Information security news roundup: Ransomware on the rise in Canada

Cyber attacks have increased at an alarming rate with the current geo-political situation being a major contributing factor. The National Cyber Threat Assessment 2020 published by The Centre for Cyber Security suggested a potential increase across Canada in cyber crimes, ransomware and commercial espionage — particularly against businesses, academic institutions and governments to steal intellectual property and proprietary information.

Let’s look back at some interesting information security and ransomware related news in recent months.

Two Canadian Universities hit by cyber attacks

Simon Fraser University and Lakehead University reported that they were hit by cyber attacks in February.  Although the universities did not confirm whether it was a ransomware attack, they advised students and staff to monitor their accounts, change their passwords and enrol in multi-factor authentication (MFA).

Data breaches can result in the loss of personal, institutional and other sensitive information. Learn how to enrol in MFA to add an additional layer of security to your online accounts.

Hackers getting clever with phishing emails

It is often said that hackers stay one step ahead of you by constantly changing their tactics. In a recent blog post by Mount Royal University, it was reported that phishing emails with fake invoices from MasterClass (an online educational platform) were sent to the university community and hackers asked recipients to respond with their credit card information for a refund.

Often, phishing emails are made to look like they are from a legitimate source, which can lead recipients to respond, causing further damage. Check out the Phish Bowl for examples of phishing emails received by members of the University of Toronto (U of T) community to help you identify and report suspicious emails.

Ransomware attacks increasing at an alarming rate in Canada

A recent article published by MaRS explained how ransomware attacks have been increasing in Canada with small businesses losing up to billions to cyber attacks. In fact, a survey done by Canadian Internet Registration Authority (CIRA) also found that nearly 70 per cent of Canadian organizations that experienced ransomware paid the hackers to regain access to their data.

Last year, U of T launched a ransomware awareness campaign called Expect Ransomware to provide the community with resources, tips and tools to protect their accounts and to stay secure online.

Ransomware is a an ongoing and evolving cyber threat. Stay tuned for the Expect Ransomware 2.0 campaign launching soon that will provide you with updated resources, tips and tools to protect yourself and your loved ones online.

Federal government may make reporting cyber attacks mandatory

Public Safety Minister Marco Mendicino has said that the federal government might make it mandatory for Canadian businesses and organizations to report cyber attacks. Mendicino also emphasized that the current geo-political situation has increased the threat of cyber attacks.

Staying safe and secure online can be done through simple but effective steps. Explore the educational resources on the Security Matters website to learn how to stay secure online.

Bonus read: Isaac Straley, U of T’s Chief Information Security Officer has called for a revamp of the national cyber security strategy in an op-ed published in The Hill Times.

[Phish] Vacant position: virtual personal assistant.

Details:

Subject: Vacant position: virtual personal assistant.

We have an open position for a Virtual Assistant, that is you work remotely,performing various tasks and office support duties.

COVID-19 considerations:

Job is primarily remote at this stage.

Application question(s):

  • What experience (personal or professional) of yours do you think best matches this position and why?

Work remotely:

  • Yes

*TO APPLY: Email your name and phone number to {malicious email added here}

NOTE: Send the email message from your PERSONAL EMAIL ADDRESS (gmail, yahoo etc) and we will send you the job details.

 

If you have received a suspicious email, please report it to report.phishing@utoronto.ca and delete it immediately from your mailbox. Don’t click any links, download attachments or engage with the sender. Please do not forward or share the email with your colleagues and other contacts. Learn more about what to do if you suspect a phishing attempt.

Information security news roundup: Ransomware attacks, text message scams and cyber security training

In recent years, headlines about information security incidents have become increasingly common both nationally and internationally. Cyber criminals steal passwords, personal information and other sensitive data through various types of cyber attacks. Staying up to date with cyber security news and knowing how to stay safe online will help protect your personal information.

Take a look at some interesting information security related news in the recent months.

Making ransom payment no assurance of getting data back: Telus

Ransomware attacks have been making headlines almost daily around the world. According to a recent study by Telus, almost half of surveyed Canadian organizations that suffered a recent ransomware attack paid the attacker in hopes of getting their data back, however, most did not get access back to their data.

Ransomware attacks can have significant impact – in the worst cases, shutting down operations entirely and risking loss of critical information. Learn how you can protect yourself from ransomware.

Winnipeg Regional Health Authority warns public of text message scam

The Winnipeg Regional Health Authority (WRHA) reported that people are receiving text messages claiming to be from the WRHA, asking recipients to click on an e-transfer link. This scam was reported to the Canadian Centre for Cyber Security.

