More than half of the known ransomware victims in Canada this year were critical infrastructure providers, according to a new threat assessment from Canada’s cyber spies — and the number is likely even higher.
As part of a new awareness campaign, the Communications Security Establishment (CSE), Canada’s foreign signals intelligence agency, released a ransomware bulletin Monday looking at the key trends of ransomware in 2021.
In its report, CSE’s Cyber Centre said ransomware attacks are “brazen, sophisticated, increasing in frequency, and, for the cybercriminals, very profitable.
“The impact of ransomware can be devastating, and the severity of the financial consequences related to a ransomware attack can be profound.”
For the first time, the agency also confirmed publicly Monday that it has used its new cyber attack powers, granted to it through legislation back in 2019.
“The Communications Security Establishment Act gives CSE the legal authority to conduct cyber operations to disrupt foreign-based threats to Canada, including cybercriminals,” said CSE spokesperson Evan Koronewski.
“Although we cannot comment on our use of foreign cyber operations (active and defensive cyber operations) or provide operational statistics, we can confirm we have the tools we need to impose a cost on the people behind these kinds of incidents.
“We can also confirm we are using these tools for such purposes, and working together with Canadian law enforcement where appropriate against cybercrime.”
Ransomware is a form of malware used by threat actors and criminals who encrypt files on a device then demand a ransom in exchange for decryption. Once successfully hacked, ransomware victims are often attacked multiple times.
CSE said it’s aware of 235 ransomware incidents against Canadian victims from Jan. 1 to Nov. 16 of this year and more than half of those targets were critical infrastructure providers, including those in the energy, health and manufacturing sectors.
The number is likely higher, as the agency said most ransomware events go unreported.
“The COVID-19 pandemic has made organizations like hospitals, governments and universities more mindful of the risks tied to losing access to their networks and often feeling resigned to pay ransoms,” notes the report.
“Cybercriminals have taken advantage of this situation by significantly increasing the value of their ransom demands.”
Canadian hospitals hit
Newfoundland and Labrador is still reeling after a cyber attack hit its health-care system, cancelling thousands of medical procedures ranging from chemotherapy to X-rays.
Sources have told CBC the security breach is a ransomware attack, but so far government officials have not confirmed the nature of the cyberattack and will not say if they have received a ransom demand.
A customer pumps gas at Costco as others wait in line on May 11, 2021, in Charlotte, N.C. Earlier this year the Colonial Pipeline, the largest fuel pipeline in the U.S., was hit by a cyber attack attributed to the Russia-based DarkSide RaaS cybercriminal group. (Chris Carlson/The Associated Press)
Staff were unable to access electronic patient records and diagnostic test results leading to long waits in the emergency department and prompting the hospital to cancel clinics and redirect some ambulances to other hospitals.
CSE said it expects high-impact targeting to continue.
“We assess that ransomware operators will almost certainly continue to target large organizations with operational technology (OT) assets, including organizations in Canada, to try to extract ransom, steal intellectual property and proprietary business information, and obtain personal data about customers,” it warned.
Canada is far from alone. This year has been marred by the highest ransoms and the biggest payouts around the world.
Earlier this year the Colonial Pipeline, the largest fuel pipeline in the U.S., was hit by an attack attributed to the Russia-based DarkSide RaaS cybercriminal group.
As a result, the company’s operations were affected, resulting in record price increases, panic-buying, and gasoline shortages
Ransomware operators will likely become increasingly aggressive: CSE
In Canada, CSE said the estimated average cost of a data breach, which includes but is not limited to ransomware, is more than $6 million. The average price has stabilized over the past years, a trend CSE attributes to cybercriminals becoming better at tailoring their demands to what their victims are most likely to pay.
Ransomware operators will likely become increasingly aggressive in their targeting in 2022, including against critical infrastructure, warned the agency.
Part of the problem fighting ransomware is that many operators and their affiliates are based in countries with lax or non-existent laws against cybercrime, said CSE.
Ransomware operators will likely become increasingly aggressive in their targeting in 2022, including against critical infrastructure, warns CSE. (PabloLagarto/Shutterstock)
“Mitigating the increasing risks will require concerted national efforts to improve cyber security and adopt best practices to harden critical systems, as well as co-ordinated international actions to undermine criminal infrastructure and tactics,” said the report.
As part of that effort, CSE, working with the RCMP, has published what they call a “playbook” that outlines steps organizations and businesses can take to protect against ransomware, and what to do if attacked.
Organizations urged to implement cyber safety measures
A handful of cabinet ministers have signed an open letter to Canadian organizations urging them to implement basic cyber security measures.
The letter, co-signed by Defence Minister Anita Anand, Emergency Preparedness Minister Bill Blair, Public Safety Minister Marco Mendicino and International Trade Minister Mary Ng, said the federal government is working with its allies to pursue cyber threat actors and disrupt their capabilities.
“We are also assisting in the recovery of organizations compromised by ransomware and helping them to be more resilient going forward,” they wrote.
“Our message is clear: taking basic steps to ensure your organization’s cyber security will pay swift dividends.”
Most job search advice is cookie-cutter. The advice you’re following is almost certainly the same advice other job seekers follow, making you just another candidate following the same script.
In today’s hyper-competitive job market, standing out is critical, a challenge most job seekers struggle with. Instead of relying on generic questions recommended by self-proclaimed career coaches, which often lead to a forgettable interview, ask unique, thought-provoking questions that’ll spark engaging conversations and leave a lasting impression.
