Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Canada. Show all posts
Toronto Police
Canada Cyber Crime Cyber Scam SMS Blaster Toronto Police

Canada's First SMS Blaster Bust: 3 Arrested in Toronto Cybercrime Crackdown

 

Toronto police have exposed a first-of-its-kind SMS blaster cybercrime case in Canada, where investigators say three men used a rogue device to mimic a cell tower and push fake texts to nearby phones. The operation, known as Project Lighthouse, reportedly ran across the Greater Toronto Area for months before police arrested the suspects and seized multiple devices. 

The core issue is the use of an SMS blaster, a tool that can trick smartphones into connecting to a fake cellular signal. Once connected, the device can send fraudulent messages that look like they come from banks, delivery services, or other trusted organizations, often leading victims to phishing sites that steal passwords or banking details. Police also said the tactic creates a wider network risk because it can interrupt legitimate mobile connections. 

Investigators say the threat was not small in scale. Reports indicate tens of thousands of devices may have connected to the rogue equipment over several months, and police recorded more than 13 million network disruptions linked to the operation. That disruption is especially serious because it can interfere with emergency access, including the ability to reach 911.

The arrests show how quickly cybercrime is evolving from online-only scams into hybrid attacks that combine physical devices, mobility, and social engineering. Police charged the three suspects with a combined 44 offences, including fraud, mischief, personation, and unauthorized interception-related crimes. The case is being treated as Canada’s first confirmed investigation of this kind, which makes it a warning sign for other cities and countries. 

The broader lesson is that mobile phones can be vulnerable even when users do not click anything suspicious. If a rogue tower is nearby, the attack can start at the network level and then move into fake texts, credential theft, and financial fraud. For readers, the main takeaway is to be cautious with urgent SMS links, verify messages through official apps or websites, and treat unexpected texts from banks or government services as potentially malicious.
Read more »
TradeOgre
Canada cryptocurrency Cyber Security Europol KYC Money Laundering Scams TradeOgre

Canadian Police Seize $40M in Digital Assets After Closing TradeOgre

 


Canadian police have shut down the cryptocurrency trading platform TradeOgre and seized digital assets valued at more than $40 million USD, marking both the country’s largest cryptocurrency seizure and the first time a crypto exchange has been dismantled by national law enforcement.


A Platform Built on Anonymity

TradeOgre was a small but notable exchange that allowed users to trade niche digital currencies, including Monero, which is popular for its privacy features. The platform stood out for avoiding Know Your Customer (KYC) checks, meaning people could open accounts without providing identification. According to the Royal Canadian Mounted Police (RCMP), TradeOgre also failed to register as a money services business with FINTRAC, Canada’s financial watchdog. These gaps made the exchange appealing to those seeking anonymity but also raised red flags for regulators.

The case began in June 2024, when Canada’s Money Laundering Investigative Team (MLIT) opened a probe after receiving intelligence from Europol. Investigators relied on blockchain tracing tools to track wallet activity linked to the platform. In July 2024, TradeOgre suddenly went offline without any announcement from its operators, fueling rumors among users that it had carried out an “exit scam.” Authorities later confirmed that the takedown was part of their enforcement action.


Why Authorities Took Action

The RCMP said TradeOgre was operating illegally in Canada because it was unregistered and allowed anonymous trading. Investigators suspect the site was used by criminals to launder illicit funds, taking advantage of Monero and other privacy-focused coins. However, officials stressed that not all customer funds were necessarily linked to crime.

In a statement, the RCMP clarified that they could not confirm whether the seized assets came from specific crimes such as extortion. They also noted that details about the exact sources of the money could not be released at this stage.


Fallout and Reactions

The sudden seizure left many users cut off from their funds. Some, including well-known crypto community members like Taylor Monahan of MetaMask, criticized the move, arguing that innocent users had their assets frozen without warning. “Very much looking forward to seeing the evidence… and for you to provide recourse to ALL innocent parties,” Monahan wrote on social media.

The RCMP responded that individuals who believe their funds were legitimate may seek remedies through the Canadian court system if the assets are subject to forfeiture proceedings. The agency added that any inquiries about the seized cryptocurrency should be directed to the MLIT.


A Warning for Crypto Users

Authorities emphasized that this case shows the risks of using unregulated exchanges. While anonymity may appeal to some traders, platforms that avoid oversight expose customers to legal uncertainty, sudden shutdowns, and loss of access to funds.



Read more »
ToolShell
Canada CSE Cyber Attacks Employee Data Microsoft ToolShell

Canada’s Parliament Probes Data Breach Linked to Microsoft Flaws

 




Canada’s House of Commons has launched an investigation after a cyberattack potentially exposed sensitive staff data, raising questions about whether recently discovered Microsoft vulnerabilities played a role.

According to national media reports, an internal email to parliamentary employees revealed that attackers managed to enter a database containing staff information. The data included names, work emails, job titles, office locations, and details about computers and mobile devices connected to the House of Commons network.

The House of Commons and Canada’s Communications Security Establishment (CSE) are now examining the incident. In a public statement, CSE emphasized that attributing a cyberattack is complex and requires time, resources, and caution before drawing conclusions. In the meantime, staff have been urged to remain alert to suspicious messages or unusual activity.


Possible Link to Microsoft Vulnerabilities

Although officials have not confirmed the exact flaw that was exploited, the mention of a “recent Microsoft vulnerability” has led to speculation. In recent weeks, Canada’s Cyber Centre issued warnings about two critical Microsoft security issues:

  • CVE-2025-53770 (“ToolShell”): A flaw in Microsoft SharePoint servers that has been actively exploited since July. It allows attackers to gain unauthorized access and has been linked to incidents involving government networks and organizations worldwide.
  • CVE-2025-53786: A high-risk bug in Microsoft Exchange that can help attackers move through both cloud and on-premises systems. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently issued an emergency order for federal agencies to fix this vulnerability after warning of its potential to cause complete system compromises.


Security researchers, including the monitoring platform Shadowserver, have noted that thousands of systems remain unpatched against these flaws, with hundreds of vulnerable servers still running in Canada.


