hackers Archives - IPOsgoode /osgoode/iposgoode/tag/hackers/ An Authoritive Leader in IP Thu, 17 Mar 2022 16:00:59 +0000 en-CA hourly 1 https://wordpress.org/?v=6.9.4 Hackers aren't only in Movies?! The Rise of Ransomware Incidents in Canada and what Canadians can do about it /osgoode/iposgoode/2022/03/17/hackers-arent-only-in-movies-the-rise-of-ransomware-incidents-in-canada-and-what-canadians-can-do-about-it/ Thu, 17 Mar 2022 16:00:59 +0000 https://www.iposgoode.ca/?p=39290 The post Hackers aren't only in Movies?! The Rise of Ransomware Incidents in Canada and what Canadians can do about it appeared first on IPOsgoode.

]]>
Emily Xiang is an is an IPilogue Writer, President of the Intellectual Property Society of Osgoode (IPSO), and a 2L JD Candidate at Osgoode Hall Law School.

Imtiaz Karamat is an IP Osgoode Alumnus and Associate Lawyer at Deeth Williams Wall LLPwhopractices in the areas of intellectual property and information technology law.

This article was on the OBA’s Information Technology and Intellectual Property Law Section’s .

The threat of cyber attacks is no longer restricted to TV shows and movies, with cyber security incidents like ransomware attacks becoming far more frequent in daily life. While the COVID-19 pandemic may have slowed many aspects of society, ransomware has seen a marked increase in recent years around the globe – and Canada is no exception.

THE GROWING RANSOMWARE THREAT

Ransomware incidents involve threat actors infiltrating an organization’s defenses and deploying malware to prevent the company from accessing its information. Though the specific tactic may differ between threat actors, users will ultimately find themselves unable to access vital data and key systems unless the organization pays a ransom to the threat actors, usually in the form of digital currency. During the incident, threat actors may also extract data from the company’s network, which can have serious privacy consequences for the organization and its customers. Not only will their data be in the hands of an unknown party, but in many cases, threat actors may threaten to publish the exfiltrated information online if the organization refuses to provide them with payment.

Ransomware saw record-breaking numbers last year. By the end of the first half of 2021, global ransomware attacks hadby 151% as compared to the previous year, with ransom payments of up to CAD$48.4M being paid out to hackers. In Canada, the Canadian Centre for Cyber Security (the Cyber Centre) has knowledge of at leastthat occurred over the course of 2021 (though, it is important to note that the majority of ransomware attacks go unreported). Out of the known ransomware incidents that were reported to the Cyber Centre, more than half involved critical infrastructure providers. However, the Office of the Privacy Commissioner of Canada (the OPC) stressesfrom an attack, as incidents of ransomware have occurred indiscriminately since 2020 in not-for-profit, professional, financial, transportation, manufacturing, and retail sectors.

The increase in ransomware incidence and scope in recent years is partly attributed to the growing sophistication with which cyberattacks may now be conducted. A number ofin ransomware have arisen, and are rapidly changing the cybercrime landscape. For instance, ransomware-as-a-service (RaaS) is a model that allows developers to sell and/or lease ransomware to cybercriminals whilst being paid a percentage of the profit. These kinds of schemes allow an increased number of unskilled threat actors to get a hold of sophisticated ransomware technology, while providing skilled attackers the opportunity to profit from the mass distribution of their work. The world has also seen an increase in victims of high-impact targeting, wherein more targeted attacks are being launched at supply chains and essential services in order to maximize potential victims and profits. For instance, many threat actors have leveraged the COVID-19 pandemic to aim at high-impact targets that have become especially vital in current circumstances, such as emergency medical services and law enforcement agencies. As stated by chief information officerat UTHealth in Houston, “[a]ttackers [targeting hospitals] understand that we’re talking about life and death. There’s a great incentive to just pay and get the thing unlocked so we can treat patients.” In finding more opportune ways to breach vulnerable organizations, threat actors are demonstrating that their targeting schemes are becoming increasingly sophisticated, as well as strategic.

SEVERE FALLOUT FROM ATTACKS

Ransomware attacks may have far-reaching implications on company operations. On May 7th, 2021, American oil companyfell victim to a ransomware attack that immobilised several of its computerized equipment systems. As a result, operations for the largest fuel pipeline in the US were temporarily suspended, resulting in price spikes and fuel shortages for millions of Americans. Even more recently, global human resources company Ultimate Kronos Groups (UKG) was also hit with a ransomware attack on December 11th, 2021, resulting in a worldwide shutdown of their cloud services. The incident impacted millions of users, with employees who relied on UKG’s cloud system reporting paychecks short by, as their employers struggled to find alternative means for managing payroll. Kronos is known totens of thousands of organizations – including half of the Fortune 100 – and more than 40 million people in over 100 countries everyday, including businesses in Canada.

