{"id":29809,"date":"2022-10-14T15:19:30","date_gmt":"2022-10-14T19:19:30","guid":{"rendered":"https:\/\/www.itworldcanada.com?p=507853"},"modified":"2022-10-17T09:04:04","modified_gmt":"2022-10-17T13:04:04","slug":"cyber-security-today-week-in-review-for-friday-oct-14-2022","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/cyber-security-today-week-in-review-for-friday-oct-14-2022\/","title":{"rendered":"Cyber Security Today, Week in Review for Friday, Oct. 14, 2022"},"content":{"rendered":"<p data-ar-index=\"0\">Welcome to Cyber Security Today. This is the Week in Review edition for the week ending October 14th, 2022. From Toronto, I\u2019m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.<\/p>\n<p data-ar-index=\"1\"><iframe style=\"border: none;\" title=\"Libsyn Player\" src=\"https:\/\/html5-player.libsyn.com\/embed\/episode\/id\/24681195\/height\/90\/theme\/custom\/thumbnail\/yes\/direction\/forward\/render-playlist\/no\/custom-color\/000000\/\" width=\"100%\" height=\"90\" scrolling=\"no\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/www.amazon.com\/ITWC-Cyber-Security-Today\/dp\/B07BRNG89P\/ref=sr_1_1?s=digital-skills&amp;ie=UTF8&amp;qid=1522688435\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396718 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-alexa-200.png\" alt=\"Cyb er Security Today on Amazon Alexa\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<td><a href=\"https:\/\/www.google.com\/podcasts?feed=aHR0cDovL2N5YmVyc2VjdXJpdHl0b2RheS5saWJzeW4uY29tL3Jzcw%3D%3D\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"thumbnail aligncenter wp-image-408712 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2018\/09\/sub-gp-200.png\" alt=\"Cyber Security Today on Google Podcasts\" width=\"200\" height=\"74\" \/><\/a><\/td>\n<td><a href=\"https:\/\/itunes.apple.com\/ca\/podcast\/cyber-security-today\/id1363182054\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396720 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-itunes-200.png\" alt=\"Subscribe to Cyber Security Today on Apple Podcasts\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p data-ar-index=\"2\">In a few minutes I\u2019ll be joined by Terry Cutler, the head of Montreal\u2019s <a href=\"https:\/\/www.cyologylabs.com\/?r_done=1\" rel=\"noopener\">Cyology Labs<\/a>, to discuss recent cybersecurity news. But first a quick review of what happened in the past seven days:<\/p>\n<p data-ar-index=\"3\"><strong>Employers in Ontario<\/strong> with more than 25 workers<a href=\"https:\/\/www.itworldcanada.com\/article\/ontarios-employee-electronic-monitoring-law-comes-into-effect-today\/507374\" rel=\"noopener\"> had to start distributing a corporate policy this week<\/a> on how they electronically monitor staff. That would include not only how employees access data, but whether the employer watches the number of keystrokes per hour of staff and if it turns on their computer video camera. Terry and I will discuss this new obligation on employers.<\/p>\n<p data-ar-index=\"4\"><strong>We\u2019ll also look at<\/strong> new numbers on ransomware in Canada, and <a href=\"https:\/\/www.prnewswire.com\/news-releases\/hornetsecurity-research-reveals-microsoft-teams-security-and-backup-flaws-with-more-than-half-of-users-sharing-business-critical-information-on-the-platform-301643023.html\" rel=\"noopener\">a report that employees aren\u2019t being careful<\/a> with corporate documents shared on collaboration platforms.<\/p>\n<p data-ar-index=\"5\"><strong>Network administrators <\/strong>with Fortinet firewalls and web proxies<a href=\"https:\/\/www.greynoise.io\/blog\/fortios-authentication-bypass\" rel=\"noopener\"> are being told to update the applications<\/a> to the latest version because of a serious vulnerability. Fortinet said it has already seen one organization successfully attacked through this hole.<\/p>\n<p data-ar-index=\"6\"><strong>Linux and Unix administrators <\/strong>whose firms use the Zimbra Collaboration suite were reminded again to address a serious vulnerability in the application\u2019s antivirus scanner.<\/p>\n<p data-ar-index=\"7\"><strong>Security researchers<\/strong> at <a href=\"https:\/\/www.oxeye.io\/blog\/vm2-sandbreak-vulnerability-cve-2022-36067\" rel=\"noopener\">Oxeye say<\/a> a serious vulnerability in an open-source JavaScript sandbox library called vm2 can be exploited by hackers. Developers using this library should upgrade their applications to the latest version, which was released at the end of August.<\/p>\n<p data-ar-index=\"8\"><a href=\"https:\/\/www.arubanetworks.com\/assets\/alert\/ARUBA-PSA-2022-015.txt\" rel=\"noopener\"><strong>Aruba has released<\/strong><\/a> patches for its EdgeConnect Enterprise Orchestrator to fix multiple security vulnerabilities. Network administrators running end-of-life versions of EdgeConnect should note the vulnerabilities affect these versions as well, so they need to either install the fixes or upgrade to the latest version.