Global Exploitation of ToolShell

The ToolShell vulnerability in particular has been tied to attacks on multiple high-profile organizations, including U.S. government agencies and European institutions. Reports indicate that both state-sponsored groups and cybercriminal gangs have taken advantage of the flaw in recent months, underlining its severity.


Why Updates Matter

Cybersecurity experts consistently stress the importance of keeping systems updated with the latest patches. Unpatched vulnerabilities provide attackers with open doors into critical infrastructure, government bodies, and private organizations. This latest incident underscores how quickly attackers can move to exploit weaknesses once they are made public.


What Happens Next

For now, the House of Commons and CSE are continuing their investigation, and no final determination has been made about the vulnerability used in the breach. However, the case highlights the ongoing risks posed by unpatched software and the need for constant vigilance by organizations and individuals alike.



Read more »
telephone scams
Canada Cyber Crime RCMP Spoofing telephone scams

Scammers Impersonate Thunder Bay RCMP in New Phone Spoofing Scheme

 



Phone number of the RCMP used in scams across Thunder Bay. The local Royal Canadian Mounted Police detachment is warning residents of Thunder Bay about a phone scam. Scammers are spoofing the official RCMP number, 807-623-2791, which will have calls that appear to be from the police when they actually are not. The RCMP has issued a public alert to raise awareness and try to prevent potential fraud.

How the Spoofing Scam Works

Spoofing is a technique by which fraudsters mask their real phone numbers through technology, making it seem as though the call is coming from a trusted source. In this case, they are masquerading as the Thunder Bay RCMP in an attempt to intimidate or defraud unsuspecting victims. The fraudsters might use the RCMP's name to give their requests a semblance of legitimacy. These requests usually demand sensitive personal information or money.

The RCMP clears the air on its communication practices

As far as the spoofing cases are concerned, the RCMP states that neither them nor any government institution will ever ask for a fee in an odd manner such as Bitcoin, gift cards, or cash collections. In fact, police will never visit your home to collect money as a reason a family member is behind bars. According to the RCMP, it does not seek social insurance numbers, birthdays, or phone numbers via phone call.

How to Verify an RCMP Call 

 In case somebody is doubtful whether a call claiming that it is from her detachment is genuine or not, then she must hanger and call again at 807-623-2791 between 8 a.m. and 4 p.m. Therefore, he will know if that was the genuine call or an attempt by a scammer.

Role of RCMP in Ontario

Another thing the public should be aware of is that the RCMP does not deal with local law enforcement in Ontario but rather deals with issues involving federal law, such as national security, border integrity, organised crime, and financial crimes, including cybercrime and money laundering.

What to Do if You Suspect a Scam

If you believe you are a target, the best action is to hang up. Victims of telephone scams are advised to contact either their local police service or the Canadian Anti-Fraud Centre to report the incident, helping investigators to track and follow up on ongoing schemes.

By knowing how to validate government calls and remaining vigilant, the citizens will be able to guard themselves against spoofing scams and other fraudulent schemes.


Read more »
User Privacy
Canada Cyber Attacks Private Data Ransomware User Privacy

Ransomware Attackers Target Canada’s Largest School Board

 

The Toronto District School Board (TDSB) has issued a warning following a ransomware attack on its software testing environment and is currently investigating whether any personal data was compromised. 

TDSB is Canada's largest school board and the fourth largest in North America, overseeing and managing 473 elementary, 110 secondary, and five adult education institutions. The group has an annual budget of around $2.5 billion. 

An announcement posted on the board's website earlier this week informs parents, guardians, and carers about a ransomware attack that may have exposed personal information.

"TDSB recently became aware that an unauthorized third party gained access to TDSB's technology testing environment, which is a separate environment used by TDSB IT Services to test programs before they are run live on TDSB systems," reads the announcement. 

"We are conducting a thorough investigation to understand the nature of the incident, any impact on our network, and if any personal information may have been affected by the incident," adds TDSB further down in the announcement. 

TDSB claims that all of its systems are operational, with no disruptions, indicating that the attack was contained in the testing environment. The organisation has contacted the Toronto Police Service and the Information and Privacy Commissioner of Ontario, and it is working with third-party cybersecurity specialists to evaluate the extent of the incident. 

TDSB serves roughly 247,000 students and employs 40,000 employees, therefore this incident could impact a large number of people. The Toronto District School Board agreed to notify affected persons if the ongoing investigation reveals that a data breach happened, but for the time being, it has chosen not to provide too much information

Individuals who may have been impacted and are looking for answers may contact the organisation at 'cyberincident@tdsb.on.ca.’ At the time of writing, none of the major ransomware gangs claimed responsibility for the attack on TDSB.
Read more »
Project Swan
Canada Crypto Fraud Cyber Fraud Ontario Police Project Swan

Self Proclaimed “Crypto King” Aiden Pleterski Charged With $30 Million Scam

 

Aiden Pleterski, also known as the "Crypto King," and his partner, Colin Murphy, have been arrested and charged with allegedly defrauding investors of $40 million CAD (about $30 million USD) in a cryptocurrency and foreign exchange investment scam. 

Earlier this week on Wednesday, the Ontario Securities Commission revealed that Aiden Pleterski, 25, known as the "Crypto King," is facing fraud and money laundering charges. The commission also charged his colleague, Colin Murphy (27), with fraud. It stated Pleterski squandered investors' money on a lakeside house and a fleet of expensive cars. Among them was a Lamborghini, the Italian sports car totemic of crypto-based wealth.

The criminal allegations filed against the two Canadians are part of a 16-month investigation dubbed Project Swan. It coincides with a high-profile bankruptcy case involving their alleged investment fraud scheme. 

According to court filings and local media sources, Pleterski and his company, AP Private Equity Limited, received roughly $40 million CAD from 160 investors between 2021 and 2022 to invest in cryptocurrency and foreign exchange markets. Some investors apparently took out loans to fund their investments with Pleterski.

