Week of May 24th, 2024

Welcome to Your Cybersecurity Recap: a bite-sized weekly newsletter by cybersecurity enthusiasts, for cybersecurity enthusiasts.

Here are this week’s top takeaways:

London Drugs Confirms Ransomware Attack–Showcasing the Value of Dark Web Monitoring

Retail and pharmacy chain London Drugs confirmed this Tuesday that threat actors have demanded a ransom for data that was stolen in a cyberattack that caused their physical locations (almost 80 stores across British Columbia, Alberta, Saskatchewan, and Manitoba) to shutter for over a week.?

While the retailer had previously confirmed that “some employee information ” was potentially compromised in the breach, a representative recently announced that the chain had been the victim of a ransomware attack– and that cybercriminals on the Dark Web were threatening to leak stolen files from its corporate head office if they were not paid.

"We acknowledge these criminals may leak stolen London Drugs corporate files, some of which may contain employee information, on the Dark Web," the spokesperson wrote in a statement. "This is deeply distressing, and London Drugs is taking all available steps to mitigate any impacts from these criminal acts."

The number of Dark Web listings that could harm an enterprise has risen by over 20% since 2016. The increasing number of ransomed data that is being sold to malicious actors on the Dark Web is posing a critical question: “Is your organization keeping track of potentially harmful data leaks that may live on the Dark Web?”

The allure of anonymity within the Dark Web makes it appealing to cybercriminals, enabling the exchange of illicit information, often leading to dangerous outcomes. Cyber threats and data breaches continue to rise, making today’s digital landscape progressively more vulnerable.?

Proactive Dark Web monitoring also involves surveilling discussions pertaining to cyber crime, which often delve into the intricacies of targeting specific organizations, people, networks, or systems. Monitoring enables organizations like yours to stay one step ahead of cybercriminals by identifying emerging threats, mitigating risks, and assisting you in fortifying your defenses against evolving attack vectors.

Is your team interested in the benefits of Dark Web Monitoring? Reach out to the Packetlabs team today to learn more about how to integrate it into your existing cybersecurity strategy.

Canada Has Released its First-Ever Cybersecurity Plan

The Canadian government released its first-ever cybersecurity strategy this past Wednesday, with the aim of addressing increasing security-related challenges posed by remote work, cloud computing, aging infrastructure, and recruitment.

The strategy, first announced by Treasury Board President Anita Anand, concluded that government departments and agencies generally lacked “repeatable" processes to identify and respond to new and emerging cyber threats, as of the fiscal year ending in 2023.

It sets a timeline for results within two to five years. The government expects there will still be some cybersecurity incidents, but that it will be able to quickly respond to them and minimize the impacts.

This announcement comes on the heels of the Financial Transactions and Reports Analysis Centre of Canada, the Royal Canadian Mounted Police, and Global Affairs Canada having all suffered recent cyber breaches. It also emphasizes accelerated cyber risk that governments worldwide are facing, as reflected by the following statistics :

• Globally, 72% of both state and local governments attacked by ransomware had had their data encrypted
• After Australia’s Victoria state government invested $100,000 to train women in cybersecurity, the Australian federal government followed suite to launch their $9.9 billion REDSPICE initiative (Resilience, Effects, Defence, Space, Intelligence, Cyber Enablers) to bolster their national cyber infrastructure?
• In 2022, the UK government announced new cybersecurity measures to protect their nuclear weapons systems
• Vanatu’s official government sites and online services were compromised by a sophisticated cyberattack in 2022
• The United States government is ranked as the #1 most-targeted government for cyberattacks, with a likelihood of 38%

Initial Takeaways From Infosecurity Europe 2024

Are you attending Infosecurity Europe 2024?

Hailed as one of this year’s “premier information security event”, the conference will take place at ExCeL London from June 4th - June 6th.?

Ahead of this, the event has unveiled further insights from its 2024 Cybersecurity Trends, Obstacles, and Opportunities report –emphasizing the growing concern among cybersecurity leaders regarding two of this year’s top threats: ransomware and AI-generated attacks.

Their findings reflected that nearly 40% of respondents stated that these threats are driving increased investment in cyber defenses. With attacks becoming more frequent, complex, and damaging (particularly to long-term reputation), organizations of all sizes are ramping up their resources to enhance their security posture.?

This continuously heightened investment in security underscores the critical role of cybersecurity in protecting sensitive data, safeguarding client/customer trust, and guaranteeing business continuity.

Has ransomware or AI played a role in influencing how (and why) you invest in cybersecurity? Why or why not?