Category Archives: Privacy & Security

Canadian consumers aren’t taking IoT security seriously enough, says ESET report

Despite rampant outbreak of cybersecurity incidents, consumers are still not taking proper steps to safeguard their internet-connected devices, concluded an ESET survey study with 4,000 participants. With a tally of 7 billion and counting, the number of IoT devices is expected to rise to 21 billion by 2025. According to IoT Analytics, the number of…

Canadian SMBs incur a potential productivity loss of CA$2 billion using older technology 

A recent study commissioned by Microsoft and Intel reported that the cost of using a PC older than four years is more than buying a new one.  As per StatsCanada, the country is home to around 1.2 million small and medium businesses. These businesses comprise 98.8 per cent of the total employee businesses in the…

RCMP charges two in Montreal over Bell customer data theft

RCMP arrested two Montrealers on charges of stealing Bell customer data. Nana Koranteng and Jesiah Russel-Francis were arrested by RCMP on Oct. 8th, 2019, on charges of unauthorized use of a computer, fraud over $5000, conspiracy to commit fraud, laundering proceeds of crime, identity theft, and identity fraud. In 2018, RCMP initiated an investigation after…

Toronto hospital recovering from ransomware attack

A Toronto hospital is recovering after being hit last week by a variant of Ryuk ransomware. However, so far it seems the malware was only trying to exfiltrate data instead of demanding money.

Michael Garron Hospital chief executive officer Sarah Downey told CBC News that the hospital’s firewall stopped data from leaving the institution.

UPDATE: On Friday, communications director Shelley Darling said IT experts were able to confirm the malware was Ryuk by examining the malware. There was an email message for communicating with the attackers, she added. but the hospital is not contacting anyone about paying a ransom.

The hospital has over 100 servers and they are still being evaluated for infection, she said. After the attack was discovered two elective surgeries and out-patient clinics had to be rescheduled and staff had to resort to paper documentation. As of Friday morning, all email had been restored. However, some remote VPN access is still off. Certain portals that communicate with other health care data repositories are slowly being restored.  In addition,  what Darling called “minor administrative systems” — such a volunteer database — and “systems that talk to each other” are still offline.

“It’s probably going take us a few weeks to have confidence to say all of our systems are back online,” he said.

The hospital hasn’t estimated yet how much the attack will cost. Some of those costs may be recovered through insurance, Darling said.

The attack started in the early hours of Sept. 25  when what it calls a virus was discovered on one of the IT systems. As a result several systems were closed to prevent the malware, later identified as a Ryuk variant, from spreading.

Patient privacy has not been compromised, the hospital said. However, it is still in what the institution calls a Code Grey, which means IT systems have been impaired.

Darling said the suspicion so far is the attack started with an employee clicking on an infected email or going to an infected website. “In the last several days we’ve been re-educating our staff on cyber security email do’s and don’ts,” she added. There has been regular privacy training, but now “we are looking at putting more formal education in place.”

“While we hope these types of situations never take place, our expert hospital teams prepare for all issues and we have extensive processes in place to respond quickly when experiencing disruptions in clinical services,” Downey said in a statement after the attack was discovered. “We want to reassure our community that all current patients at MGH continue to receive safe, high-quality care from our health care teams.

“Our priority is to restore full computer functionality as quickly as possible and we apologize to the small number of patients whose care has been re-scheduled. I am so grateful to our staff, physicians, leaders and volunteers who have worked exceptionally hard and put in extra hours during this time to ensure safe, quality care to our community.”

Michael Garron Hospital until recently was called Toronto East General Hospital, and is one of the largest in the city. The emergency department alone sees about 80,000 patients a year.

According to a blog earlier this year from security vendor CrowdStrike, Ryuk ransomware began appearing in August 2018. Controlled by a group it dubs Grim Spider, Ryuk has been targeting large enterprises.  CrowdStrike says Ryuk was derived from the Hermes commodity ransomware, which can be bought on dark forums. However, researchers believe Ryuk is only used by the Grim Spider group.

CrowdStrike believes that the initial compromise often comes after a victim clicks on a link or a document in an email that downloads the TrickBot or Emotet trojans. But note that in June the U.K. National Cyber Security Centre published an advisory that pointed out often Ryuk isn’t spotted by victims until after some time following the initial infection, ranging from days to months.

That allows the threat actor time to carry out reconnaissance inside an infected network, identifying and targeting critical network systems. But, the advisory notes, it may also offer the potential to mitigate against a ransomware attack before it occurs, if the initial infection is detected and remedied.

In the first four months since Ryuk’s appearance the threat actors operating it netted over 705 Bitcoins across 52 transactions for a total current value of US$3,701,893.98, said CrowdStrike. Payouts have been going up ever since. According to one news report in June alone Florida municipalities hit by Ryuk paid out more than US$1.1 million dollars.

Hashtag Trending – New privacy tools from Google, Alexa goes job hunting, UPS delivery drones approved

Google rolls out new privacy features, Alexa steps up to help people find jobs, and UPS gets federal approval for a fleet of delivery drones.

Cyber Security Today – October cyber security awareness month, ransomware statistics and lots of security updates to watch out for

October cyber security awareness month, ransomware statistics and lots of security updates to watch out for. Welcome to Cyber Security Today. It’s Wednesday October 2nd, I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com.     October is cyber security awareness month. I assume listeners to this podcast worry about cyber security. Good. But…

BlackBerry launches BlackBerry Labs to develop cybersecurity solutions

BlackBerry Ltd. is looking to ramp up its cybersecurity research and development by today announcing the launch of a new business unit entitled BlackBerry Advanced Technology Development Labs (BlackBerry Labs).

The unit will be headed by BlackBerry’s chief technology officer, Charles Eagan, and will include a team of over 120 software developers, architects, researchers, product leads and security experts.

“The establishment of BlackBerry Labs is the latest in a series of strategic moves we’ve taken to ensure our customers are protected across all endpoints and verticals in the new IoT,” said Eagan in a press release. “Today’s cybersecurity industry is rapidly advancing and BlackBerry Labs will operate as its own business unit solely focused on innovating and developing the technologies of tomorrow that will be necessary for our sustained competitive success, from A to Z; Artificial Intelligence to Zero-Trust environments. We believe this highly experienced team will allow us to remain nimble, engaged and, above all else, proactive in our efforts to be the most trusted security software leader in the market.”

While the overarching scope will be researching and developing security solutions, BlackBerry said initial work will be specifically focused on machine learning approaches to security in partnership with the company’s existing Cylance, Enterprise, and QNX business units.