According to the findings of the bankruptcy trustee, Pleterski only invested two percent of the funds that he was given. He spent at least $16 million on personal luxury items in the interim. Among them were: International trips to the US and UK; more than 10 luxury cars, including two McLarens, two BMWs, and a Lamborghini. renting a lakefront property worth $8.4 million for $45,000 a month.

Aiden Pleterski, a self-proclaimed "Crypto King" and occasional livestreamer, has exposed his lavish lifestyle on social media. He bragged of travels to Los Angeles, London, and Miami, where he drove rental Lamborghini and McLarens. In one film, Pleterski was seen assembling a Lego Titanic model. During it, he claimed that he had spent $150,000 on Lego since 2021. 

Throughout the bankruptcy proceedings, Pleterski portrayed himself as a "20-something-year-old kid". He revealed to creditors that he was messy and did not keep financial records or track payments, CBC reported.

Meanwhile, in December 2022, a group of individuals involved in Pleterski's operation allegedly kidnapped the self-proclaimed Crypto King. According to reports, the group held him captive for three days, torturing and beating him. 

The kidnappers reportedly sought a $3 million ransom for his release. Although Pleterski was later released, a 12-minute video emerged on social media showing him injured and wounded. He apologised to his investors in what his lawyer termed as a forced apology. Four of the suspected kidnappers have since been apprehended and charged.
Read more »
User Safety
AI Scams Canada Cyber Fraud Data Privacy User Safety

Authorities Warn of AI Being Employed by Scammers to Target Canadians

 

As the usage of artificial intelligence (AI) grows, fraudsters employ it more frequently in their methods, and Canadians are taking note. According to the Royal Bank of Canada’s (RBC's) annual Fraud Prevention Month Poll, 75% of respondents are more concerned with fraud than ever before. Nine out of 10 Canadians feel that the use of AI will boost scam attempts over the next year (88%), thereby making everyone more exposed to fraud (89%).

As per the survey, 81 percent of Canadians think that AI will make phone fraud efforts more difficult to identify, and 81 percent are worried about scams that use voice cloning and impersonation techniques. 

"With the recent rise in voice cloning and deepfakes, fraudsters are able to employ a new level of sophistication to phone and online scams," stated Kevin Purkiss, vice president, Fraud Management, RBC. "The good news is that awareness of these types of scams is high, but we also need to take action to safeguard ourselves from fraudsters.”

The study also discovered that phishing (generic scams via email or text), spear phishing (emails or texts that appear authentic), and vishing (specific phone or voicemail scams) were among the top three types of fraud. More than half also report an increase in deepfake frauds (56%), while over half (47%) claim voice cloning scams are on the rise. 

Prevention tips

Set up notifications for your accounts, utilise multi-factor authentication whenever possible, and make the RBC Mobile App your primary banking tool. Keep an eye out for impersonation scams, in which fraudsters appear to be credible sources such as the government, bank employees, police enforcement, or even a family member. 

Some experts also recommend sharing a personal password with loved ones to ensure that you're conversing with the right individual. 

To avoid robo-callers from collecting your identity or voice, limit what you disclose on social media and make your voicemail generic and short. Ignore or delete unwanted emails and texts that request personal information or contain dubious links or money schemes.
Read more »
Threat Intelligence
Canada City of Hamilton Cyber Attacks Municipal City Ransomware attack Threat Intelligence

Canadian City Says Timescale for Recovering from Ransomware Attack 'Unknown'

 

The Canadian city of Hamilton is still getting over a ransomware attack that compromised nearly every facet of municipal operations. 

Since February 25, when the ransomware attack was first reported, city officials have been working nonstop. Foundational services, such as waste collection, transit, and water and wastewater treatment, are functioning as of Wednesday.

However, the attack has impacted nearly every online payment system, forcing the city to rely on cash transactions and other manual processes. All fines, tickets, and tax payments must be made in person. 

Numerous municipal services, including cemeteries, child care centres, and public libraries, were reported by the city as having phone system or website issues. Before March 15, there will be no more city council meetings, and the city's libraries will no longer provide WiFi, public computers, printing services, or other services. 

“The City of Hamilton took swift action to investigate, protect systems and minimize impact on the community. We engaged a team of experts, insurers, legal counsel, and relevant authorities and [are] working diligently to restore the City’s system in a safe and secure manner,” the city said in a statement. “While a timeline for recovery is not yet known, the City is committed to resolving the situation as quickly and effectively as possible.” 

Hamilton is located roughly 40 miles from Toronto and has a population of nearly 600,000. The city stated that it is currently investigating whether citizen data was stolen. No ransomware group has claimed responsibility for the attack yet, and local officials have not responded to calls for comment. 

City officials held a press conference on Tuesday, and City Manager Marnie Cluckie stated that it is "impossible to know how long it will take us to get up and running again.” 

Cluckie declined to comment on whether the city is in talks with the ransomware group, stating that they will "do what is best for the city." She confirmed that the city has cyber insurance. 

During the press conference, Cluckie was asked if the attack would follow the same schedule as the Toronto Library, which dealt with troubles for more than four months after a ransomware attack. Cluckie claims the hired cyber specialists would only advise her that each assault and recovery is unique.

Hamilton is the second municipality in Canada to deal with a ransomware attack over the last week. Ponoka, a small town about an hour west of Edmonton, recently dealt with a ransomware attack that caused system failures for the government.
Read more »
Threat Landscape
Canada City of Hamilton Cyber Attacks Cyber Warfare Threat Landscape

Hamilton City's Network is the Latest Casualty of the Global Cyberwar.

 

The attack that took down a large portion of the City of Hamilton's digital network is only the latest weapon in a global fight against cybersecurity, claims one of Canada's leading cybersecurity experts. 

Regarding the unprecedented attack on the municipality's network that affected emergency services operations, the public library website, and the phone lines of council members, not much has been stated by city officials. Although the specifics of the Sunday incident are yet unknown, Charles Finlay, executive director of Rogers Cybersecure Catalyst, believes that the attack is a part of a larger campaign against a shadow firm that is determined to steal money and data. 

“I don't think that the average citizen of Hamilton or any other city, fully understands what's at play here,” Finlay stated. “Our security services certainly are, but I don't think the average citizen is aware of the fact that institutions in Canada, including Hamilton, are at the front lines of what amounts to a global cybersecurity conflict.” 