A CALL FOR ACTION

The Cyber Centrethat ransomware will continue to pose a threat to national security and economic prosperity in 2022. They also predict that threat actors utilizing ransomware will likely become increasingly aggressive in their operations and targeting schemes. Similarly, the OPCthe potential harm that can result from this type of attack and considers such incidents to meet the real risk of significant harm threshold under thePersonal Information Protection and Electronic Documents Act. As part of an ongoing, national effort to mitigate the effects of ransomware and related cyber threats, theto take this matter seriously and address it head-on through adopting proper security measures.

PREPARING FOR RANSOMWARE ATTACKS

Cyber Security Preparations

To assist organizations in their cybersecurity preparation, the Cyber Centre recently released a(the Playbook) with guidance on how to defend against and recover from cyberattacks. It recommends that businesses implement cyber defence planning strategies, such as preparing multiple backup systems ahead of time. Backup systems provide organizations with a copy of their data, which can then be used for restoration activities in the wake of a ransomware attack. When developing a plan for implementing backup systems, it may be useful to contemplate the frequency and extent that the data should be backed up and storage considerations for the backup systems. The Cyber Centre advises that backups stored online within the organization or on a cloud platform are more commonly susceptible to ransomware attack, while backup systems stored offline, in a separate physical location from the main business site and disconnected from its networks, offer the most protection against ransomware incidents.

In addition to preparing backups, the Playbook has details on different cyber security controls that can be implemented as part of the organization’s defenses. For example, having multi-factor authentication (MFA) in place on company devices may assist in thwarting off threat actors. It may also serve to hinder threat actors from gaining full access to target systems in the event thattheyaresuccessful in getting past initial IT defenses. In addition to MFA, businesses may want to consider having a system that can continuously monitor their network and establish an acceptable baseline of activity. This can be used to flag anomalies in activity patterns and sound the alarm when there is a potential risk to the organization.

Planning Ahead

Apart from having technical controls, it may be prudent to consider creating plans that serve as reference guides during ransomware incidents. The Cyber Centrecreating an incident response plan that is geared towards cyber defense strategy, including detecting and responding to an attack. The incident response plan can include the objectives, stakeholders, responsibilities, communication methods, and escalation processes that are involved in the response strategy. To formulate this plan, organizations may want to conduct a risk assessment of their assets and identify the potential consequences that would result from them being compromised, so as to discern the business’ response priorities. When drafting the incident response plan, it may be beneficial to keep the plan simple and flexible, so that it can be easily adapted to the circumstances of the actual event.

To compliment the incident response plan, businesses could consider developing a disaster recovery plan that focuses on resuming operations after a ransomware incident. The Cyber Centrethat an effective plan should identify the entity’s critical information (e.g. financial records, proprietary assets, etc.), their most essential systems that are required for business continuity, and their most vital business functions. Once a plan is formulated, multiple trial runs should be conducted to determine potential areas for improvement.

More Options

In addition to the above ransomware-specific guidance, themay offer insight for organizations looking to improve their cybersecurity foundation. This program is mainly aimed at small and medium-sized businesses, but welcomes enrolment from all organizations in Canada. As part of the program, businesses are required to adopt measures in certain baselinethat reflect industry-accepted best practices and target key considerations for the organization’s systems and employees. Furthermore, implementing these controls has the added benefit of fulfilling prerequisites for the Government of Canada’s. The certification is valid for two years and can beat the organization’s physical location and on its website to let others know that their business has met the standard.

CYBER INSURANCE

When preparing for ransomware attacks, organizations may want to consider how they would fund response efforts in the event that a threat actor manages to get through their defences. Though a business is already insured, traditional insurance policies may provide limited or no coverage for cyber attacks. Reviewing one’s current insurance policy and acquiring adequate cyber coverage where it is lacking is a crucial step that should not be left out of any discussion on ransomware preparation.

MOVING FORWARD

In our current technological landscape, ransomware attacks and other cyber security incidents have unfortunately become a daily reality of doing business in Canada and around the world. In light of the rising threat, organizations are encouraged to approach the matter with equal tenacity. By taking the appropriate proactive measures, we can better safeguard our activities and mitigate the impact of ransomware attacks on our businesses.

The post Hackers aren't only in Movies?! The Rise of Ransomware Incidents in Canada and what Canadians can do about it appeared first on IPOsgoode.