<\/p>\n<p data-ar-index=\"9\"><strong>Finally,<\/strong> developers churn out mobile apps almost daily, some of which are modified versions that promise enhanced features of a real app. However, there\u2019s always a risk of using a modified version of anything. <a href=\"https:\/\/securelist.com\/malicious-whatsapp-mod-distributed-through-legitimate-apps\/107690\/\" rel=\"noopener\">Researchers at Kaspersky warned<\/a> this week that the \u2018YoWhatsApp\u201d messaging app is deploying Android malware. The malware allows a hacker to take over a victim\u2019s WhatsApp account. The report says crooks often sucker people into downloading helpful-looking but infected apps through mobile ads. You have been warned.<\/p>\n<p data-ar-index=\"10\"><em>(The following transcript has been edited for clarity. To hear the full conversation play the podcast)<\/em><\/p>\n<p data-ar-index=\"11\"><strong>Howard:<\/strong> Joining me now from Montreal is Terry Cutler. Congrats on the Canadiens beating the Leafs on opening night.<\/p>\n<p data-ar-index=\"12\">Let\u2019s start with the new Ontario law obliging employers to have a written policy on the electronic monitoring of employees. I\u2019ll give some background: The policy has to say whether there is any computer monitoring, and if so how and in what circumstances the monitoring is done. That can be as simple as a chart listing all the applications that says, for example, in one column that we use anti-virus; in another, this is the purpose; in a third, this is in general what it collects. The policy also has to show the purposes for which the data collected will be used. Monitoring can include things like a GPS tracker to track the movement of an employee\u2019s delivery vehicle, sensors on how quickly employees scan items at a store checkout, the tracking of websites employees go to during working hours. This law doesn\u2019t establish a right for employees to not be electronically monitored, nor does it create any new privacy rights. But it at least does let employees know what their employer is doing. What do you think of this?<\/p>\n<p data-ar-index=\"13\"><strong>Terry Cutler:<\/strong> I don\u2019t think this is anything new, especially here in Quebec and for larger companies, because most of the time it\u2019s mentioned in employee handbooks that new hires have to sign. It\u2019s important to create an acceptable use policy because it tells employees what\u2019s being done \u2014 that they\u2019re being monitored on their use of the internet, that their computer is monitored so it\u2019s up to date, things like that. An acceptable use policy document stipulates the constraints and the practices that the user must agree to in order to gain access to the corporate network or the internet or whatever resources they have. Many businesses and educational institutions already require that the employees or students sign this policy before they get granted access to the network. But the problem that we see is that most people forget what they signed about a few weeks later.<\/p>\n<p data-ar-index=\"14\"><strong>Howard:<\/strong> One lawyer I talked to said that one of the advantages of this Ontario obligation is it can open up a discussion with employees who may ask, \u2018Do we really need this? Do we need this in the employee locker room?\u2019<\/p>\n<p data-ar-index=\"15\"><strong>Terry:<\/strong> Let me give you a real example of a case that happened not that long ago: An employee was walking past another employee\u2019s office and caught him with his pants down, literally. They reported this incident, and because this was a unionized worker he couldn\u2019t necessarily be fired on the spot. They had to do an investigation into what this guy was doing. He was watching inappropriate content. That\u2019s where it gives the power to the employer to have a discussion with that employee to see what they\u2019ve been looking at.<\/p>\n<p data-ar-index=\"16\"><strong>Howard:<\/strong> And if necessary the company would monitor that particular employee because there was a complaint.<\/p>\n<p data-ar-index=\"17\"><strong>Terry:<\/strong> Exactly. Later on we found out that this employee was doing far more than just watching inappropriate content. He was actually running a prostitution ring [from his computer], setting up appointments and everything during working hours. That was enough information to install some more advanced monitoring software on this person\u2019s computer to see what they were doing all day \u2026 And that led to the firing of the employee.<\/p>\n<p data-ar-index=\"18\"><strong>Howard<\/strong>: So that incident might be seen as an exception to the general corporate employee monitoring policy, but a lawyer told me that\u2019s okay as long as the monitoring policy says there are special circumstances \u2014 such as special investigations \u2014 in which it may have to monitor what an employee is doing online.