On Sunday, city hall revealed service delays caused by what it later described as a "cybersecurity incident" that had far-reaching consequences for the city's network and related services. 

The specifics of what took place, however, remain unknown as local officials maintain a cloak of secrecy. So far, the city has refused to divulge the amount of the damage or how affected departments are operating. Emergency services are described as "operational," with some activities now being completed "manually," but officials refuse to disclose specifics.

The city also refuses to reveal whether sensitive data was stolen or is being held ransom.

According to Vanessa Iafolla of Halifax-based Anti-Fraud Intelligence Consulting, a municipality may prefer to delay reporting the extent of the harm in order to preserve an impression of security and control. 

Finlay and Iafolla said they can only speculate about what transpired because city hall hasn't provided any information. However, given the available details and the consequences of other institutions' attacks, a ransomware attack is a realistic possibility. 

A ransomware assault is one in which malicious software is installed on a network, allowing users to scan and grab sensitive data. In the case of the city, Iafolla could refer to personal information on employees and citizens, such as social insurance numbers and other identifying information.

“It's a safe bet that whatever they took is likely of real financial value,” concluded Iafolla. “It's difficult to speculate exactly what may have been taken, but I would be pretty confident in thinking whatever it is, is going to be a hot commodity.”
Read more »
USA
Akira Ransomware Canada cyber attack Cyber Attacks Ransomware ransomware attacks USA

Akira Ransomware Unleashes Cyber Storm: Targets North American Companies

In the continually changing realm of cyber threats, organizations find themselves urgently needing to strengthen their cybersecurity measures to combat the increasing complexity of ransomware attacks. The focus is on Akira, a recently discovered ransomware family, highlighting a group of cyber adversaries armed with advanced tactics and led by highly skilled individuals. 

In a recent analysis of blockchain and source code data, the Akira ransomware has surged to prominence, rapidly establishing itself as one of the fastest-growing threats in the cyber landscape. This surge is attributed to its adept utilization of double extortion tactics, adoption of a ransomware-as-a-service (RaaS) distribution model, and the implementation of unique payment options. 

Who are the Targets? 

The Akira ransomware made its debut in March 2023, and its sights are set on companies in the United States and Canada. But what is really catching attention is its unique Tor leak site, which, as per Sophos' report, brings back vibes of "1980s green-screen consoles." Users need to type specific commands to navigate through this throwback-style interface. 

What is even more intriguing is that, despite sharing the same .akira file extension for encrypted files, the new Akira is nothing like its 2017 counterpart when it comes to the code under the hood. This twist highlights the ever-evolving nature of cyber threats, where old names come back with a new style and a fresh set of tricks. 

The Akira encryptor 

The Akira ransomware was found by MalwareHunterTeam, and they shared a part of it with BleepingComputer. When it starts working, Akira does something serious – it deletes Windows Shadow Volume Copies on the device. It uses a special command to do this: 

powershell.exe -Command "Get-WmiObject Win32_Shadowcopy | Remove-WmiObject" 
 
Furthermore, linkages between the Akira ransomware group and the now-defunct Conti ransomware gang have come to light, indicating a potential affiliation. Conti, renowned as one of the most notorious ransomware families in recent history, is believed to have evolved from the highly targeted Ryuk ransomware, marking a lineage of prolific cyber threats. The intricate connections between these ransomware entities underscore the evolving nature of cyber threats and the persistence of criminal organizations in adapting and expanding their malicious operations.
Read more »
Security
Canada Cyber Attacks Data Data Safety data security Hackers Privacy Safety Security

Notorious Ransomware Gang Claims Responsibility for Cyberattack on Southwestern Ontario Hospitals

 

A notorious cybercrime gang known as Daixin Team has publicly admitted to pilfering millions of records from five hospitals in southern Ontario, subsequently leaking the data online when their ransom demands were not met. The targeted hospitals include those in Leamington, Windsor, Sarnia, and Chatham-Kent. The Windsor Star has obtained a purported link to the leaked information, which is hosted on the dark web, offering access to personal details of patients from these facilities.

While the hospitals confirmed the publication of the compromised data, they did not officially confirm Daixin Team's involvement. Windsor Regional Hospital CEO, David Musyj, emphasized that the attackers were part of a sophisticated and organized operation, rather than an isolated individual. 

The affected hospitals, including Sarnia’s Bluewater Health, Chatham-Kent Health Alliance, Windsor-Essex hospice, Erie Shores HealthCare, Hôtel-Dieu Grace Healthcare, and Windsor Regional Hospital, continue to grapple with system access issues following the cyberattack on October 23. In addition to disrupting digital and tech-based systems, the perpetrators made off with substantial amounts of personal information pertaining to both staff and patients. When the hospitals refused to yield to ransom demands, the criminals opted to disseminate the pilfered data.

A comprehensive investigation, involving local police departments, the Ontario Provincial Police, the FBI, and INTERPOL, is underway. Daixin Team has a track record of similar cyberattacks against various organizations, including a German water metering company, AirAsia, Fitzbiggon Hospital in Missouri, and OakBend Medical Centre in Texas.

Brett Callow, a threat analyst at the cybersecurity firm Emsisoft Ltd., emphasized that Daixin Team has been active since the middle of the previous year and has repeatedly targeted healthcare organizations. He cautioned that while this incident is unfortunate, it may not be the last, and underscored the urgency for robust cybersecurity measures in the healthcare sector. Following the breach, the hackers locked the hospitals out of their own systems by targeting TransForm Shared Service Organization, which oversees technology systems for all five facilities.

Musyj revealed that the extent of the stolen data is still unknown, but investigations are ongoing. He emphasized that the decision not to pay the ransom aligns with the joint statement from the 50 members of the International Counter Ransomware Initiative, which includes Canada. Callow, however, stressed that global governments need to take more effective measures to combat cybercriminals.

