Posts

Hackers increasingly target Canada key infrastructure: Spy agency | Cybersecurity News


Agency reports 235 ransomware attacks on Canadian targets this year, half of which were key infrastructure providers.

Global ransomware attacks increased by 151 percent in the first half of 2021 compared with 2020, Canada’s signals intelligence agency has reported, as hackers become increasingly brazen.

Key Canadian infrastructure has regularly been targeted in ransomware attacks in which hackers essentially hold computer information hostage until they are paid, the Communications Security Establishment (CSE) said in a report published on Monday.

The agency said it knew of 235 ransomware incidents against Canadian targets from January 1 to November 16 of this year. More than half were critical infrastructure providers, including hospitals.

“Ransomware operators will likely become increasingly aggressive in their targeting, including against critical infrastructure,” said the report issued by the Canadian Centre for Cyber Security, a unit of CSE.

The average total cost of recovery from a ransomware incident more than doubled to $1.8m globally in 2021, the Reuters news agency reported.

CSE reiterated that actors from Russia, China and Iran posed a serious threat to the cyber-infrastructure of countries such as Canada.

“Russian intelligence services and law enforcement almost certainly maintain relationships with cybercriminals, either through association or recruitment, and allow them to operate with near impunity as long as they focus their attacks against targets located outside Russia,” CSE said.

SolarWinds hack anniversary

The Canadian government report came as a US cybersecurity firm warned that attacks by elite Russian state hackers have barely eased up since last year’s massive SolarWinds cyber-espionage campaign targeting US government entities, including the Justice Department, and companies.

On the anniversary of the public disclosure of the SolarWinds intrusions, US cybersecurity firm Mandiant said hackers associated with Russia’s SVR foreign intelligence agency continued to steal data “relevant to Russian interests”.

The hacking campaign was named SolarWinds after the US software company whose product was exploited in the first-stage infection of…

Source…

The most common cybersecurity threats and how to prevent them


You might think you are sufficiently protected from all sorts of dangers that lurk on the internet. However, your perception of this subject may change after you take a closer look at the statistics. According to Statista, the number of exposed records due to data breaches reached 155 million in the United States alone. It is a massive amount of individuals affected by data exposures.

To prevent this from happening to you, your loved ones, or your business, you should learn about the most common cybersecurity threats and know what you can do to avoid them. From malware, phishing attacks, and social engineering to man-in-the-middle attacks and password theft — all of these security risks can make your life much more difficult. Below, we explain what malware and social engineering are and share some effective methods to stop them. Let’s get started.

Malware

Malware is a type of software that can be used for various illegal purposes, including identity theft, credit card fraud, and ransomware. It can come in multiple forms, including viruses, worms, Trojans, backdoors, spyware, and rootkits. Malware can also be a part of a botnet — a network of computers controlled by cybercriminals.

While there are numerous types of malware, they generally fall into two categories: active (also known as running) and passive (also known as dormant). Active malware is the one that is actively doing something ‘bad’ to your device, while passive malware only waits for its trigger to perform malicious actions.

Some examples of active malware include email attachments with embedded malware, malicious links in emails and social media posts, spam messages, and bogus updates for programs installed on your device. On the other hand, passive malware includes spyware, keyloggers, rootkits, and trojans. Some examples of passive malware include malware hidden in legitimate files and on websites with a shady reputation (e.g., torrents or porn sites).

The good news is that you don’t have to be an expert to avoid these types of malware. Here are some tips that will help you stay safe:

Use trusted apps and sources — it’s great to automate various processes and use technology to your advantage,…

Source…

Healthcare Highlights: Cyber-Security, Licensing Board Issues, and Employer COVID-19 Regulations | Ward and Smith, P.A.


Recently, several Ward and Smith attorneys held a Health Care Breakfast and Learn to provide insights on the healthcare industry relevant to their specific areas of expertise, from privacy and data security to professional licensing issues and, labor and employment.

Privacy and Data Security

Peter McClelland, a privacy, data security, and technology attorney who is also a Certified Information Privacy Professional, began the discussion with some trends and tips for healthcare providers to be aware of in regards to cybersecurity.

“Healthcare and financial services are always neck and neck each year for which industry in the United States gets targeted the most by malicious cyber actors,” said McClelland.

In the world of data security, there are three major trends that have been especially relevant to healthcare providers over the past few years:

  • Substantial increase in cyberattacks – malicious actors using trusted third parties or managed service providers to gain access to computer systems and personal information
  • Significant uptick in the sophistication of cyberattacks – phishing schemes, tiny changes in email addresses, and spoofed email accounts increasingly difficult to identify
  • Increased costs associated with successful attacks – average cost for a data breach in 2020 was around $4 million

Outside of the healthcare industry, an attack on a managed service provider, service partner, or supplier is typically referred to as a supply chain attack. These supply chain attacks are the ones that have made headlines in recent years, with companies such as Colonial Pipeline, Microsoft, and Cassia experiencing significant costs to their finances and brand reputation.

“When you read or hear about any of these things in the news, it can be easy to think that events are only tangentially relevant to you,” explains McClelland, “but the same techniques in all of those get repurposed against entities in the healthcare space every day, whether they make headlines or not.”

McClelland reported that phishing scams in prior years almost seemed to be deliberately obvious in terms of sophistication. Formerly, the most advanced phishing and ransomware technology was mostly just available to…

Source…

The Financial Times and McKinsey’s best business books of 2021 cover pressing topics like global cybersecurity, climate change, and the opioid epidemic


Prices are accurate at the time of publication.

When you buy through our links, Insider may earn an affiliate commission. Learn more.

  • The Financial Times & McKinsey announced the best business book of 2021 on December 1.
  • Judges chose “This Is How They Tell Me the World Ends” by journalist Nicole Perlroth.
  • Below, find this year’s shortlist — ranging in topics from the opioid epidemic to climate change.

The Financial Times and McKinsey have announced the winner and finalists for the 2021 Business Book of the Year award.

This year’s winner, “This Is How They Tell Me the World Ends” by “New York Times” reporter Nicole Perlroth, delivers a crucial and thorough analysis of the cyber arms race, encountering hackers, spies, and criminals clamoring to infiltrate essential computer systems.

Intrepid journalist Nicole Perloth delves into cyber crime to create an urgent, alarming analysis of the threat posed by the cybercriminals arms race.

Originally $21.00 | Save 57%

“Nicole Perlroth has done something that hasn’t been done before: going this deep into the mysterious world of hackers,” Financial Times editor Roula Khalaf said in a press release. “Cyber security isn’t featuring highly enough on CEOs’ agenda. I hope this award will prompt them to read this book and pay attention.”

McKinsey’s Managing Partner Europe, Magnus Tyeman, echoed the importance and singularity of Perlroth’s book. “Nicole Perlroth has written a book that is more than just a timely wake-up call to the fact that the world has largely ignored the realities and profound implications of the arms race between hackers, cybercriminals and businesses and national governments,” Tyeman said. “It is an alarming book, one in which the author makes a compelling, granular and matter-of-fact case for how vulnerable global computer systems have become, even as it also comes with an urgent plea for specific and systematic action.”

Below, you’ll find the six books listed on this year’s shortlist — stacked with journalists and ranging in topics from the opioid epidemic (by the prolific author of “Say Nothing“) to racism, climate change, and meritocracy. 

The winner of the Business Book of the Year…

Source…