<\/p>\n<p data-ar-index=\"19\">I think that most employees would know that their employer keeps track of who accesses data through logins. Arguably the greatest worry of an employee is whether the employers are secretly monitoring them for productivity by doing things like monitoring the time that they\u2019re on on the keyboard, looking at what websites they\u2019re on and secretly turning on their computer microphones and cameras. In your experience is secret monitoring common in the workplace?<\/p>\n<p data-ar-index=\"20\"><strong>Terry:<\/strong> No. Usually we just see the basic stuff, like monitoring what websites the employee is visiting during business hours or watching the GPS movements of the employee\u2019s delivery vehicle. But they could deploy technology that allows them to turn on the microphone or video camera if there is reasonable doubt [about a violation of corporate rules]. Let me give an example: We had to investigate a case where an employee was creating fake quotes to defraud his employer. One of the company\u2019s clients was looking for pricing on a specific item and received a quote from the [suspect\u2019s] company as well as one from a competitor. What was interesting is that the quotes looked identical, except for one being a dollar off. The client called up the vendor, who became suspicious. However, we were told we couldn\u2019t install monitoring software on one person\u2019s computer. It had to be deployed to a group. That way it doesn\u2019t look like one person is being singled out. But this guy got caught creating fake invoices. He was also showing up to work all of a sudden in a Porsche. And he was buying a house in Florida while making only $50,000 a year. He was making extra money scamming his own company\u2019s customers.<\/p>\n<p data-ar-index=\"21\"><strong>Howard:<\/strong> There are fears that with more people working from home employers want some sort of secret surveillance to measure the productivity of those people who are out of the office. Are you seeing that?<\/p>\n<p data-ar-index=\"22\"><strong>Terry:<\/strong> I am. But at the same time there has to be a fine balance between flexibility and productivity. I\u2019ll give an example: At one o\u2019clock in the afternoon on a beautiful sunny day I want to go take a ride on my bike. I figure I can catch up on my work after dinner. That may be OK for some employers but not for others if an employee is often unreachable or stuff isn\u2019t getting done. That\u2019s when there has to be a discussion with the employee \u2014 and why an employer may want to deploy surveillance technology.<\/p>\n<p data-ar-index=\"23\"><strong>Howard:<\/strong> This Ontario law only applies to companies with 25 employees or more, although when you\u2019re counting employees that will include people who are on definite term or specific task contracts, probationary employees, staff out on strike or locked out as well as those on a leave of absence. Shouldn\u2019t it apply to all companies, whether there are two employees or 10 or 15?<\/p>\n<p data-ar-index=\"24\"><strong>Terry:<\/strong> I think it could lead to abuse of power. Especially for small business owners that are constantly watching if their employees are surfing the web. It can also often lead to a toxic work environment because if they see that their employees are always on Facebook or searching job boards that\u2019s going to make the business owner very uncomfortable and will start treating his employees differently.<\/p>\n<p data-ar-index=\"25\"><strong>Howard:<\/strong> Should this law be copied by all provinces and U.S. states where it isn\u2019t already mandatory?<\/p>\n<p data-ar-index=\"26\"><strong>Terry:<\/strong> I think most of the basic items are already in place because you need it in place in order to help protect the company from cyber-attacks.<\/p>\n<p data-ar-index=\"27\"><strong>Howard:<\/strong> It wouldn\u2019t be a Week in Review if we didn\u2019t talk about ransomware. Yesterday, as part of Cyber Security Awareness month, <a href=\"https:\/\/www.newswire.ca\/news-releases\/canada-targeted-in-141-ransomware-attacks-in-2021-per-palo-alto-networks-unit-42-802031750.html\" rel=\"noopener\">Palo Alto Networks released Canadian data<\/a>. Last year there were over 140 reported successful ransomware attacks against Canadian organizations. Of them, 52 organizations in Ontario were hit, 45 in Quebec, and 24 in British Columbia. Researchers didn\u2019t see any criminal leak sites posting breaches of organizations in the Canadian provinces of Nova Scotia, Prince Edward Island, Yukon, Northwest Territories and Nunavut. Interestingly, 27 different ransomware groups claimed they had hit victims in Ontario alone. Just for context, worldwide there were 2,566 victims were named on ransomware gang leak sites. Assuming that crooks don\u2019t lie, that was an 85 per cent increase in the number of victims compared to 2021. However, a number of security companies say ransomware attacks are down so far this year compared to 2021. What are you seeing \u2014 are the number of ransomware attacks going up or down?<\/p>\n<p data-ar-index=\"28\"><strong>Terry:<\/strong> The keyword here is \u201creported.