The U.S. government’s Cybersecurity and Infrastructure Security Agency issued a warning about Daixin Team last year, specifying that the group targets businesses in the Healthcare and Public Health sector with ransomware and data extortion operations. They encrypt servers responsible for healthcare, exfiltrate personal information, and demand ransom payments.

Callow concluded by advising caution and preparation for potential misuse of the compromised information, given the hackers' track record. He recommended assuming that the information could be exploited and taking appropriate precautions.
Read more »
spamouflage
Canada China Cyber Security deep fake videos disinformation campaign foreign interference Justin Trudeau politicians propaganda Social Media spamouflage

Canada Reports Targeting of Trudeau and Others by Chinese Bots

 

Canada has revealed the detection of a disinformation campaign believed to be linked to China, targeting numerous politicians, including Prime Minister Justin Trudeau. 

This campaign, termed "spamouflage," utilized a barrage of online posts to discredit Canadian Members of Parliament, according to the country's foreign ministry. The objective appeared to be suppressing criticism of Beijing. China has consistently denied involvement in Canadian affairs.

Global Affairs Canada disclosed that its Rapid Response Mechanism, designed to monitor state-sponsored disinformation from foreign sources, identified a "spamouflage" campaign associated with Beijing in August. 

This effort, which intensified in early September, employed a bot network to inundate the social media accounts of various Canadian politicians with comments in both English and French. These comments alleged that a critic of the Chinese Communist Party in Canada had accused the politicians of legal and ethical transgressions.

The campaign also featured the likely use of "deep fake" videos, digitally altered by artificial intelligence, targeting individuals. This is the latest in a series of allegations from Canadian intelligence agencies and officials asserting Beijing's interference in Canada's elections.

A "spamouflage" campaign employs a network of new or commandeered social media accounts to disseminate propaganda messages across platforms like Facebook, Twitter, Instagram, YouTube, Medium, Reddit, TikTok, and LinkedIn. The same accounts were also involved in spreading misinformation about the Hawaii wildfires in August, falsely attributing them to a covert US military "weather weapon."

In addition to the Prime Minister, the campaign targeted Conservative opposition leader Pierre Polievre and several members of Mr. Trudeau's cabinet. Global Affairs Canada has notified the affected social media platforms, leading to the removal of a significant portion of the activity and network. The department has also informed the affected politicians, providing guidance on safeguarding themselves and reporting any suspected foreign interference.

Officials suggest that the bot network behind this campaign may be linked to a broader, well-known Spamouflage network previously acknowledged by tech giants like Meta and Microsoft. This network has also been examined by the Australian Strategic Policy Institute, a non-partisan think tank based in Canberra, which assisted Canada in its assessments.

Earlier in September, Canada launched an inquiry into foreign interference, tasked with investigating potential meddling in its elections by China, Russia, and other actors. The BBC has sought comment from the Chinese embassy in Canada.
Read more »
Ransomware Outbreak
Canada Cyberattacks cybercriminals Cybersecurity Malicious Attack malware Ransomware Outbreak

Ransomware Outbreak in Canada: Cybersecurity Meltdown

 




Canadians and Canadian organizations are increasingly falling victim to ransomware attacks. There was an emphasis placed on the urgency of addressing the cyber security issue by Sami Khoury, the president of the Canadian Centre for Cyber Security. The President said that the country has much to do to defend itself from outside threats. 

There used to be many ransomware attacks involving breaking into a system and taking control. However, Khoury notices most attackers have changed their tactics. This report indicates that ransomware attacks in the past had been primarily aimed at hacking into systems and asking for money in exchange for releasing the hacks that had been made. However, these attacks focus on hacking into systems and stealing data and sensitive information from them. This information can be sold on the dark web. The expert says that companies have increased sophistication and backups of their computer systems in case they get attacked or locked out.

This is the reason why attackers seek out information and data to profit financially. According to the report, these types of incidents have become far too common. Khoury estimates that cybercrime is one of the greatest threats to the nation at present. 

According to the Canadian Centre for Cyber Security, there were 305 reports of ransomware attacks reported to them last year as compared to 295 the year before, a 20% increase from 295 the year before. As a result of such incidents becoming so common in recent years, Khoury considers cybercrime to be the number one cyber threat the country faces, including ransomware. 

As a result of ransomware attacks over the last year, many of the biggest brands and organizations in Toronto, such as Suncor Energy Inc., Indigo, and Sobeys have been victimized. Nevertheless, he goes on to say that the actual number is nowhere near the number that has been reported.

The researcher says companies are reluctant to report cybercrime that has impacted their company, and that's the reason why there is a discrepancy between the reported and assumed numbers of cybercrime incidents, as well as the reported numbers of actual incidents. Additionally, he recommended implementing preventative measures such as using strong and unique passwords, enabling multi-factor authentication, and educating employees about these security risks to reduce security risks. 

In light of the escalating geopolitical tensions involving Russia, Ukraine, and China, Khory said that making sure the country is safe from cybersecurity threats is of the utmost importance. It does not mean cyberattacks to stop in the future, however, Khoury insists the nation can still defend itself. 

Cyber attackers are now focused on stealing sensitive data and data used to identify individuals. This is instead of weaseling their way into systems and demanding cash. The information on this website is something that can be threatened to be released or sold by them. 

According to him, these steps are crucial to combating cybercrime today but also attack critical infrastructure in the future. They also combat threats posed by nation-states that threaten Canada and misinformation that ramps across the country. 

A report released last month by the Canadian Communications Security Establishment, part of Koury's center, urged Canadians, after the first anniversary of Russia's invasion of Ukraine in January, "to be vigilant and prepared" for potential malicious activity online. 

A Global Post report in May warned of "abnormal activity" carried out by a state-sponsored perpetrator associated with China. The report warned that the perpetrator was using the inbuilt network administration tools to move through systems. This was to fool the system into thinking any action was a normal activity. 

The government has also observed that, as a result of its parent company's existence in China, where access to user data is permitted by law, the Apple company has pulled the music-based app TikTok from federal devices. He also stressed that if he had to make any recommendations regarding TikTok to the government, he would leave that to them. He did, however, make it clear that the general public also has a part to play in the process. 

