Ransomware attack hits Suncor Energy disrupting fuel station payments across Canada

Numerous gas and fuel filling stations throughout Canada experienced significant disruptions in processing credit card and reward points-based payments due to a cyber attack on Suncor Energy, the parent company. The attack, suspected to be a form of ransomware, affected a substantial number of systems within the leading synthetic crude oil producer.

While Suncor Energy has not explicitly confirmed the ransomware attack, it acknowledged the incident as a digital assault that impacted its operations. As a result, more than 900 out of a total of 1,500-1,600 gas stations were affected, leading to the inability to process digital transactions. The disruption also impacted the “Carwash Season Pass” service, leaving many customers unable to utilize their regular subscriptions, thereby prompting requests for refunds from the Canadian Oil Company.

In April of this year, a Russian ransomware group called Zarya targeted a Canadian energy company, a fact confirmed by the US Pentagon. Security experts speculate that the recent attack on Suncor Energy may be linked to hackers sympathetic to the ongoing Russian-Ukrainian conflict that commenced on February 24, 2022, and shows no signs of resolution.

NOTE- Ransomware is a form of malware that encrypts data within an infected database until a ransom is paid. In some cases, this type of attack involves double extortion, where hackers steal a portion of the data and hold the remaining information hostage. If the victim fails to pay the ransom within the stipulated time frame, the hackers may proceed to sell the stolen data on the dark web. Additionally, some victims may be targeted multiple times within a year, especially if they pay the initial ransom in exchange for a decryption key. Criminal gangs behind such attacks may then demand further cryptocurrency payments under the threat of tarnishing the company’s image among its partners, customers, and clients.

The post Ransomware attack hits Suncor Energy disrupting fuel station payments across Canada appeared first on Cybersecurity Insiders.

June 26, 2023 at 08:42PM

Read More

Key Considerations When Hiring a Chief Information Security Officer

In today’s interconnected world, where cyber threats loom large, organizations must prioritize information security. One crucial step towards achieving robust cybersecurity is hiring a competent Chief Information Security Officer (CISO). The CISO plays a pivotal role in safeguarding an organization’s digital assets and ensuring data privacy. This article highlights the key considerations that organizations should keep in mind when seeking to hire a CISO.

Expertise and Experience: When hiring a CISO, it is vital to assess their expertise and experience in the field of information security. Look for candidates who possess a deep understanding of cybersecurity technologies, risk management frameworks, and regulatory compliance. Experience in managing security incidents, implementing security controls, and developing effective security strategies is also crucial.

Leadership and Communication Skills: A successful CISO not only possesses technical knowledge but also exhibits strong leadership and communication skills. The CISO must effectively communicate security risks and strategies to both technical and non-technical stakeholders. They should have the ability to inspire and motivate a team, drive security initiatives, and collaborate across departments to foster a culture of security within the organization.

Business Acumen: A CISO must understand the business landscape in which the organization operates. They should align security objectives with overall business goals and demonstrate a keen understanding of the organization’s risk appetite. A CISO with business acumen can effectively prioritize security investments, articulate the value of security measures to executive management, and build a security program that supports the organization’s strategic objectives.

Up-to-date Knowledge: The field of cybersecurity is ever-evolving, with new threats emerging regularly. It is crucial for a CISO to stay up-to-date with the latest trends, technologies, and best practices in information security. Look for candidates who demonstrate a commitment to continuous learning, involvement in industry forums, and participation in relevant certifications and conferences.

Collaboration and Relationship Building: A CISO cannot work in isolation. They need to collaborate with various stakeholders, including IT teams, executive management, legal and compliance departments, and external partners. A successful CISO should possess strong relationship-building skills, fostering partnerships that facilitate effective information sharing, incident response, and the implementation of security measures throughout the organization’s ecosystem.

Regulatory and Compliance Knowledge: Data privacy regulations, such as GDPR and CCPA, have placed additional responsibilities on organizations to protect customer data. A CISO should have a comprehensive understanding of relevant regulatory requirements and compliance frameworks. They should be able to ensure that the organization remains compliant with applicable laws and regulations, and that appropriate security controls are implemented to protect sensitive information.