This form of phishing that uses fraudulent text messages is called “smishing”. Learn more about the types of scams and frauds and how to protect yourself.

Panasonic Canada acknowledges cyber attack

Japanese electronics conglomerate Panasonic has reported that its Canadian operations were struck by a cyber attack in February after ransomware-as-a-service (RaaS) gang Conti leaked its data to the dark web. The company confirmed that action was taken to address the issue with assistance from their cyber security experts and service providers.

Check out the educational resources on the Security Matters website to learn how to stay safe online.

Cyberbreach at Rideau Hall was ‘sophisticated’ intrusion, internal documents reveal

In December 2021, Rideau Hall reported a breach of internal networks in the office that supports the governor general. Now, new documents have revealed the breach was a sophisticated cyber incident, although the office was unable to confirm the extent of the information that was accessed.

Cyber breaches can lead to loss of sensitive data and reputational damage. Timely reporting of incidents can help mitigate their impact.

University of Calgary and Raytheon Canada partner to open new cybersecurity training centre

The new Canadian Cyber Assessment, Training and Experimentation Centre (CATE) will support students in building their skills in cyber security.

At U of T, building a security aware culture is critical for protecting individuals and the university against security threats. Recently, the University partnered with the Canadian Internet Registration Authority and ORION to pilot an Information Security Awareness platform as part of building a security aware culture at U of T.

For more tips on staying safe online, visit the Security Matters website.

Don’t fall for online job scams

Job offer scams are a form of phishing used to take advantage of students and new graduates who are seeking employment.

Job offer scams typically work like this—you receive an unsolicited email that invites you to apply for or start a job with a high-paying salary. In most cases, the hacker asks for various forms of information from personal information to banking information, which can be used for financial and identity theft.

This week, many members of the University of Toronto (U of T) community received a fake job offer email (image below), which asked recipients to provide personal and banking information. Let’s brush up on some of the common red flags to help you identify job offer scams:

Job scam email Jan 2022 feature image

View higher resolution image.

  • Generic emails: Hackers send mass emails in anticipation of getting responses from multiple recipients. Emails from legitimate and trusted sources will always address the recipient by name.
  • Poorly worded emails: Phishing emails can often be identified by poor grammar and spelling. Right from the subject line, this job scam email displayed these flaws. Always make sure to read the email carefully and check for spelling and grammatical mistakes, as well as awkwardly worded sentences.
  • Unsolicited emails: Most companies post job vacancies on their careers portal or legitimate job boards. One way to validate the legitimacy of a job posting is to check for the posting on the company’s official website or job boards. If you didn’t apply for the position and the person contacting you isn’t a recruiter from a reputable company or recruitment firm, the odds are it is a scam.
  • Emails from fake companies: Hackers also use advertising and job listing websites to “recruit” potential victims. Ensure that you do a search online for the company name and check if they have a legitimate physical address.
  • Emails from free email providers: Most companies have professional email addresses and do not use free email providers like Gmail. If you receive a job offer and the email address looks more like a personal email address than a business address, be suspicious.
  • The perfect job offer: If an email states extremely high compensation for a position that requires “no skills or experience, and few hours to work” and seems too good to be true, then it is likely a scam.
  • Asking for personal and financial information: While it is true that you have to provide your employer with some forms of identification and banking information before you start your job, if a company is asking you for this information before the interview or in the initial email, the job is likely a scam.

Visit the  Security Matters website for more information on identifying and reporting a phishing attempt.

New phishing email impersonating Information Technology (IT) administration

Phishing emails are designed to trick recipients into taking an action, such as clicking a malicious link or opening a malicious attachment. Hackers may also use tactics like smishing, which attempt to trick the recipients through text messages or SMS.

This week, members of the University of Toronto (U of T) community received an email impersonating U of T’s IT administration that asked recipients to respond through SMS. Please note that any technology upgrades or updates will always be communicated by your division or department through official U of T channels prior to deployment.

Sense of urgency is a big factor that hackers use to get recipients to take action. You will be able to identify and report phishing by taking a moment to review your emails for common red flags.

The image below marks the red flags to look out for:

Smishing attack with red flags

Hackers are constantly adopting new techniques to steal information, so it is imperative that we stay alert and aware to better protect ourselves online.

