FinTRAC works to restore full service five months after cyberattack
FinTRAC, Canada’s financial intelligence organization, is still working to bring all of its services back online more than five months after it was the target of a cyberattack. This is quite concerning seeing as many of FinTRAC’s reporting mechanisms and work is online. FinTRAC has apparently been telling organizations to “triage” transactions and send priority reports through Canada Post’s ePost system. More than five months after an attack for organizations to still be asked to triage does not bode well for Canada’s financial intelligence.
It remains unclear what kind of attack it was, the Government of Canada very rarely releases details about these attacks, but there is a strong chance it was a ransomware attack. Increasingly, it is becoming critical for organizations not only to be able to recover, but to have resilience. Organizations will be hit by a cyberattack eventually, and it is important that organizations have the ability to recover from this, but to do so quickly and with minimal impact. Few organizations think about the resiliency of their systems because already security is taken for granted as a limited, minor risk.
In landmark for post-quantum encryption, NIST releases three algorithms
For over a decade now, as quantum-computing and technology has steadily progressed, there has been the constant worry of the ability for quantum computers and technology to be able to easily break existing encryption techniques. The US National Institute of Standards and Technology released three post-quantum encryption standards to help avoid this. As the threshold for usefulness of quantum technology appears to increasingly be upon us, there will need to be a great push to move existing technology and encryption techniques to new post-quantum standards.
Best practices for event logging and threat detection
The Canadian Centre for Cyber Security along with counterparts in the US, New Zealand, Japan, Korea, Singapore, and Netherlands released a new guiance advisory on best practices for event logging and threat detection.
Although a technical document, I would recommend non-technical individuals to give it a read. Understanding the importance of event logging, what it shows, and how it contributes to threat detection may be a great introduction to understanding the work of cyber security professionals.
The Terrifying Rise of Ransomware Gangs
Maclean’s magazine did a great expose on the growing impact of ransomware on Canada. Most people still do not understand ransomware and its impact, which this articles does a great job of showing. An example provided is how an initial paid ransom of $290,000 still cost the town of St. Mary’s $1.5 million when factoring in recovery, legal costs, and credit monitoring for citizens.
Now extrapolate this to businesses, especially small and medium enterprises. Unless they have cyber insurance, this is likely an end to the business. Many large corporations are able to recover in time, albeit with a hit, it is small and medium businesses that receive the biggest hit because they do not have access to the same resources, monetary and knowledge, to be able to appropriately respond.
Cyberattack has cost Hamilton $7.4M so far, says city
The City of Hamilton was one city that was hit with ransomware that chose not to pay. Hamilton is in the process of rebuilding its systems after dozens of services were affected, including its vendor payment system. The $7.4 million is broken down:
$4,875,538 on external experts (Deloitte).
$1,151,917 on infrastructure.
$1,085,685 on staffing.
$289,482 on "other related costs."
While this case appears to be unique in terms of the amount that Deloitte is paid because they were also helping Hamilton to get caught up on the backlog of vendor payments due to that system being affected. This is important to highlight as the costs associated with a ransomware attack can be compounded when critical systems are affected.