Tag: Cybersecurity

Categories
Mobile Syrup

Ontario’s Peel Region warns citizens of COVID-19 vaccination phishing texts

Ontario’s Peel Region is warning residents that a new COVID-related phishing message is circulating.

The Region of Peel has turned to Twitter to notify residents of a phishing/spam text circulating that claims recipients can get paid for COVID-19 vaccinations. The region warns recipients not to open links or send personal information to these texts.

The texts are fake, and you will not get paid for COVID-19 vaccinations.

This isn’t the first COVID-19 scam we’ve experienced. Back in 2021, the Canadian Centre of Cyber Security noted that many cybercriminals used the ongoing pandemic as a way to lure victims to visit fake websites, apps and open email attachments.

Source: @regionofpeel

Categories
Mobile Syrup

Only 1/3 small, medium-sized Canadian businesses get mandatory cybersecurity training: survey

Russian hacker hacking the server in the dark

A significant portion of Canadian businesses is seemingly not doing enough to help keep their data safe and secure.

According to the Insurance Bureau of Canada’s (IBC) inaugural Cyber Savvy Report Card, just 34 percent of small and medium-sized business (those with fewer than 500 people) employees said they get mandatory cybersecurity awareness training.

This was one of the key findings of the report, which surveyed 1,525 Canadians aged 18 and over in August 2022. The goal of the report was to analyze Canadian workers on their cybersecurity knowledge and practices, and ultimately, they got a “C” letter-grade.

Other factors that contributed to this grade include 50 percent of employees saying their organization hasn’t introduced multi-factor authentication for increased security and only 24 percent of respondents reporting that their employer conducts phishing email simulations to promote awareness. All the while, 42 percent of employees said they’ve seen an increase in cyber scam attempts over the past year.

As part of the report card, IBC identified various worker behaviours that could make data more susceptible to cyber criminals:

  • 27 percent of respondents use just one password to access multiple websites they use for work
  • 23 percent access public Wi-Fi from their work computer
  • 19 percent download software/apps on their work devices that weren’t provided by their employer
  • 7 percent allow friends and family to share their work computer
  • 5 percent share their work login credentials by email or text

Per the report, 72 percent of employees said they’re guilty of at least one of these behaviours.

There were also some general misunderstandings about common terms related to cybersecurity. For example, IBC notes that 56 percent of respondents incorrectly said “true” when asked if ransomware “refers to when a criminal steals your work computer and asks you to pay for it to be returned.”

To put all of this into context, IBC noted that the average total cost of a data breach to Canadian organizations was an estimated $7.3 million, per IBM’s Cost of a Data Breach Report 2022.

IBC has published these findings ahead of Cyber Security Awareness Month, which falls in October. It’s also launched a website to provide various resources and help businesses gauge their own levels of cybersecurity.

IBC’s full Cyber Savvy Report Card can be viewed here.

Image credit: Shutterstock

Categories
Mobile Syrup

Cybersecurity experts warn of security issues tied to the metaverse

There’s no arguing the metaverse is here to stay.

Various industries, from restaurants to smartphones to art, are moving swiftly towards making gains.

But on the surface, a crucial aspect seems to be forgotten: safety.

Existing threats

Jaeson Schultz, technical leader at Cisco Talos, believes engineering scams are the most significant threats. These scams include phishing attacks, fake NFT minting sites and criminals impersonating moderators.

Schultz said there is a “promise” criminals are seeing through the metaverse. People use cryptocurrency, and criminals take note, monetizing their attacks efficiently.

Amin Lalji, national cloud security leader at EY Canada, says adding personal information in the metaverse, such as the cryptocurrency you own, is risky.

If a user wanted to acquire digital assets through the metaverse, most platforms would require you to get a crypto wallet, a place to store and use cryptocurrency. As it stands today, all it would take for a criminal to impersonate someone on the metaverse is to gain control of their crypto wallet, Lalji said, as non-sophisticated users likely haven’t added security features to their wallet, such as 2FA (two-factor authentication).

Most wallets have this feature and it’s something users should have activated at all times. It makes accounts more secure since a hacker would need both a password and a secondary authentication code that only the wallet owner has access to.

Schultz also agreed with this factor. “For most, this is their first experience with the metaverse, cryptocurrency wallets and NFTs. This absolutely plays into the hands of cybercriminals that prey on the naiveté of new users in the space, as these new users are more likely to fall for the many social engineering scams.”

A lack of monetization to blame

Part of the criminal nature is tied back to the metaverse not being monitored with rules and regulations ensuring safety. Schultz says security controls are necessary because criminals can do as they please without them. “The ability to monitor activity, identify cybercriminals and restrict criminal activities is essential to making the metaverse a safe place for everyone.”

But there isn’t a big push to change that at this time. Since metaverse is still in its infancy, Schultz said businesses are mainly focusing on developing new features over security. They often don’t realize the importance of security until a breach happens and it’s too late.