What to do if you receive a suspicious email

  • Review the common red flags.
  • Do not act on any of the email prompts including clicking the link, providing personal information, opening the attachment or sending SMS.
  • Forward the email to report.phishing@utoronto.ca and then delete it from your inbox.
  • If you already engaged with the email, please contact security.response@utoronto.ca  immediately for assistance.

Visit the Security Matters website for more information.

[Phish] You have got an urgent message from the University of Toronto.

Details:

Subject: You have got an urgent message from the University of Toronto.

Text:

Dear User,
This is to let you know that our web-mail server will be upgraded and maintained soon.

If you don’t want your e-mail account to be terminated during the upgrade,

Send “UTORONTO–UPGRADE” to *malicious phone number inserted here*

You will receive instructions on how to upgrade your account via text message.

If you do not comply with the above, your email access will be disabled.
Please accept our apologies for any inconvenience this may cause.

 

Regards
System Administrator
The University of Toronto

[Phish] 50141497*** Received -TSID: Powells WellCare Received on January 3, 2022, 3:22:33 PM

Details:

Subject: 50141497*** Received -TSID: Powells WellCare Received on January 3, 2022, 3:22:33 PM

Text:

New Voicemail Received.

Date received Monday, January 03, 2022
Caller Number *Malicious number inserted here*
Duration 00:00:54
Reference 1783-829-66312TD

 

To listen to this voicemail, click on the attachment in this email.*Malicious link attached as voicemail*

[Phish] You have got an urgent message from the University of Toronto.

Details:

Subject: You have got an urgent message from the University of Toronto.

Text:

Dear User,

This is to let you know that our web-mail server will be upgraded and maintained soon.

If you don’t want your e-mail account to be terminated during the upgrade,

Send “UTORONTO–UPGRADE” to *malicious phone number inserted here*

You will receive instructions on how to upgrade your account via text message.

If you do not comply with the above, your email access will be disabled.

Please accept our apologies for any inconvenience this may cause.

Regards

System Administrator

The University of Toronto

New wave of phishing attacks

Access to a diverse range of data from sensitive personal information to confidential research data, has made the University of Toronto (U of T) a popular target for various cyber-threats including phishing.

Last week, more phishing attempts were reported as targeting the U of T community. The rising occurrence of phishing campaigns should serve as a reminder to stay aware and learn how to identify and report phishing.

Job scam emails

Job scam emails are crafted with the intent of gaining access to personal or institutional information. They are usually unsolicited and masquerade as employment offers to captivate the recipients’ interest. Often, hackers pretend to be from a well-known and legitimate company to convince recipients to respond to their email. These emails usually prompt recipients to reply to the message, click on a malicious link or download an attachment.

Unsolicited emails with employment offers that seem too good to be true should be treated with suspicion. Legitimate companies typically post vacancies with detailed job descriptions and department information on their official website or a trusted job search website. Qualified candidates are then contacted for interviews via official channels of communication.

Below are the two job scam emails that were sent to U of T community members. Review the emails to identify some of the red flags:

Phishing email impersonating U of T HR department for job scam

Image 1: This phishing email impersonates a U of T staff member and contains a malicious link.

Phishing email impersonating U of T HR department

Image 2: This phishing email impersonates a U of T staff member and contains a malicious phone number to respond.

The second email takes a more sophisticated approach as it attempts to get the recipient to respond through a text message. This is called smishing, a type of social engineering where cyber criminals attempt to trick the recipients through text messages. Like phishing, smishing depends on tricking recipients into co-operating by texting or providing personal information.

Spoofing and spear phishing

Email spoofing is a technique hackers use to make phishing emails appear to be from a trusted and legitimate source. For example, the email below (image 4) appears to be sent from Microsoft, however, it includes an urgent prompt to click on a malicious link leading to a spoofed login page. Hackers attempt to mislead recipients into providing their username, password and other important information.

Sometimes, hackers target an individual or a small group within an institution. These emails often address the recipient by name and include personalized language. This is called spear phishing and can be hard to spot without close inspection.

Review the emails below to identify the red flags:

Phishing email about voicemail containing malicious attachment

Image 3: This phishing email tries to trick the recipient into thinking they have a voicemail, which is a malicious attachment.

Phishing email mimicking MS Office password expiry notice

Image 4: This phishing email mimics a system-generated password expiration email from Microsoft and contains a malicious link.

Please note that any information about technology upgrades or updates will always be communicated by your division or department through official U of T communication channels.

Phishing continues to be one of the most prevalent forms of social engineering. For more information about protecting yourself online, please visit https://securitymatters.utoronto.ca/.