Week of February 9th, 2024

Welcome to Your Cybersecurity Recap: a bite-sized weekly newsletter by cybersecurity enthusiasts, for cybersecurity enthusiasts.

Here are this week’s top takeaways:

Over 3 Million Toothbrushes Have Been Infected With Malware (...Or Did They?)?

When it comes to DDoS attacks, no smart device is safe–not even dental hygiene ones.

In a report first released by Swiss newspaper Aargauer Zeitung , an approximate three million smart toothbrushes were reported to have been used by threat actors to execute a sophisticated Distributed Denial of Service (DDoS) attack. While this attack has since been debunked, it serves as a valuable reminder for how precautions need to be taken with all Internet of Things (IoT) devices.

In the original report, a claim was made that this DDoS attack knocked out a Swiss company for several hours, costing millions of euros in damages. How? The compromised toothbrushes, once investigated, were supposedly revealed to be running Java, a popular language for Internet of Things (IoT) devices. Once infected, this global network of hacked toothbrushes launched their successful attack…until an update was released stating that this hypothetical DDoS attack had been reported as having actually occurred.?

With similar attacks having been successfully launched in the past, this “illustration of a hypothetical attack ” is a vital reminder to safeguard even the most innocuous of devices in both your home and office. Experts recommend to adhere to the following best practices for IoT devices:

• Never charge devices at public USB ports
• Update your devices frequently
• Pay attention to if the battery is abruptly draining faster than normal, which may indicate malware running
• Avoid connecting to public WiFi?

Research has revealed a staggering 109% increase in DDoS attacks beginning in 2022, with continued studies indicating that this trend will only continue to ramp up in 2024 and beyond.? Market outlook studies further predict that the DDoS protection market will grow in the forthcoming years due to the rise of DDoS as a Service (DaaS) cybercrime groups, the result in an increased demand for cloud-based and hybrid DDoS protection solutions, and a rise in multi-vector DDoS attacks.

Canada Will Be Grading Your Cyber Resilience. Here’s How to Get a Passing Mark?

It’s official: the Canadian government’s cyber authority has started using a U.S. company’s security ratings platform to internally rank cyber threats using a grading system.

The Canadian Centre for Cyber Security (the Canadian government’s authority for advising federal departments as well as critical infrastructure providers on cybersecurity concerns) has contracted to use SecurityScorecard’s security ratings platform. This grading system is intended to assist the Cyber Centre in educating critical infrastructure owner-operators on the cybersecurity risks their organizations face.?

The result is the ability to quickly measure and quantify the cyber risk of any critical infrastructure entity through the use of an “A” through “F”? rating system that uses continuously monitored threat intelligence data. This scoring is only for critical infrastructure operators and will not be made public.

“According to the World Economic Forum, critical infrastructure remains the prime target for threat actors. Our partnership with SecurityScorecard provides us with authoritative and trusted data on critical infrastructure and insight to manage such risks at scale. We are committed to increasing the confidence of Canadians in the critical systems they rely on daily, offering support to critical infrastructure networks and other systems of importance to Canada. This will help the Cyber Centre ensure we can provide tailored support to critical infrastructure owner-operators vital to the security of Canada.”

The thorough use of penetration testing, investing in Employee Awareness programs, and quality cyber insurance are all key factors that contribute to a passing grade under this system.

Ransomware Attacks Are Expected to Intensify. The Culprit? AI?

Ransomware continues to be one of the most damaging cyber threats organizations are facing around the globe– a threat that artificial intelligence (AI) will continue to further exacerbate, a new report published by the National Cyber Security Centre (NCSC) states.

“AI is already being used in malicious cyber activity and will almost certainly increase the volume and impact of cyberattacks –including ransomware–in the near term,” reads the NCSC report. “As this report shows, the threat is likely to increase in the coming years due to advancements in AI and the exploitation of this technology by cybercriminals.”

James Babbage, director general for threats at NSA, added: “AI services lower barriers to entry, increasing the number of cybercriminals, and will boost their capability by improving the scale, speed, and effectiveness of existing attack methods.”

According to Sophos' State Of Ransomware in 2023, 97% of organizations hit by ransomware were able to regain access to their data. On the surface, this seems like a promising statistic. However, the same report notes that 46% of organizations paid ransom to get it back while recovery using backups dropped slightly from 73% to 70%. The mean recovery cost was USD $2.6 million when the ransom was paid compared to a still very high $1.6 million when using backups. While organizations cannot prevent being attacked by ransomware gangs, they can and should do more to prevent a successful ransomware attack.

Some of 2024’s top ransomware tactics include, but are not limited to:

• Faking To Have Stolen A Victim's Data: In some cases, cybercriminals demand ransom for not publicly releasing data they haven't even stolen. Known as Phantom Incident Extortion (PIE), threat actors may impersonate known cybercrime gangs, such as Silent Ransom Group (SRG), a subset of the Conti syndicate, or the Surtr ransomware group adding weight to their threats. The threat actors demand a ransom payment from the victim in exchange for not exposing the allegedly stolen data. In these attacks, the demanded ransom is typically far less than the potential damage that could result from public exposure of the data
• Demanding Ransom Without Encrypting Files: In this fake ransomware campaign observed by Securi, website owners were presented with a ransom note on their homepage while further inspection revealed that no files were actually encrypted
• Fake Ransomware Wiper Malware: All of the examples of fake ransomware above would be preferable to the real thing. Here is one example of fake ransomware that isn't. Fake ransomware CryWiper and NotPetya are two examples of malware designed to destroy data but then post a ransom note trying to extract funds from the victim. Even if the victim pays up, they cannot recover their data
• Fake Ransomware Attack To Hide Financial Fraud: In another less publicized story, an organization conducting financial fraud hit itself with fake ransomware to claim that it lost access to all its financial records