Proactive Approach to Threats: Cyber threats are constantly evolving, and organizations need a CISO who takes a proactive stance against potential attacks. Look for candidates who have a track record of developing and implementing effective threat intelligence programs, conducting risk assessments, and establishing incident response plans. A proactive CISO will be vigilant in identifying vulnerabilities, implementing preventive measures, and continually improving the organization’s security posture.

Conclusion:

Hiring a capable Chief Information Security Officer is a critical step towards establishing a robust cybersecurity posture for any organization. By considering factors such as expertise, leadership skills, business acumen, up-to-date knowledge, collaboration abilities, regulatory compliance knowledge, and a proactive mindset, organizations can ensure they select the right CISO to protect their valuable digital assets. Remember, a competent CISO not only defends against current threats but also remains adaptable to future challenges in the ever-evolving landscape of cybersecurity.

The post Key Considerations When Hiring a Chief Information Security Officer appeared first on Cybersecurity Insiders.

June 26, 2023 at 10:17AM

Read More

Australian Prime Minister urges citizens to turn off their mobile phones to fend cyber attacks

It’s strange! But its true that Australian Prime Minister Anthony Albanese has asked his citizens to turn off their mobile phones daily for 5-10 minutes to combat cyber threats and risks associated to attacks. The suggestion was made after the Nation’s leader was provided a briefing on how to a 5-minute turn-off a smart phone for every 24 hours can help them minimize risk of the device being hacked.

“You can do it while brushing your teeth or while bathing or at least during or after your bed time. But it works and was proven in practical by the National Security Agency (NSA)”, said Mr. Albanese.

Security experts suggest that phony apps often run in the background and collect data and transit to remote servers. If the infected device is switched off for a certain period, the operations of such apps will be forcibly shut down and will take time to persist, at times taking hours or days for the mechanism to restart its activity as it makes the hacker work harder with their notorious activities.
Earlier, security professionals urged their customers to restart their phones once or twice a day. But now they are asking them to switch off their device for at least 5-10 minutes as it helps in blocking the apps that transmit info to adversaries.

How to know the phone is infected?

Whether it’s an Android or iPhone, there is not such device in the world that cannot be hacked. Although, both the manufactures are working hard to deliver security from the operating core, its never a foolproof try!

Unusual data consumption, excess battery drain, poor performance of the device, apps taking a lot of time to start, restarts happening 2-3 times a day, ad pop-ups, money drain from wallets and outgoing calls and messages that you aren’t aware and mysterious search history on the mobile search engine always indicate that the device has been infected.

So, how to block such activities?

1.    Keep your phone connected to 4G or 5G network instead of a Public Wi-Fi while roaming.
2.    Never download apps from online resources, except the app store
3.    Keep it protected with an anti-malware solution
4.    Never browse a-rated sites or games
5.    Switch off your phone for 10 minutes on a daily note.
6.    Never charge the device from public charging posts such as transit stations
7.    Keep your in-car entertainment system free from malware
8.    Never click on email or message links sent by unknown callers or senders
9.    Last, keep your phone updated with the latest software and relative updates

The post Australian Prime Minister urges citizens to turn off their mobile phones to fend cyber attacks appeared first on Cybersecurity Insiders.

June 26, 2023 at 10:11AM

Read More

Student Sues Whiteworth University for Ransomware Attack

A student of Whitworth University has brought a class action against the university for not keeping student and staff data safe from a ransomware attack that occurred in 2022..

The legal case was slapped against the institute for causing unnecessary anxiety over the loss of privacy and about potential abuse of the data.

Patrick Loyola is the student who filed the suit as the University failed to protect the data storage servers that stored highly sensitive information about former and present students.

Since a breach of violation was witnessed regarding the Washington Consumer Protection Act, the lawsuit obtained importance and could revolutionize the future course of action taken against all cyber-criminal gangs that spread file-encrypting malware and encrypt the servers until a ransom is paid in cryptocurrency.

If we take history into account, a patient of a hospital filed a lawsuit against healthcare for failing to treat her in an emergency, as all the digital information holding systems were compromised in July 2020.

A student has launched legal action against an educational institute in the latest case.

