Exfiltration the theft of data is now a dominant strategy in ransomware,  ransomware groups continue to attack critical infrastructure and a fast food chain proposes the value of your personal data is about the price of a coffee and a donut. 

Welcome to CyberSecurity Today, I’m Jim Love, CIO of IT World Canada filling in for the vacationing Howard Solomon.

Blackfog, a global security company that focuses on software to prevent data exfiltration  released its State of Ransomware report for July 2022. The report noted that there appears to be a decrease in public notifications of ransomware attacks, a trend reported in other studies. But does this indicate that that there has been a slowdown in ransomware attacks?

Blackfog says that there are “seeing an increase in nonpublic attacks suggesting that there are many incidents that remain unreported”

Of the 180 incidents that Blackfog noted in their report only 20 were reported in the media.

Their research also found a “continued increase in the total number of attacks that exfiltrated data, now at 88% of all attacks, as more cybergangs focus on extortion than encryption.”

The report also noted that some sectors, namely education and government “continue to be highly targeted” with 21% and 20% increases respectively.  But they also noted that attacks on the technology sector increased by 14% and “for the first time this year overtaking the manufacturing sector.”

The report also reinforces what we’ve commented on before when it says,  “Attackers are still focused on sectors with the weakest protection and lowest investments in cybersecurity and aging infrastructure.”

You can find the report at this link.  Registration may be required.

The ALPHV ransomware gang, aka BlackCat, claimed responsibility for a cyberattack against Creos Luxembourg S.A. last week, a natural gas pipeline and electricity network operator in central Europe – according to a report in Bleeping Computer.

Creos’ owner, Encevo, who operates as an energy supplier in five EU countries, announced on July 25 that they had suffered a cyberattack the previous weekend, between July 22 and 23.

While the cyberattack had resulted in the customer portals of Encevo and Creos becoming unavailable, there was no interruption in the provided services. 

It appears that the real focus of this attack was data exfiltration and NOT data encryption.

The company website confirms the attack but notes that they are does not yet “have all the information necessary to personally inform each person concerned” but they do recommend that those who use their portals change their id and passwords regardless.

The group that has claimed credit for the attack called ALPHV/Black Cat which is believed to be a “rebrand” of  the former BlackMatter and DarkSide gangs. You might remember DarkSide as having been shut down when authorities went after them for attacking and shutting down Colonial Pipeline. After that, the gang has tended to leave large US firms alone and instead focused on European companies.

But the group is still attacking critical infrastructure – the very thing that made them a target of international law enforcement. They also attacked a German petrol supply firm in February.

It remains to be seen if the latest attack will draw the same focused attention from European authorities as it did with Colonial Pipelines.  The company’s website does note that it has reported the attack to the authorities.

How much is your personal data worth?

Listener’s will remember that the Canadian fast food chain Tim Hortons, was in the spotlight when it was reported that it used its mobile app to collect “vast amounts of sensitive location data” in violation of Canadian privacy laws. 

Privacy Commissioner of Canada, Daniel Therrien described the infraction in these terms.- “Tim Hortons clearly crossed the line by amassing a huge amount of highly sensitive information about its customers. Following people’s movements every few minutes of every day was clearly an inappropriate form of surveillance. This case once again highlights the harms that can result from poorly designed technologies as well as the need for strong privacy laws to protect the rights of Canadians,”

The company has reported that it has reached a proposed settlement in the resulting class action lawsuits.  To make amends for  tracking users and recording their movements “every few minutes” even when the app was not open, Tim Horton’s is proposing:

“As part of the proposed settlement agreement, eligible app users will receive a free hot beverage and a free baked good. Distribution details will be provided following approval, in the event that the court approves the settlement,” the company said in a recent email sent to all affected users.

The value has been reported at approximately eight dollars and fifty cents in Canadian dollars per person.  So now you know what your personal data is worth – not much more than a coffee and donut.

That’s Cyber Security today for Wednesday, August 3rd, 2022

Follow Cyber Security Today where ever you get your podcasts – Apple, Google or other sources.   You can also have it delivered to you via your Google or Alexa smart speaker.

Links from today’s podcast will be posted in an article on itworldcanada.com on our podcast page. 

I’m Jim Love, CIO of ITWC, publishers of IT World Canada and creators of the ITWC podcasting network.  I’m also host of Hashtag Trending, the Weekend Edition where I do an in depth interview on topics related to information technology, security, data analytics and a host of other topics.  If you’ve got some extra time after you’ve listened to Howard’s great weekend interview, check us out at itworldcanada.com podcasts or anywhere you get your podcasts.

I’ll be back on Friday with the next edition of CyberSecurity Today.

The post Cyber Security Today for August 3rd, 2022 – Exfiltration, ransomware attacks critical infrastructure and “What is your personal data worth?” first appeared on IT World Canada.

Leave a Reply