Your level of interest in the company and the role.
Contributing to your employer’s success is essential.
You desire a cultural fit.
Here are the top four questions experts recommend candidates ask; hence, they’ve become cliché questions you should avoid asking:
“What are the key responsibilities of this position?”
Most likely, the job description answers this question. Therefore, asking this question indicates you didn’t read the job description. If you require clarification, ask, “How many outbound calls will I be required to make daily?” “What will be my monthly revenue target?”
“What does a typical day look like?”
Although it’s important to understand day-to-day expectations, this question tends to elicit vague responses and rarely leads to a deeper conversation. Don’t focus on what your day will look like; instead, focus on being clear on the results you need to deliver. Nobody I know has ever been fired for not following a “typical day.” However, I know several people who were fired for failing to meet expectations. Before accepting a job offer, ensure you’re capable of meeting the employer’s expectations.
“How would you describe the company culture?”
Asking this question screams, “I read somewhere to ask this question.” There are much better ways to research a company’s culture, such as speaking to current and former employees, reading online reviews and news articles. Furthermore, since your interviewer works for the company, they’re presumably comfortable with the culture. Do you expect your interviewer to give you the brutal truth? “Be careful of Craig; get on his bad side, and he’ll make your life miserable.” “Bob is close to retirement. I give him lots of slack, which the rest of the team needs to pick up.”
Truism: No matter how much due diligence you do, only when you start working for the employer will you experience and, therefore, know their culture firsthand.
“What opportunities are there for professional development?”
When asked this question, I immediately think the candidate cares more about gaining than contributing, a showstopper. Managing your career is your responsibility, not your employer’s.
Cliché questions don’t impress hiring managers, nor will they differentiate you from your competition. To transform your interaction with your interviewer from a Q&A session into a dynamic discussion, ask unique, insightful questions.
Here are my four go-to questions—I have many more—to accomplish this:
“Describe your management style. How will you manage me?”
This question gives your interviewer the opportunity to talk about themselves, which we all love doing. As well, being in sync with my boss is extremely important to me. The management style of who’ll be my boss is a determining factor in whether or not I’ll accept the job.
“What is the one thing I should never do that’ll piss you off and possibly damage our working relationship beyond repair?”
This question also allows me to determine whether I and my to-be boss would be in sync. Sometimes I ask, “What are your pet peeves?”
“When I join the team, what would be the most important contribution you’d want to see from me in the first six months?”
Setting myself up for failure is the last thing I want. As I mentioned, focus on the results you need to produce and timelines. How realistic are the expectations? It’s never about the question; it’s about what you want to know. It’s important to know whether you’ll be able to meet or even exceed your new boss’s expectations.
“If I wanted to sell you on an idea or suggestion, what do you need to know?”
Years ago, a candidate asked me this question. I was impressed he wasn’t looking just to put in time; he was looking for how he could be a contributing employee. Every time I ask this question, it leads to an in-depth discussion.
Other questions I’ve asked:
“What keeps you up at night?”
“If you were to leave this company, who would follow?”
“How do you handle an employee making a mistake?”
“If you were to give a Ted Talk, what topic would you talk about?”
“What are three highly valued skills at [company] that I should master to advance?”
“What are the informal expectations of the role?”
“What is one misconception people have about you [or the company]?”
Your questions reveal a great deal about your motivations, drive to make a meaningful impact on the business, and a chance to morph the questioning into a conversation. Cliché questions don’t lead to meaningful discussions, whereas unique, thought-provoking questions do and, in turn, make you memorable.
Nick Kossovan, a well-seasoned veteran of the corporate landscape, offers “unsweetened” job search advice. You can send Nick your questions to artoffindingwork@gmail.com.
CALGARY – Canadian Natural Resources Ltd. reported a third-quarter profit of $2.27 billion, down from $2.34 billion in the same quarter last year.
The company says the profit amounted to $1.06 per diluted share for the quarter that ended Sept. 30 compared with $1.06 per diluted share a year earlier.
Product sales totalled $10.40 billion, down from $11.76 billion in the same quarter last year.
Daily production for the quarter averaged 1,363,086 barrels of oil equivalent per day, down from 1,393,614 a year ago.
On an adjusted basis, Canadian Natural says it earned 97 cents per diluted share for the quarter, down from an adjusted profit of $1.30 per diluted share in the same quarter last year.
The average analyst estimate had been for a profit of 90 cents per share, according to LSEG Data & Analytics.
This report by The Canadian Press was first published Oct. 31, 2024.
CALGARY – Cenovus Energy Inc. reported its third-quarter profit fell compared with a year as its revenue edged lower.
The company says it earned $820 million or 42 cents per diluted share for the quarter ended Sept. 30, down from $1.86 billion or 97 cents per diluted share a year earlier.
Revenue for the quarter totalled $14.25 billion, down from $14.58 billion in the same quarter last year.
Total upstream production in the quarter amounted to 771,300 barrels of oil equivalent per day, down from 797,000 a year earlier.
Total downstream throughput was 642,900 barrels per day compared with 664,300 in the same quarter last year.
On an adjusted basis, Cenovus says its funds flow amounted to $1.05 per diluted share in its latest quarter, down from adjusted funds flow of $1.81 per diluted share a year earlier.
This report by The Canadian Press was first published Oct. 31, 2024.
