Top 7 Cyber News Stories You Need To Know About In January 2022

Here are the top 7 stories you need to know about this week.

‍

Canada Critical Sectors Are Becoming Huge Targets for Ransomware.

There were 235 known ransomware incidents against Canadian organizations in 2021. Over half of them targeted critical infrastructure providers, like health care, energy and manufacturing.

“Ransomware operators will likely become increasingly aggressive in their targeting, including against critical infrastructure,” said the report issued by the Canadian Centre for Cyber Security, a unit of CSE. (Aljazeera)

My thoughts: I’ve read many articles on how hackers want to attack critical infrastructures because of how desperate we are to get them back up and running. Therefore, organizations are more likely to pay the ransom in order to restore operations. What’s also interesting is how more cyber criminals are attacking infrastructures than encrypting personal data.

Would you report a ransomware attack?

“The Communications Security Establishment (CSE) and the RCMP are urging Canadian businesses to upgrade their cyber security — and to report any ransomware attacks, even if they decide to pay the hackers.” (Global News)

My thoughts: I think it’s important to note that organizations not disclosing their ransomware attacks reduce visibility into the extent of the Cyber Pandemic. We obviously understand why companies would keep it on the down low. I just find it interesting that the CSE and RCMP are urging organizations to report attacks. It’s indicative of how serious of a situation this is becoming.

New Average Cost of a Ransomware Attack.

“The average cost of recovering from such attacks has increased even more dramatically — from $970,000 in 2020 to $2.3 million in 2021, the agency said.” (Global News)

Thoughts: Lovely fun fact for the day.

Ubisoft Announced a Data Breach in December 2021.

Unknown actors breached Ubisoft’s popular video game, Just Dance. Ubisoft suspects the hackers may have copied personal data of the game’s users. However, they have not yet confirmed. The hackers got in through a misconfiguration that Ubisoft quickly fixed. (The Daily Swig)

My thoughts: How would you react to find out your personal information was compromised and potentially spread across the internet?

Desjardin Class Action Lawsuit Update.

Back in 2019; remember when 4.2 million people’s personal information was leaked by an internal employee at Desjardins? Well, those customers were not very happy and filed a class action lawsuit.

Understandably.

According to reports, in December 2021, Desjardins settled for $201 million (not final number though) because later it came out that 9.7 million people were actually affected. (Bonkers). (CBC)

My thoughts: When organizations think of a ransomware attack, they often think about how much it would cost them internally to remediate the issue. Rarely do companies think about their end-users or clients and how they will react. This lawsuit is a great example of how end-users or clients can retaliate and ask for retribution ultimately adding more unforeseen cost to this unfortunate event.

The Log4J Vulnerabilities

It was revealed that the Log4j vulnerabilities led to a series of unfortunate events including the Biden Administration being affected as well as Vietnamese crypto trading platform ONUS. The vulnerability has the potential to gain access of remote devices. (Politico)

My thoughts: This story gets so messy, it’s worth the read. The next point ties in well with this story.

The Increasing Importance of Protecting IoT Devices

The benefits of IoT devices are countless and it’s estimated that 127 new IoT devices go online every single second (Security Weekly). That’s a lot! The use of cloud-based devices is increasing rapidly, but network-connected devices are posing many risks. Organizations overlook protecting these devices. So, the first step is to identify the vulnerabilities. Often unmanages & unprotected devices include:

• Office equipment
• Automation sensors for buildings
• Personal consumer devices
• VoIP phones
• Smart tv screens and monitors
• Bluetooth keyboards
• Headsets
• HVAC systems
• Security systems
• Lighting systems
• Cameras
• Vending machines (You’re probably laughing at this one but it’s happened…many times! Just type in ransomware vending machine and all kinds of stories pop up. Here’s a recent one.)
• Smartphones
• Gaming consoles
• Smart speakers
• Medical devices
• And so many more

The second step is considering IoT devices as part of your cyber resilient strategy. Not something to overlook especially in manufacturing, transportation and agriculture.

Share the news with your network.

‍

__________________________________

Access The Untold Stories of IT Professionals.

Assurance IT launched IT Spotlight - a weekly newsletter putting the spotlight on IT professionals. Get the inside scoop on their careers, their predictions in the industry and more. Once a week, every week, find out what other IT professionals are up to. Learn more here.

‍