Spring 2019 Cyber Security Bulletin
F12.net produces this bulletin to quickly inform business leaders and their teams about recent security threats and defensive steps they can take. In this edition, we focus on high profile breaches to Canadian organizations. Feel free to forward this information to your colleagues and contacts.
State of Security
As phishing attacks evolve in sophistication, human resource and finance teams are becoming caught in the crosshairs. Historically, such departments have been able to fend off poorly executed phishing campaigns. However, as hackers get smarter, so do their tactics. By adopting the writing styles of executives on social media, they can produce “look-alike” language that is capable of fooling even the most careful employees.
Also, Cybercriminals are quietly phishing others, using the stolen credentials to log in to Office 365 and configure email to forward to an outside address. The criminals watch the email for sales activities, account information, or financial transactions and then intercept these legitimate messages, often undetected. Check your settings in Office 365 to ensure a fraudster is not forwarding your email! Further, F12.net recommends organizations disable forwarding across their Office 365 tenancy whenever it is not required.
Noteworthy Security Breaches
Security breaches in Canada continue to mount in 2019.
Canada – Canada Revenue Agency
Exploit: Privacy breach by rogue tax workers
Canada Revenue Agency: Tax law administrator for the Government of Canada
Risk to Individuals: We assess the risk as Severe. CRA employees inappropriately accessed the information of 41,631 Canadians. Over 1,600 of the privacy breaches warranted CRA directly notifying the victims.
Canada – CarePartners
Exploit: Data dumping extortion
CarePartners: Ontario-based healthcare service provider
Risk to Individuals: We assess the risk as Severe. Thieves offered hundreds of employee T4 files and over 80,000 confidential patient files for sale on the Dark Web.
Canada – 500px
Exploit: Server hack
500px: Photo sharing platform
Risk to Individuals: We assess the risk as Moderate. The online marketplace for photographers recently reported that the hack of its servers. The hack exposed information on 14.8 million users. The breach compromised personal information, however, passwords were encrypted, and the breach did not include payment data.
Canada – Olympia Financial Group
Exploit: Ransomware attack on IT infrastructure
Olympia Financial Group: Full-service mortgage firm and trust
Risk to Individuals: We assess the risk as Low. There is no evidence of information being compromised, Olympia said in a press release announcing its recovery from the attack.
Canada – Canadian Universities
Exploit: State-sponsored spyware phishing campaign.
Canadian Universities: Group of universities across Canada.
Risk to Individuals: We assess the risk to individuals as Low but the national security risk as High. Chinese hackers are targeting 27 universities across Canada, the United States, and Southeast Asia to uncover maritime technology that can be developed for military use.
Canada – Samsung Canada
Exploit: Third-party employee breach
Samsung Canada: Canadian arm of the multinational electronics company
Risk to Individuals: We assess the risk to individuals as Moderate. The Samsung website, operated by Glentel, was compromised. Customers who made purchases during the time of the breach were exposed. However, Samsung reports that the hack disclosed no financial information.
Canada – Natural Health Services
Exploit: Breach of medical records.
Natural Health Services: Largest referral network of medical cannabis users
Risk to Individuals: We asses the risk to individual privacy as Severe. Between Dec. 4 last year and Jan. 7, attackers gained access to the electronic medical records (EMR) system containing personal health information and exposed information included patient’s personal information, medical diagnoses, and referral data. No patient prescriptions, credit card information, or identity numbers were involved.
Canada – NWT Department of Health and Social Services
Exploit: Theft of government employee laptop
NWT Department of Health and Social Services: Health department
Risk to Individuals: We assess the risk as Severe. A thief stole the laptop of a government employee. This device contains private information 40,000 Canadians. Unfortunately, the laptop was not encrypted.
Other News
In other noteworthy news, MyFitnessPal and CoffeeMeetsBagel data went on sale on the Dark Web. After the breach of MyFitnessPal last year involving 150 million user accounts, cybercriminals eventually packaged the data up, along with stolen credentials from 15 other websites, and offered it for sale on the Dark Web. The asking price? Less than $20,000 in Bitcoin. Other websites included are Dubsmash, MyHeritage, ShareThis, HauteLook, Animoto, EyeEm, 8fit, Whitepages, Fotolog, 500px, Armor Games, BookMate, Artsy, and DataCamp. In total, this represents 617 million compromised records.
Cybercriminals combine such databases to find users who recycle passwords across multiple sites. The criminals use these credentials to hack into valuable accounts that which they can leverage for fraud.
Steps You Can Take
Below are some steps your organization can take to protect from data compromised by a security breach or, worse, making the list of breached organizations.
Buy-in – Consider implementing an incentive program for employees who detect significant vulnerabilities in cybersecurity. Create a workplace culture that values customer and employee privacy and offer continued education.
Updates – Schedule timely updates and involve employees in the process by sending notifications to patch and reboot personal systems.
Encryption – By making data unreadable for hackers, businesses can dodge hefty fines and tarnished reputations in the event of a breach. Data encryption is standard on F12’s 5th Generation F12 Plus and F12 Select solutions.
Backups – By backing up your data onto multiple locations, you can prevent information from being lost in the case of a ransomware attack. Diversifying the format of how data is stored and keeping multiple copies that are secure offers additional protection. F12 offers local, on-premise, and cloud backup options.
Testing – By assessing vulnerabilities and conducting penetration testing, you can anticipate weaknesses in your security. F12 offers Security Assessments to help identify the weak links. F12 Secure provides managed security services for organizations with 20 to 300 people.