Khoury believes citizens should not become pessimistic about the fight against cyber-attackers despite the influx of threats and security concerns catching the public's attention these days, despite the influx of threats. As ransomware attacks surge across the country, a dire cybersecurity crisis is looming in Canada as sensitive data and information are targeted. 

According to Sami Khoury, the need for prompt action is urgent, including accurate reporting, proactive prevention measures, and heightened public awareness to address this issue. For our country's defense against ever-evolving cyber threats, collaboration, resilience, and international cooperation must exist. Even though the digital landscape in Canada has been challenged, Canada remains dedicated to safeguarding and protecting it from cyber-attacks, despite those challenges.
Read more »
Security Breach
Canada Cyber Attacks Gas Stations Payment Network Petro Canada Security Breach

Cyberattack on Suncor Energy Affects Petro-Canada Gas Stations

 

Customers have been reporting issues with Petro-Canada's loyalty and payment programmes for almost a week now, but the company maintains it is working to find solutions. 

Around a week ago, reports that the parent company Suncor had been hacked surfaced, sparking problems within the company. 

Suncor confirmed having a "cybersecurity incident" over the weekend and highlighted that, despite being certain that no employee or customer data had been stolen, "some transactions with customers and suppliers may be impacted."

One of the first sites where such disruptions were discovered was at Petro-Canada, where the chain's more than 1,500 outlets across the country were experiencing difficulties processing debit and credit payments. Other services affected include the loyalty programme app Petro-Points and a car wash-related service. 

Petro-Canada stated on Twitter that it is "making progress on resolving the disruptions customers have been experiencing and will continue to update you as more services come back online." We apologise for any inconvenience this has caused, and we thank you for patience." 

Massive implications 

Suncor has yet to link the cybersecurity incident to Petro-Canada problems, or even say what type of incident it was, but Ian Paterson, CEO of cybersecurity firm Plurilock, says the incident has some of the hallmarks of a "ransomware" attack, in which malicious actors gain access to a company's network and then hold it hostage in exchange for payment. He warns, though, that it might not be. 

"If a company is taking down systems voluntarily to try to figure out what happened, it would actually look very similar to a ransomware attack," Paterson stated. 

Those attacks frequently occur when hackers detect a vulnerability of some kind, hence they often take place during downtimes such as holidays or as we approach the weekend. Whatever the source, Paterson believes the corporation is dealing with a "massive problem" considering the length of the outage. 

Reputational harm

According to Jon Ferguson, general manager of cybersecurity at the Canadian Internet Registration Authority, the company's impact from this cybersecurity issue will be felt for a long time. He mentioned that one of the issues is that it is a huge organisation. 

"If they have to go in and modify critical systems, that can take a very long time to recover, depending on what's been damaged," Ferguson told The Canadian Press. "There's also the cost of disruption.I'm not sure how much gas Petro-Canada didn't sell since customers didn't have cash." 

Additionally, he noted that the cost of the harm to the company's reputation was very difficult to measure, but you're probably going to think twice before you slip your credit card into a Petro-Canada gas machine now. 

Businesses affected by cyber attacks

The incident is only the most recent cybersecurity breach to make headlines. Indigo was targeted by a ransomware attack in February, which disrupted credit and debit card payments for days and the online store for over a month.

In 2021, the American pipeline firm Colonial Pipeline went offline after hackers breached the corporation's servers. This attack halted the flow of gasoline over a critical pipeline that supplies the eastern seaboard, causing major shortages.

The Canadian Centre for Cyber Security warned last week that ransomware attacks — in which hackers gain access to a company's internal system and demand payment in exchange for restoring it — were the most serious cyber threat facing Canada's oil and gas industry.
Read more »
Federal Agency
Canada Cyber Security Cyberattack cybersecurity incidents Federal Agency

Canadian Government Hit by Hackers 2,300,000,000,000 Times Last Year

In the past fiscal year, Canada's electronic intelligence organization revealed that it successfully thwarted an astonishing 2.3 trillion "malicious actions" targeting the federal government. This translates to an average of an astounding 6.3 billion disruptions per day. In its most recent annual report released on Thursday, the Communications Security Establishment (CSE) disclosed a comprehensive account of its endeavors spanning from April 2022 to March 2023. 

The report outlines the agency's endeavors to safeguard the nation, and its critical infrastructure, and counter foreign hacking activities, political manipulation, and cybercrime. The volume of hacking attempts targeting the federal government seems to have surged beyond previous years, as indicated by the latest findings. 

In the 2020-21 report, the CSE stated that its automated defenses typically neutralized an average of two billion to seven billion "malicious actions" against the government daily. Similarly, in the following year (2021-22), the agency reported averting approximately three billion to five billion actions per day. 

According to Robyn Hawco, spokesperson for the CSE, the rise in blocked actions is likely a result of the agency's improved ability to prevent such incidents, in addition to an escalation in the global cyber threat landscape. In an emailed statement, Hawco emphasized that Canada's federal institutions and critical infrastructure face persistent risks from malicious cyber activities. 

These threats encompass criminal endeavors like ransomware attacks, as well as state-sponsored operations aimed at achieving strategic advantages. During the unveiling of Thursday's report, Bill Robinson, a University of Toronto's Citizen Lab fellow, highlighted an interesting revelation. 

The report showcased that the agency had undertaken cyber operations aimed at disrupting and eradicating detrimental terrorist content propagated by foreign extremists driven by ideological motives. Robinson noted that this was the first instance where the agency publicly disclosed its efforts targeting politically motivated foreign extremists, distinct from those motivated by religious factors. 

Within the 2022-23 timeframe, the report acknowledges that the CSE addressed a total of 2,089 "cybersecurity incidents," maintaining consistency with previous years' response levels. Among these incidents, 957 pertained to federal government institutions, while 1,132 targeted "critical infrastructure organizations" operating in sectors such as energy, finance, transportation, healthcare, and others. 

Additionally, the report showcases a noticeable emphasis on Russia compared to other countries, including China. Despite months of political controversy surrounding China's alleged interference in Canadian democracy, the 68-page document merely mentions China twice. 