\u201d What about all the others [firms] that tried to sweep it under the rug? Let me give you a real example: We had to do an incident response on a company that got hacked by its IT guy. He told the business owners that no, you don\u2019t need to have antivirus installed on your Exchange server, it just slows things down. What happened was ransomware infected the whole company. But instead of engaging an incident response firm to help clean it up, they wanted to remove the evidence and not even contact their clients that they got breached and data leaked out \u2026 Going back to your question about if it\u2019s going up or down, there\u2019s a lot of activity happening now. We\u2019re seeing a lot of ransomware gangs that are either merging or their members are getting arrested. I think that they\u2019ve made enough money over the years to stay more low-key. But to be honest, I think they\u2019re preparing for something much bigger.<\/p>\n<p data-ar-index=\"29\"><strong>Howard:<\/strong> There was <a href=\"https:\/\/www.washingtonpost.com\/politics\/2022\/08\/17\/is-drop-ransomware-numbers-an-illusion\/\" rel=\"noopener\">an article in the Washington Post<\/a> in August that took a look at the supposed drop in attacks. One expert suggests ransomware gangs are attacking smaller companies that are unlikely to report to police, so these attacks are out of the headlines. There was another expert who thinks that gangs may not be boasting about their successes on their websites as much as they did last year.<\/p>\n<p data-ar-index=\"30\"><strong>Terry:<\/strong> I totally agree with that. I think what\u2019s happening is that ransomware gangs don\u2019t just rely on their leak sites. That\u2019s where they used to post the alleged victims\u2019 identities and their data to put pressure on them to pay [for decryption keys]. What we\u2019re seeing now is more focus on the gangs directly contacting the customers \u2014 and their employees \u2014 to pressure them to pay. We\u2019re also seeing gangs that are being dismantled, like Conti, <a href=\"https:\/\/www.itworldcanada.com\/article\/conti-ransomware-brand-is-dead-but-gang-restructures-report\/485319\" rel=\"noopener\">who apparently got dismantled back in May<\/a> because all of the internal workings of the gang got leaked. Whatever the truth is behind these numbers, I don\u2019t think ransomware is dying off anytime soon.<\/p>\n<p data-ar-index=\"31\"><strong>Howard:<\/strong> Just before we started recording this show a company called Guidepoint Security <a href=\"https:\/\/www.guidepointsecurity.com\/resources\/grit-ransomware-report-july-sept_2022\/\" rel=\"noopener\">released their third quarter report<\/a>\u00a0[Registration required] on the number of reported ransomware attacks that it\u2019s seeing. That report said there is a little bit of a slowdown. Among other things, interestingly enough, they also said eight new ransomware groups had emerged between July and September.<\/p>\n<p data-ar-index=\"32\">Are organizations taking more precautions to avoid being victimized by ransomware \u2014 or any cyber attack.<\/p>\n<p data-ar-index=\"33\"><strong>Terry:<\/strong> To be honest, 2022 has been a really great year for us when it comes to proactive cybersecurity work. Usually it\u2019s always been, \u2018We\u2019ve been hacked, come help us out.\u2019 But now they\u2019re contacting us for audits, penetration tests and managed services. I think that the small-medium guys have caught on that it\u2019s very difficult to find and keep a cyber security expert because there\u2019s not enough qualified professionals in our field \u2026 so companies are learning that it\u2019s cheaper to outsource cybersecurity initiatives and monitoring and managed services.<\/p>\n<p data-ar-index=\"34\"><strong>Howard:<\/strong> Another item I want to look at is a survey that was released by a company called Hornetsecurity on the use of confidential information by employees on corporate collaboration platforms. It found that 45 per cent of respondents said that they send confidential and critical company information on Microsoft Teams. Half of the respondents said that they send business-critical documents and data on their personal devices. Forty-eight per cent admitted sending messages on Teams that they shouldn\u2019t have. This is a very timely survey during Cybersecurity Awareness Month for two reasons: It suggests a lot of employees need more awareness training, and a lot of organizations need better security policies. What struck you about this?<\/p>\n<p data-ar-index=\"35\"><strong>Terry:<\/strong> I\u2019m guilty. I could be on a client call and all of a sudden they\u2019re sharing network diagrams with me or password information, or I\u2019m sending them log information. Obviously, we look at convenience \u2014 everybody\u2019s on the call and we\u2019ve got to share the data. But we have to keep in mind that once we share this information we no longer control it.