But all is not lost. While the metaverse is relatively new, people should remember that we’ve already been through web 2.0, and cybersecurity professionals believe users can learn lessons.

“Systems need to be hardened so they can continue to operate reliably even in the presence of miscreants who intentionally commit abuse,” Schultz said. “As we build out the metaverse, we can bring those lessons that we have learned along with us, and bake in security right from the start.”

Lalji believes distributed blockchain technologies utilize embedded security capabilities, but things like coding errors and backdoor options play a role in high-volume transactions going wrong.

“Some solutions are emerging to allow consensus-based reversal of fraudulent transactions, however, the landscape is fragmented, standards don’t fully exist, and adoption of these technologies is sporadic,” Lalji said.

Staying safe

Both experts say individuals and larger companies can take steps to keep safe.

Lalji says a complete understanding of the security issues and how to mitigate their need to be brought together for all parties to stay safe.

Big companies “will want to anticipate how the experience they create in the metaverse might possibly be abused and account for that,” Schultz’s added. This could include things like seeking the assistance of experts or locking down servers customers use to communicate.

Image credit: Shutterstock

Categories
Mobile Syrup

Quebec resident charged in connection with sale of compromised financial accounts on dark web

A Laval, Quebec resident is being charged in connection with cyber incidents that took place from 2018-2019.

The individual, identified as Chris Tyrone Dracos, was arrested by the Royal Canadian Mounted Police (RCMP) and charged in the Court of Quebec with three major offences: unauthorized computer use, possession of a device allowing the unauthorized use of a computer, and having counselled an offence that is not committed.

According to the report, investigations began in 2018 when the RCMP’s National Division Cybercrime Investigative Team launched an investigation named ‘Project Ados’ that looked into illicitly selling compromised financial accounts and hacking tutorials on the dark web. As part of a thorough investigation, the RCMP was able to link Dracos to the illicit activity.

“This case highlights the value and importance of partnerships between police, public and private sector companies and organizations, including the CRTC,” says Inspector Alexandre Beaulieu, the Officer in Charge of the National Division Cybercrime Investigative Team. “Such collaboration can contribute significantly to identify serious cyber crimes, the success of police investigations, and help bring those responsible to justice.”

Chris Tyrone Dracos is due in court in Laval on March 29th and is currently being held in custody for a different incident.

Image credit: Shutterstock

Source: CourierLaval

Categories
Mobile Syrup

2021 saw record number of phishing attempts in Canada: CIRA

The CIRA (Canadian Internet Registration Authority) has released new findings detailing the rise of cyber crime attempts in Canada in 2021.

In the second edition of its Canadian Shield Insights report, the CIRA notes that recorded phishing blocks quadrupled between the first and fourth quarter of 2021. Between October and December, specifically, a total of 13.3 million requests were blocked — the highest quarterly total, and a marked increase over the third quarter.

The biggest scam offenders, says the CIRA, were cryptocurrency and online streaming sites, which accounted for 21.1 percent and 15.4 percent of total blocks, respectively.

Another notable finding was the fact that cybercriminals generally attacked more often between 6pm and 9pm ET, which are considered “peak” online shopping hours.

CIRA has a stake in these findings, of course, to promote its free CIRA Canadian Shield cybersecurity service. In any case, though, these findings are a good reminder to be safe online.

Source: CIRA

Categories
Mobile Syrup

Cisco invests $12 million in Canada’s largest cybersecurity education program

Santa Clara, CA / USA – March 26, 2019: Cisco Systems, Inc, an American technology office in the Silicon Valley, develops, manufactures networking hardware, telecommunication equipment

Canadian high schoolers will now have the opportunity to take part in the largest cybersecurity education program in the country.

This is possible through a partnership between Cisco Canada and STEM Fellowship.

The funds will assist 40,000 high school students in the cybersecurity classroom training program (CCTP), focusing on digital skills and safety knowledge by combining it with subjects like math, business, and social studies.

Business teachers, for example, can access specific content that would show what an attack on digital businesses looks like, teaching students the ways to protect organizations from a cyberattack like this.

Courses involving art and culture will take a look at electronic ticketing fraud and health courses might examine fitness information online, distinguishing between evidence-driven data and forgery.

A 2020 report by Statistics Canada shows only one-third of students are taught how to detect phishing or scams online.

“An understanding of cybersecurity and digital threats has never been more pressing, yet topics of cybersecurity and active digital citizenship are missing from high school curriculums. The Cybersecurity Classroom Training Program gives students a solid foundation in cybersecurity,” Dr. Sacha Noukhovitch, president of STEM Fellowship, said in a press release.

The program also hopes to inspire students to pursue careers in IT and cybersecurity.

Teachers can gain free access to the program by emailing cctp@stemfellowship.org.

MobileSyrup asked Cisco to provide more information on the program and will update when a response is available.

Image credit: Shutterstock

Source: Cisco