One instance highlights China's efforts to "monitor and intimidate" diaspora populations in Canada, while the other references the incident involving a Chinese spy balloon entering Canadian and American airspace before being shot down by the United States. 

In contrast, Russia receives more frequent mentions throughout the report. Notably, Canada has expanded its foreign cybersecurity operations to Latvia and Ukraine, as indicated by ministerial orders from Anand in March 2022, which occurred shortly after the Russian invasion. 
Read more »
Oil and gas
Canada Cyber Attacks Cyberattack Energy sector Oil and gas

Russia-Aligned Hackers Trying to Disrupt Canada's Energy Sector

 

The most recent threat assessment from Canada's Communications Security Establishment (CSE) reveals that non-state threat actors aligned with Russia are expected to persist in their efforts to infiltrate the country's oil and gas sector. The CSE warns that these malicious actors will likely continue their activities until the conflict in Ukraine is resolved. 

This information was disclosed on Wednesday as part of the CSE's latest threat assessment report. Further, the Communications Security Establishment (CSE), said that although non-state threat actors associated with Russia potentially lack the same level of sophistication and technical capabilities as state-sponsored actors, however, they still possess the ability to cause significant harm. The CSE emphasizes that despite any limitations, these actors should not be underestimated in terms of their potential impact. 

"We assess there is an even chance of a disruptive incident in the oil and gas sector in Canada caused by Russia-aligned actors, due to their higher tolerance for risk, the increase in their numbers and activity, as well as the number of vulnerable targets in the sector overall," CSE said in its warning report. 

According to the agency's findings, individuals aiming to disrupt Canada's oil and gas supply are primarily focused on exploiting vulnerabilities at critical points, including networks comprising wide-diameter pipelines, transfer terminals, and significant refining facilities. 

This assessment follows the release of confidential U.S. intelligence documents a few months ago, which indicated that hackers supported by Russia managed to penetrate Canada's natural gas distribution network. 

Canada, as the fourth-largest oil producer globally, boasts a substantial oil and gas sector that plays a significant role in its economy. With approximately 600,000 employees and contributing around 5% to the country's GDP, the sector holds considerable importance. 

Additionally, the Communications Security Establishment (CSE) has identified operational technology networks responsible for monitoring and controlling large-scale industrial assets as the primary target for cyber-attacks orchestrated by pro-Russian hackers. 

What makes the energy sector prone to cyber-attacks? 

According to cyber security firm Hornetsecurity, the energy sector has experienced a significant number of cyber attacks, representing at least 16% of reported incidents. The COVID-19 pandemic and the shift to remote work have contributed to an increase in attempted attacks, as reported by experts from the Edison Electric Institute, an American energy lobby group. 

George Patterson, the director of Arrowforth, a cyber security recruitment specialist based in Oxford, suggests that younger generations, who make up a significant portion of cyber hackers, perceive the energy industry as unethical. Exploiting this perception, hackers target the industry knowing that energy companies possess financial resources and are more likely to pay ransoms to ensure uninterrupted operations. 

Kristin Bryan, a senior associate at Squire Patton Boggs (UK), notes the critical nature of the energy sector and its interconnectedness with global supply chains. A cyber attack on energy companies can have far-reaching impacts, compelling affected companies to quickly pay ransoms. Additionally, companies may find it more cost-effective to pay the ransom through their cyber security insurance policy rather than undertaking expensive data recovery measures themselves.
Read more »
Vulnerabilities and Exploits.
Canada Chinese Firm Data collection EU Phishing Attacks TikTok Ban User Privacy Vulnerabilities and Exploits.

The West Accuses TikTok of Espionage & Data Mining

 

TikTok is one of the few social media corporate giants that was not created by a Silicon Valley business. The parent business, ByteDance, which launched the internet service in China in 2016, has offices spread across the globe, including Paris. Nonetheless, Beijing remains the location of the parent company's main office. These claims, which include, among other things, some actions that are not within the purview of this social network, are fleshed out by a number of causes for concern.

TikTok will no longer be available to employees and elected officials of the European Parliament and the European Commission starting in mid-March. The United States' main worry is that the Chinese government might be able to access their citizens' data and snoop on them.

Many publications from disinformation-focused research organizations or businesses highlight how simple it is for people to come across incorrect or misleading information concerning elections or pandemics. Research from the Center for Combating Online Hate in the United States in December 2022 showed how the social network's algorithm suggested hazardous content to its teenage members, including videos about self-harm and eating disorders.

Yet, the fact that ByteDance has released two different versions of its application—Douyin, which is only available in the Chinese market, and TikTok for the rest of the world—reinforces misconceptions and wild speculation about the latter.

It occurs while China and the West are engaged in a larger technology-related arms race that includes everything from surveillance balloons to computer chips. TikTok seeks a lot of user permissions, according to the Exodus Privacy organization, which examines Android apps. As a result, the program gets access to the device's microphone, contacts, camera, storage, and even geolocation information.

TikTok first needs broad access to its users' devices in order to function, display targeted adverts, or show pertinent videos. On the website of the ToSDR association, which simplifies and evaluates the general conditions of use of numerous applications and services, TikTok obtains an E score, the worst score in the list.

The federal government will reportedly also prevent the app from being downloaded on authorized devices going forward, according to Mona Fortier, president of the Canadian Treasury Board. It is justified that the approach of European institutions is one of caution in the face of difficult international relations with Beijing.








Read more »
User Privacy
API Bug Canada Cyber Security Databases GitHub Malicious actor SIM Telecom Firm User Privacy

Canadian Telecom Provider Telus is Reportedly Breached

 

One of Canada's biggest telecommunications companies, Telus, is allegedly investigating a system breach believed to be fairly severe when malicious actors exposed samples of what they claimed to be private corporate information online.

As per sources, the malicious actors posted on BreachForums with the intention of selling an email database that claimed to include the email addresses of every Telus employee. The database has a $7000 price tag. For $6,000, one could access another database purported to provide payroll details for the telecom companies' top executives, including the president.

