Tag Archive for: Canadian

Expert says N.L. cyberattack worst in Canadian history, deserves federal response – National

/in


The cyberattack that knocked down Newfoundland and Labrador’s health system data centres Saturday is a national security issue and should be treated as such by Ottawa, security experts say.

David Shipley, chief executive officer of Beauceron Security in New Brunswick, called the attack the worst in Canadian history. Similar attacks have targeted individual hospitals or more general government services in the country, but the extent and the consequences for human health make the Newfoundland and Labrador situation stand out, Shipley said.

“We’ve never seen an entire health network – multiple health networks – taken down like this,” the cybercrime expert said in an interview Wednesday. “This is not just a Newfoundland story, it’s not just a health-care story. This is a national story, and it’s about national security.”

Read more:
Cyberattacks are on the rise and prevention is nearly impossible, security experts say

Story continues below advertisement

On Thursday, there were some signs of recovery from the attack, as the province’s eastern health authority announced its email system was working again. “We are working to bring our health-care and clinical systems back online in a safe and controlled manner,” the authority said in a news release.

In the provincial legislature, the Opposition Progressive Conservatives questioned why Liberal Premier Andrew Furey hadn’t come home from the COP26 climate change conference in Scotland to address the crisis instead of writing on Twitter about “the challenging time” for the province.

“Please know our world-class teams are dedicated to getting things up and running as soon as possible, and I remain focused on this issue,” Furey wrote.

The attack was first discovered Saturday, affecting what Health Minister John Haggie described as the “two brains” behind the provincial health network’s data centre. Without access to such things as basic email, diagnostic images and lab results, the eastern health authority – which includes several major hospitals in St. John’s – was left operating largely with pen and paper and running only emergency services.

Thousands…

Source…

How your commercial clients should be monitoring their cyber risk Canadian Underwriter

/in


With a large number of employees working from home during the pandemic, commercial clients need some way of assigning a risk score to the cyber exposure posed by their users, software applications, and hardware devices, a Canadian information technology security expert suggests.

“In this day and age, many organizations are using SaaS [software as a service] applications and cloud apps,” Antoine Saikaley, technical director of IT security vendor Trend Micro Canada, said in a recent interview. “[Risk managers need to be] able to assess quickly what applications their organization is using, and the risk scores of those apps, so that they can make the decision of whether to sanction it or un-sanction those apps.”

Trend Micro recently released results of a survey of 2,303 information technology security and security operations decisionmakers, 101 of whom were Canadian. The survey found security operations centre and IT security teams are suffering from high levels of stress outside of the working day — with alert overload being a prime culprit, Trend Micro said May 26 in a release.

Canadian Underwriter asked Saikaley what advice commercial brokers should give clients about information security risk if they still have a lot of people working from home.

Your commercial clients should have tools that give them “risk ratings” for users, devices, and applications, replied Saikaley.

Clients should monitor their end-users for unusual activity, accessing risky applications, and e-mail based threats, Trend Micro advises.

To manage cyber security risk, it is not enough for your clients to monitor the computers, Internet traffic, and incoming mail. The client also needs to monitor devices such as printers and cameras, as well as third-party contractors that connect to the computer network, suggested Saikaley.

Trend Micro says its Vision One product lets organizations continuously audit and assess the risk of users, devices, and cloud applications using a calculated risk score. The idea is to let computer security staff take quick action to manage cyber risk.

Vision One provides a risk score of more than 30,000 cloud applications, based on web reputation, security compliance,…

Source…

U.S. pipeline hack and concerns about Canadian cyber security

/in


A Russian criminal hacker group behind a major attack against a major U.S. oil and gas pipeline has caused substantial disruptions throughout the Eastern United States and its effects could trickle into Canada as well. The Russian cyber criminals, known as DarkSide, hacked into the Colonial Pipelines network this month, leading the company to shut down all of its operations for nearly a week.

The fuel shortages affecting the entire Eastern United States demonstrates the potential threats from malign foreign actors against critical infrastructure. The situation also raises questions about whether Canada is prepared to defend against these actors.

Colonial Pipelines was targeted with what is commonly known as a ransomware attack. As the name suggests, criminal hackers identify and exploit vulnerabilities in a targeted system to access and seize control of data and even entire networks and systems and a ransom is demanded to release them. In the Colonial Pipelines case, Russian hackers stole over 100GB of data from the Georgia-based company and then locked up part of the pipeline after which the criminal hacker group demanded a ransom.

The Colonial Pipelines system stretches from Texas to Maine, supplying gasoline, diesel and jet fuel supplies to the entire Eastern US. Its near weeklong shutdown has forced the U.S. government to approve alternate methods to transport oil and fuel across the region, including railways and roads.

The Wall Street Journal reported Colonial paid $4.4 million in ransom. Cyber criminals in past hacks have demanded amounts ranging from as little as a few thousand to millions of dollars in order to release data and hijacked systems. In October 2019, a Canadian insurance company reportedly paid $1.3 million to recover 20 servers and 1,000 workstations.

Over the past several years, cyber security experts have warned about the vulnerability of Canada’s critical infrastructure to foreign hackers and cyber criminals. In its 2020 threat assessment report, Canada’s Centre for Cyber Security noted that “cyber threat actors will intentionally seek to disrupt Canadian critical infrastructure and cause major damage.”

In July 2020, Russian government hackers

Source…

Cyberattack targets Montreal health agency, forcing it to go offline Canadian Underwriter

/in


MONTREAL – A Montreal health agency has been forced off-line as authorities deal with a cyberattack.

Quebec Health Minister Christian Dube said Thursday that specific attacks hit systems at the regional health agency covering west-central Montreal, which oversees the Jewish General Hospital among other facilities.

“Our teams quickly realized that there had been these attacks, and to protect the population’s data, particularly hospital data, the decision was taken to shut down the systems,” Dube told a news conference in Quebec City.

A statement from the agency said that as a preventive measure, “internet connectivity as well as external and remote access to our networks have been suspended.”

Access to patients’ records and data has been limited as a result, the statement said. “Frontline services have been slowed down – but not interrupted – while the situation is under investigation.”

Dube said the attack was possibly part of a broader campaign, but he didn’t make a direct link with a series of attacks that have hit American hospitals this week.

iStock.com/scyther5

A joint alert was issued in the U.S. Wednesday by the FBI and two other agencies, warning of a cybercrime threat aimed at hospitals and health-care providers in that country.

The warning said cybercriminals were hitting the U.S. health-care system with ransomware attacks designed to scramble hospital information systems that can only be unlocked with software keys once a ransom is paid.

Dr. Lawrence Rosenberg, head of the health agency, told a press briefing Thursday that an “anomaly” was detected during a daily verification of the system which they determined was a “cybersecurity intrusion.”

Officials said it was caught quickly but they were still investigating the source and weren’t in a position to confirm or deny the attack was linked to the U.S. incidents.

There hasn’t been a ransom request, Rosenberg added.

“We are going through a fairly rigorous process of trying to get to the bottom of what we’ve found, eliminate it and get back online,” Rosenberg said, adding the work could take up to four days.

Steve Waterhouse, an internet security expert, said he…

Source…