NOTE 1– In August 2022, Whitworth released an official statement that it fell prey to a malware attack that led to fraudulent access of over ONE Terabyte of data. LockBit group was suspected to be behind the incident and a few media resources reported that Whitworth bowed down to the demands of hackers and so could recover the siphoned data on time.

NOTE 2– According to a GuidePoint Security latest GRIT Report, new ransomware groups are emerging into the scene every month, as the operations of old ones are subsiding for various reasons. Malas, 8Base, Rancoz, Blacksuit, Big Gamer, Bolt, Steward, MobileMal are some of the newly released malware versions that can wipe out the encrypted server if the situation demands.

 

The post Student Sues Whiteworth University for Ransomware Attack appeared first on Cybersecurity Insiders.

June 23, 2023 at 08:43PM

Read More

First Directory of Virtual CISO Providers Launched by Cynomi

The vCISO Directory comes to answer the increasing need of SMBs to manage their cybersecurity and helps them find and engage with the right vendor

TEL AVIV, ISRAEL, JUNE 22, 2023 – The industry’s first-ever directory of virtual Chief Information Security Officer service providers has gone live today at www.thevcisodirectory.com. This extensive list of virtual CISO (vCISO) providers, collated by Cynomi, means that small- and medium-sized businesses (SMBs) can easily tap the expertise of qualified cybersecurity professionals to protect their digital assets and ensure compliance.

Cyberattacks are on the rise, with Check Point Software’s Mid-Year Security Report revealing a 42% global increase in malicious incidents during the first half of 2022. In this climate, strong cybersecurity measures are crucial. However, most small and medium size companies do not have a CISO of their own, usually because they lack the budget to fill such a position. This problem is compounded by the talent gap that makes it difficult to find individuals with the necessary skill and specialized experience. According to research by Datto, only 50% of SMBs have a dedicated, internal IT person who manages their cybersecurity needs.

To address this gap and help organizations shore up their cyberdefenses, managed service providers (MSPs,) managed security service providers (MSSPs) and consultancies have developed vCISO services. They enable businesses to avail themselves of the expertise and skills of a professional CISO to improve their cybersecurity posture, while only paying for an agreed scope of work, usually a fraction of the cost of an in-house security expert. Cynomi, by publishing the industry’s first vCISO directory, is making it simple for businesses to access this expanding pool of resources.

At launch, the vCISO directory contains more than 200 listings of U.S.-based providers, together with details on the specific services they offer and the technology platforms they use to guide and implement their security strategies. The directory will be continually updated and expanded globally to incorporate international providers.

“Thousands of small and mid-sized businesses globally could benefit from the expertise and support of a traditional CISO, but on a more consultative or part-time basis”, said David Primor, co-founder and CEO of Cynomi. “This is where the vCISO services come in. Our new directory enables businesses to find all vCISO service providers in one place and make an informed choice between the different benefits of the many providers available.”

“Couple of years back we weren’t prioritizing our cybersecurity services, but then we started getting consistent security-as-a-service requests,” said Chris Bevil, CISO of InfoSystems, an MSP located in Tennessee, U.S.A. “We realized that setting up a robust vCISO offering was in our best business interest. In the present climate, this has been a significant boost to our business and positioned us as a leading MSP in our region.”

MSPs and MSSPs offering vCISO services that are not yet included in the directory can submit their details for consideration here.

About Cynomi

Cynomi’s AI-driven platform empowers MSSPs, MSPs and consultancies to offer vCISO services to SMEs at scale and provide them with proactive cyber resilience. Combining proprietary AI algorithms with CISO-level knowledge and knowhow, Cynomi’s platform streamlines the vCISO’s work while automating manual time-consuming tasks including risk assessment, compliance readiness, cyber posture reporting, creation of tailored security policies and remediation plans, as well as task management optimization.

Cynomi helps partners overcome the cybersecurity skill gap and scale their business, allowing them to offer new services, upsell and increase revenues while reducing operational costs. Established in 2020 with the vision that every company deserves a CISO, and with a channel-only approach, Cynomi now serves more than 50 partners worldwide.

To learn more about Cynomi’s solution for MSPs, MSSPs, and cyber consultancies visit www.cynomi.com

The post First Directory of Virtual CISO Providers Launched by Cynomi appeared first on Cybersecurity Insiders.