<\/p>\n<p data-ar-index=\"36\"><strong>Howard:<\/strong> On the other hand, don\u2019t we expect that confidential documents are going to be shared on what is an internal communications platform? How else are you going to communicate? Take a paper document and go from office to office and office in a building and physically hand it to someone? So what\u2019s the problem here?<\/p>\n<p data-ar-index=\"37\"><strong>Terry:<\/strong> Over the years chat systems have been really convenient ways to interact with our colleagues and customers, especially on platforms like Teams and Slack. But if we send out these documents they could land in the wrong hands. We need more awareness training. But organizations also need to review their policies and implement whatever tools they can to minimize their risks. There should be some policies that can be enabled in Teams that allow them to prevent sharing of documents. So employees will share that document via email instead. You need to find a way to make sure that the office suites are secure .. Office 365 out of the box is not configured correctly. You need to implement some advanced features in order to protect the data.<\/p>\n<p data-ar-index=\"38\"><strong>Howard:<\/strong> The last item that we\u2019ll look at is more consumer-orientated, and that\u2019s the evolution of phone-based scams against Americans and Canadians. <a href=\"https:\/\/www.trellix.com\/en-us\/about\/newsroom\/stories\/research\/evolution-of-bazarcall-social-engineering-tactics.html\" rel=\"noopener\">A report by Trellix<\/a> outlines what are dubbed BazarCall campaigns by crooks. This category of scams doesn\u2019t rely on victims clicking on links in messages. Instead they get an email that convinces them to phone a company for more details. So so for example, the email could be about a charge that the victim doesn\u2019t expect for a purchase or renewal of a product or subscription. To be convincing the crooks use brand names like Geek Squad, Norton, McAfee, PayPal or Microsoft. The email the victim gets says that they\u2019re going to be charged for something unless they call a special number. When they, call a crook pretends to be a call centre representative. They try to convince the victim in one of several ways to download so-called helpful software, which, of course, is really malware.<\/p>\n<p data-ar-index=\"39\"><strong>Terry:<\/strong> The crook will say, \u2018We\u2019re going to cancel the subscription, but we need to remote [connect] into your computer. Then they\u2019ll say, \u2018Your computer is running a virus. We need to remediate this,\u2019 and it could lead to a locking of the computer via ransomware. This scam has been around for many, many, years. One of the earlier versions was a browser lock. You\u2019d be surfing the web, minding your own business and all of a sudden you visit a web page and your screen goes blank or your speakers say, \u2018Alert, alert\u2019 and a voice says your computer has a virus. Call this number.<\/p>\n<p data-ar-index=\"40\"><strong>Howard:<\/strong> What should consumers do to make sure that they\u2019re not victims of this kind of scam?<\/p>\n<p data-ar-index=\"41\"><strong>Terry:<\/strong> It really comes down to user education. There are so many new scams coming at consumers it\u2019s very really hard to keep up. That was one of the reasons I launched the Fraudster app months ago so to help educate consumers. Most of the scams are being run from call centres offshore, so victims and police can do very little. However, some ethical hackers are hacking back and exposing scammers. One of the more famous YouTube channels is called Scammer Payback. It\u2019s really entertaining how they reverse the connection and actually start deleting scammers\u2019 victim files.<\/p>\n<p data-ar-index=\"42\">The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-week-in-review-for-friday-oct-14-2022\/507853\">Cyber Security Today, Week in Review for Friday, Oct. 14, 2022<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This episode features a discussion on Ontario&#8217;s new requirement that many employers have to tell staff about electronic monitoring in the workplace, and updated Canadian ransomwa<\/p>\n","protected":false},"author":17,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[360,16],"tags":[389,682,505,481],"class_list":["post-29809","post","type-post","status-publish","format-standard","hentry","category-podcasts","category-security","tag-cyber-security-today","tag-hp-wolf-security","tag-kaspersky","tag-trellix"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/29809","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=29809"}],"version-history":[{"count":3,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/29809\/revisions"}],"predecessor-version":[{"id":29882,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/29809\/revisions\/29882"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=29809"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=29809"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=29809"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}