and external threats with many variables in play. We are creating a free resource to help everyone with third party due diligence. “Like” this post so we know how many people are interested in this resource.

3. Ransomware Group is Unfortunately Thriving

Italy’s tax agency is the latest victim of LockBit ransomware attack. Last Monday, they put a notice saying they stole 78 GB of documents, financial reports and contracts. When the agency asked for help in investigating the incident, there were no signs of a breach.

LockBit is insisting on a ransom being paid or they will release the information. LockBit is one of the most active ransomware groups. They account for 32.77% of all incidents where victim organization were posted to ransomware leak sites.

The group is also trying an affiliate program and looking for new ways to steal.

“LockBit, which has been active since 2019, also made headlines in June with the release of LockBit 3.0, the latest version of its ransomware. A key change was the introduction of a bug bounty program, with the threat group offering rewards ranging from $1,000 to $1 million to individuals who find exploits, personal data on potential victims, information on high-value targets, or ideas for improving the operation.

LockBit also created new dark web sites for LockBit 3.0 and said that it is now accepting Zcash cryptocurrency for payment, allowing anyone to buy the stolen data, and offering victims the chance to pay the group to destroy the data. They also can pay to extend the deadline for paying the ransom by another day.” (TheRegister)

My thoughts: This ransomware group – this group of criminals – is expanding their portfolio of services faster than most organizations in corporate America. That’s all I could think about when reading this article.

Scenic Group Attack from February Still affecting Communication

Imagine you get into work. Your computer screens all go blank, except for one sentence. “Pay this amount or we will leak your data.”

That’s what happened to Scenic Group – a cruise line – back in February. Today, they have rebuilt their systems, confirmed data has not been compromised, but evidently lost access to all of their previous data. President of the group decided not to pay the ransom and thought it would take a few weeks to get back up and running. Unfortunately, communication with stakeholders has been “impossible” in comparison to before the attack. And they are still sorting things out as a result of the attack. (Travelagentcentral)

My thoughts: It’s good not to give in and pay the ransom. It’s even better to be proactive and avoid 7 months of resources dealing with an attack. I get so frustrated when large organizations aren’t proactive because they do have the resources to be proactive and avoid this chaos.

Late Payday for Teachers and Staff in Waterloo

The Waterloo Region District School Board were breached two weeks ago affecting payroll. It was established that direct deposits will be done as they sort things out. However, they are not sure on a timeline as to when things will be restored.

“At that time, spokesperson Estefania Brandenstein said she was unable to say what kinds of files — if any — may have been accessed or if the school board paid money to regain access to its system.” (CBC)

My thoughts: Companies continue to increase their cyber security budget in the future. Not sure what it will take to get the public sector there, but they will inevitably need to as well.

‍