June 23, 2023 at 03:45AM

Read More

Can we get loan to pay ransom in ransomware attacks

Nope, says a renowned international bank from UK. Instead, the ransom pay can be covered from a cyber insurance policy, provided it is taken prior to the launch of the attack and covers the costs associated with the malware attack.

Moreover, paying a ransom in a ransomware attack is generally discouraged for several reasons:

No guarantee of decryption: There is no guarantee that paying the ransom will result in the recovery of your files or the decryption of your systems. Attackers may not fulfill their promis-es even after receiving payment.

Funding criminal activities: Paying a ransom contributes to the profitability of ransomware attacks, encouraging cybercriminals to continue their illegal activities and target more victims.

Legal and ethical implications: Paying a ransom could potentially put you in violation of laws and regulations, depending on your jurisdiction. Additionally, it can perpetuate a cycle of crim-inal behavior that undermines the security and stability of the digital ecosystem.

Instead of considering payment, it is advisable to take the following steps if you’ve been affected by a ransomware attack:

Report the incident: Contact your local law enforcement agency or a cybercrime reporting or-ganization to report the attack. They can provide guidance on how to proceed and may be able to assist in the investigation.

Notify your bank: Inform your bank about the situation and work with them to protect your accounts and prevent any fraudulent activity.

Seek professional assistance: Contact a reputable cybersecurity firm or IT professional who can help you assess the impact of the attack, remove the malware, and recover your systems and data, if possible.

Enhance security measures: Strengthen your security measures to prevent future attacks. This may include regularly updating software, using strong passwords, implementing multi-factor authentication, and educating employees about cybersecurity best practices.

Remember, prevention is key when it comes to ransomware attacks. Regularly backing up your important data, staying vigilant for phishing attempts, and keeping your systems up to date with the latest security patches can significantly reduce the risk of falling victim to such attacks.

The post Can we get loan to pay ransom in ransomware attacks appeared first on Cybersecurity Insiders.

June 23, 2023 at 11:12AM

Read More

Apple M1 Chips face LockBit Ransomware threat in development

In recent times, there has been a concerning trend of ransomware groups targeting companies and extracting sensitive information. However, the latest development takes this threat to a whole new level. It appears that a criminal gang has gone a step further and established its own research and development (R&D) team with the specific aim of creating a ransomware that can infect Apple M1 chips.

This revelation has come to light through a post by Kaspersky, a prominent cybersecurity company. According to their findings, the LockBit Ransomware group, known for their extensive spread of ransomware, has shifted their focus beyond Windows environments. Their attention has now turned to Apple’s ARM-based processors used in Macs and iPads, and they have begun developing a new architecture to target these devices.

Upon analyzing a sample of the ransomware developed by LockBit, Kaspersky discovered that the gang was utilizing a string encryption method called “One Byte XOR” to exploit the vulnerabilities of unsigned systems.

In March 2023, the FBI released a report stating that LockBit had assembled a team of experts for their R&D efforts, especially after parting ways with the Conti Ransomware gang. With new recruits and substantial funding, LockBit aims to expand its dark operations worldwide.

Despite their efforts to increase their success rate, LockBit has experienced a 30% decline in finances. Western law enforcement agencies have been actively tracking and neutralizing their activities, impeding their illicit gains.

Furthermore, the anonymity of cryptocurrency transactions, once regarded as a refuge for criminals, has significantly diminished. Premium online tools can now trace fund transfers within 18-36 hours, enabling law enforcement to swiftly apprehend the individuals behind them.

According to information obtained by our Cybersecurity Insiders, it appears that the next target for these criminals will be the Internet of Things (IoT). This development could lead to serious consequences, particularly for developed nations like Britain and its neighboring regions, where IoT adoption is widespread.

The evolving tactics of ransomware groups and their relentless pursuit of new targets underscore the need for enhanced cybersecurity measures and international collaboration to combat these criminal activities effectively.

The post Apple M1 Chips face LockBit Ransomware threat in development appeared first on Cybersecurity Insiders.

June 23, 2023 at 11:07AM

Read More