ISA is committed to keeping the security community up to date with the latest cybersecurity news.
ISA featured at IBM Think Summit Canada on October 22
IBM’s Think Summit Canada offers a forum that helps businesses envision how they will accelerate recovery and transformation post-pandemic. The free virtual conference features four tracks: “Unlock Cloud and AI”, “Building a Smarter Business”, “Security & Cyber Resilience”, and “Think Gov”.
ISA Cybersecurity is proud to participate in the Security & Cyber Resilience – Innovation Sessions content stream. On October 22nd at 1:40pm, ISA’s EVP, Enza Alexander, will share how a leading Canadian energy provider optimized their SOC and SIEM with the partnership of ISA Cybersecurity and IBM. Register today.
More good news in the fight against cybercrime
On October 15, the U.S. Department of Justice issued a release announcing that charges have now been laid against 20 members of an international money laundering group known as QQAAZZ.
The group has connections to some of the largest malware operations in the world, including TrickBot, which itself was disrupted by legal action from Microsoft and other tech partners earlier this month.
“Cybercrime victimizes individuals and companies all over the world, so our work to identify and disrupt cybercriminals requires global collaboration,” said U.S. Attorney Scott W. Brady in the release. “For the past several years, law enforcement from 16 countries has been conducting coordinated investigations of this criminal gang, and now parallel prosecutions will commence in the United States, Portugal, United Kingdom and Spain. As this case demonstrates, we will be relentless in our pursuit of cybercriminals regardless of where they reside.” The international investigation was code-named “2BaGoldMule” by Europol, the European Union’s central law enforcement agency.
According to the Department of Justice, members of the cabal operated a global network of bank accounts that allowed malware operators to launder money stolen from hacked or compromised user accounts. To anonymize the transactions even further, the funds “were then transferred to other QQAAZZ-controlled bank accounts and sometimes converted to cryptocurrency using ‘tumbling’ services designed to hide the original source of the funds. After taking a fee of up to 40 to 50 percent, QQAAZZ returned the balance of the stolen funds to their cybercriminal clientele,” according to the release.
Cybersecurity community website Bleeping Computer provides further details and graphics illustrating how the transactions took place.
Barnes & Noble suffers cyberattack
Major bookseller Barnes & Noble has confirmed a cyberattack that occurred on October 10. According to an email sent to their customers, on “Barnes & Noble had been the victim of a cybersecurity attack, which resulted in unauthorized and unlawful access to certain Barnes & Noble corporate systems”. The incident not only affected IT operations, but had a ripple effect that disrupted POS devices in stores, and caused chaos on B&N’s Nook e-book platform. Social media posts suggest that some customers were unable to access their Nook libraries, previous purchases, or the firm’s online platforms for several days.
The bookseller has now restored the majority of its systems, but the full investigation of the cause and consequences of the breach is still underway. The broadcast email sought to assure customers that their financial data and payment methods were protected by encryption-at-rest techniques, but conceded that the “systems impacted… did contain your email address and, if supplied by you, your billing and shipping address and telephone number.” The Q&A in the email also confirmed that transaction histories were on the affected systems. The potential disclosure of this personal information could lead to phishing attacks, or wider abuse of the data to attempt to pivot into other systems.
At first, the Nook outages were blamed on an unspecified “system failure” and that techs were working hard to “get all Nook services back to full operation.” Days later came the confirmation that the system failure was a result of a cyberattack.
Zoom launches end-to-end encryption for all users
Popular videoconferencing app provider Zoom has confirmed that they will be offering end-to-end encryption (E2EE) capabilities starting this week. In their blog post on October 14, they announced that their “end-to-end encryption (E2EE) offering will be available as a technical preview,” which means they will be collecting feedback and comments from users for a period of 30 days before official launch. “Zoom users – free and paid – around the world can host up to 200 participants in an E2EE meeting on Zoom,” continued the post.
E2EE will allow Zoom users to generate individual encryption keys that can be used to encrypt voice or video calls, addressing one of the more significant security concerns that have followed Zoom for months.
In order to use the new security feature, users at both ends of a call/video session must update their apps or client versions, and enable support for E2EE at the user account level. The green security status shield in the software will display a padlock if E2EE is active; otherwise, Zoom will use its default AES 256-bit encryption.
Zoom says they expect to further improve the security of the platform by introducing improved identity management and single-signon capabilities with E2EE sometime in 2021.
Canadian cybersecurity law series continues
IT World Canada recently published the sixth instalment in their continuing “Understanding Canadian Cybersecurity Laws” series. The articles come out of the University of New Brunswick (UNB), written by Melissa Lukings, JD Candidate, Faculty of Law and Dr. Arash Habibi Lashkari, Assistant Professor and Research Coordinator, Canadian Institute for Cybersecurity (CIC). They are consistently excellent quality, well-researched and thorough, and are recommended reading for anyone in the cybersecurity field.
The “Understanding Canadian Cybersecurity Laws” instalments posted so far include:
Privacy and access to information, the Acts (Article 2)
Interpersonal Privacy and Cybercrime — Criminal Code of Canada (Article 4)