A data bundle with more than 1,000 private GitHub repositories allegedly belonging to Telus was also offered for sale by the threat actor for $50,000. A SIM-swapping API was reportedly included in the source code that was for sale. SIM-swapping is the practice of hijacking another person's phone by switching the number to one's own SIM card.

Although the malicious actors have described this as a Complete breach and have threatened to sell everything connected to Telus, it is still too early to say whether an event actually happened at TELUS or whether a breach at a third-party vendor actually occurred.

A TELUS representative told BleepingComputer that the company is looking into accusations that some information about selected TELUS team members and internal source code has leaked on the dark web.

The Telus breach would be the most current in recent attacks on telecom companies if it occurred as the malicious actors claimed. Three of the biggest telecommunications companies in Australia, Optus, Telestra, and Dialog, have all been infiltrated by attackers since the beginning of the year.

Customer data was used in a cyberattack that affected the Medisys Health Group business of Telus in 2020. The company claimed at the time that it paid for the data and then securely retrieved it. Although TELUS is still keeping an eye on the potential incident, it has not yet discovered any proof that corporate or retail customer data has been stolen.



Read more »
User Privacy
Backups Canada Cyber Security Encryption Malicious actor Password United States User Privacy

5 Updates to Secure Data as Workers Return to Work

According to an Adastra survey, more than 77% of IT decision-makers in the U.S. and Canada estimate their organizations will likely experience a data breach over the next three years.

Employees should be aware of data security practices since the 2022 Verizon Data Breach Investigations Report states, 82% of data breaches are caused by human error, placing companies of all sizes at risk.

5 Upgrades to Data Security


1. Protect data, not simply the barrier

With approximately 90% of security resources going toward firewall technology, it appears that many firms are focusing on protecting the walls around their data. However, there are potential ways for firewalls, including via clients, partners, and staff. Such individuals can all get beyond external cyber security and abuse sensitive data. 

2. Be aware of threats

Insider threats can be challenging to identify and stop due to their nature. It might be as simple as a worker opening an email attachment that is from a credible source and activating a ransomware worm. Threats of this nature are the most frequent and expensive worldwide.

3. Encrypt each device

A growing number of individuals prefer to work on personal devices. A solid, unchangeable data backup strategy might aid a business in making a speedy incident recovery. 

4. Create secure passwords

Most firms tend to display weak password policies, resulting in basic, generic, and hackable passwords for vital accounts that have access to private and priceless data. Passwords should be fairly complex; they should be updated every 90 days. 

5. Develop a company safety strategy

Each person who has a username and password is responsible for data security. IT administrators must regularly remind managers and employees that they are never permitted to share their login information with any third parties.

Data security is identified as the largest disruptor in 2023 by researchers as businesses continue to boost their cybersecurity resilience. According to the poll, 68% of managers say that the company has a cybersecurity unit and another 18% indicate companies are in process of building one. Only 6% of participants claimed to have no cybersecurity section.

A breach could cost significantly more than an audit from a data security firm. The estimated cost of a data breach in the US increased from $9 million to $9.4 million in 2022, as per Statista.

Read more »
User Privacy
Canada Cyber Fraud Holiday Scam Internet Scam Online fraud Scammers User Privacy

Customers are Advised to Exercise Caution as Internet Frauds Approach Record Levels

 

Online shoppers are being advised to exercise additional caution as the holiday shopping season draws to a close and the pressure to find the ideal gift builds. 

Scams, according to the Canadian Anti-Fraud Centre, the local police, and the Better Business Bureau of Vancouver Island, are at an all-time high. 

Fraudsters are most active in times of crisis, such as the one we are currently experiencing, when consumers must simultaneously contend with rising interest rates, rising inflation, and the holiday shopping frenzy, according to Rosalind Scott, CEO of the BBB Vancouver Island. 

“People, when they’re desperate to get a little bit more money, are quicker to believe these scams because they want it to be true,” she stated. 

Scott claimed that despite only 5% of individuals actually reporting being conned, there is a tremendous amount of internet fraud. “But we do know literally millions and millions of dollars are lost every year,” he said. 

More than $380 million US were lost to online shopping scams in North America last year, according to the Better Business Bureau's Scam Tracker, marking a rise of 87% since the tracker's introduction in 2015. 

The tracker stated that almost 36% of all allegations of online retail fraud originated from a fake website and that 40% of reported frauds were started by con artists using social media and email. 

Experts’ advice 

The Canadian Anti-Fraud Centre noted that in a bulletin released just before Black Friday and Cyber Monday, the two busiest online shopping days of the year, fraudsters have flooded social media feeds with deals that seem too good to be true while "spoofing" websites and email addresses — creating addresses that look like they come from a trusted or legitimate source — to entice unsuspecting customers. 

“Unfortunately, fraudsters and cybercriminals use holiday promotions to continue to victimize people. The best way to protect yourself and those around you is by learning what fraud and cybercrime look like and report it,” stated Chris Lynam, the centre’s director general. 

This means that customers should be on the lookout for warning signs like prices that seem excessively low, complicated payment procedures, poorly designed websites, stores that omit vital information like return policies, privacy policies, and contact information, online stores that lack security features, or websites with misspelled URLs. 

Online fraud is probably underreported, according to Victoria police Const. Terri Healy, because it is hard to investigate and most consumers interact with their credit card providers and financial institutions directly.  

Healy advised customers to shop with reputable online merchants, constantly check their credit card and bank statements for any unusual or suspicious behaviour, and steer clear of offers that look "too good to be true. Education and knowledge are your finest lines of defence against fraud. Discuss it if someone has been a victim of fraud or a scam. Inform your family, friends, and coworkers."

Consumers should never store credit card information in a web browser and should only make online purchases on private Wi-Fi networks, not public ones, according to the Canadian Anti-Fraud Centre. Use cellular data or create a virtual private network if transactions must be done over open networks. Additionally, they encourage conducting research, reading reviews, and exercising common sense. 

According to the centre, frauds involving online purchases or sales of products or services cost Canada more than $21.1 million in damages in 2021. Over 47,000 victims nationwide have reported $420 million in fraud of all types over the first ten months of this year. 
Read more »
Subscribe to: Posts (Atom)