]]>
Cyber Horrors: Ransomware and You /osgoode/iposgoode/2021/08/12/cyber-horrors-ransomware-and-you/ Thu, 12 Aug 2021 16:00:34 +0000 https://www.iposgoode.ca/?p=37997 The post Cyber Horrors: Ransomware and You appeared first on IPOsgoode.

]]>
Photo by: (Unsplash)

Natalie BravoNatalie Bravo is an IPilogue Writer and a 2L JD Candidate at Osgoode Hall Law School.

Do you ever get weird emails that are poorly-veiled attempts? Strange requests for payments? These phishing attempts are occurring more frequently, but they are just the tip of the ransomware iceberg. Cybersecurity breaches are a serious concern and the ever-evolving technological landscape is an endless playing field for dedicated malicious actors. Widespread breaches exemplify the need to updated software and security policies across all sectors which use online services. With the pandemic and many working from home, these attacks are on the rise. The Canadian Centre for Cybersecurity reported that ransomware is an and

Many Canadians have not heard of , a malicious software (“”) that attacks computers by user files so that malicious actors can request monetary ransom to decrypt or unlock the files. These are typically, though not always, carried out by an unauthorized or unknown transfer of a Users may download and/or open a file that appears legitimate and unknowingly infect the operating system with malware. Accompanying ransom demands are usually requested in the form of Bitcoin due to the presumed anonymity of the transactions. The use of Bitcoin is rampant in these types of attacks – so much so that they have impacted (“K۰”) . Sometimes hackers . In a recent report, McCarthy Tétrault’s Cyber/Data Group estimated that Canadian organizations . Ransomware attacks damaging more than finances as they can disrupt operations and corrupt or destroy sensitive data. During the pandemic, hospitals are of utmost concern. The click of an ad, a visit to a website, or a simple file download could risk your data.

In 2017, a high-profile ransomware attack named devastated various organizations worldwide. The automatically spread throughout networkers and did not require users to open or download any files. It encrypted user files and demanded Bitcoin ransom payments to decrypt them. WannaCry targeted “end of life” or outdated versions of and exploited certain vulnerabilities within the software. Operating systems must frequently be updated to implement security patches that prevent such exploits. However, updates for older computers are usually discontinued as technology progresses. Microsoft quickly released further following the mass attack. The international event was and reported to have impacted more than 200,000 computer systems and caused an estimated hundreds of millions to billions of dollars in damage. The WannaCry attack affected organizations such as factories, telecommunication companies, hospitals, governments, and delivery systems. Years later,

WannaCry was terrifying when it happened, but many more concerning high-profile cybersecurity attacks have occurred within the past year . Just imagine . Some alarming events in the past three months include the following:

  • In May 2021, the largest petroleum pipeline in the United States, Colonial Pipeline is reported to have been hacked via a . The password had access to the company’s internal network and was also unfortunately leaked on the dark web. The hackers utilized the credential to attack and extort Colonial Pipeline. The systems started to shut down and the ransom demanded was $4.4 million in payment. The company stated they had no choice but to
  • In June 2021, one of the largest meat producers in the US, JBS made the difficult decision to pay the $11 million USD ransom in Bitcoin to resume plant operations.
  • On July 4th, 2021, the ‘,’ allegedly conducted by Russian-associated hackers REvil, hit during the US holiday weekend. Kaseya, a software firm, was targeted in the . Supply-chain attacks, in brief terms, involve compromising a trusted supplier therefore sabotaging the distribution system. The Kaseya attack largely affected US businesses, but Canada was also impacted. Between 800 and 1,500 organizations across the globe were impacted and essentially paralyzed. They demanded from affected users/companies and expressed some willingness to .

It is difficult to know what will happen next with technology, computers, and software. It is best to be proactive and cautious. I have compiled some tips, supported by and the , to help keep your data and your employer’s networks safe:

  • Check your computer(s) for updates frequently, and make sure your operating system is still receiving new updates.
  • Back up your data periodically and preferably offline. If you are targeted and your data becomes inaccessible, you will feel so much better knowing you had a back-up or two handy.
  • Make sure you are running a trusted anti-virus program, sometimes they are installed on your computer.
  • Understand how to your data in the event of a breach and practice the recovery methods.
  • Keep your passwords safe and unique - reusing passwords is never a good idea.
  • Familiarize yourself with common types and methods of malware. You can find a handy list .
  • Contact your organization’s IT department whenever you see anything suspicious, just in case.

Stay safe, don’t interact with strange emails, and always update and backup if possible! Feel free to comment below any tips or advice you may have.

The post Cyber Horrors: Ransomware and You appeared first on IPOsgoode.

]]>