Connect with us

Business

Kaseya ransomware attack could be record-setting as its scope widens – Global News

Published

 on


Businesses around the world rushed Saturday to contain a ransomware attack that has paralyzed their computer networks, a situation complicated in the U.S. by offices lightly staffed at the start of the Fourth of July holiday weekend.

It’s not yet known how many organizations have been hit by demands that they pay a ransom in order to get their systems working again. But some cybersecurity researchers predict the attack targeting customers of software supplier Kaseya could be one of the broadest ransomware attacks on record.

Read more:
Ransomware attack suspected from REvil gang hits at least 200 U.S. companies

It follows a scourge of headline-grabbing attacks over recent months that have been a source of diplomatic tension between U.S. President Joe Biden and Russian President Vladimir Putin over whether Russia has become a safe haven for cybercriminal gangs.

Biden said Saturday he didn’t yet know for certain who was responsible but suggested that the U.S. would respond if Russia was found to have anything to do with it.

“If it is either with the knowledge of and or a consequence of Russia then I told Putin we will respond,” Biden said. “We’re not certain. The initial thinking was it was not the Russian government.”

Cybersecurity experts say the REvil gang, a major Russian-speaking ransomware syndicate, appears to be behind the attack that targeted the software company Kaseya, using its network-management package as a conduit to spread the ransomware through cloud-service providers.


Click to play video: 'Toronto’s Humber River Hospital under code grey after ransomware attack'



3:14
Toronto’s Humber River Hospital under code grey after ransomware attack


Toronto’s Humber River Hospital under code grey after ransomware attack – Jun 19, 2021

“The number of victims here is already over a thousand and will likely reach into the tens of thousands,” said cybersecurity expert Dmitri Alperovitch of the Silverado Policy Accelerator think tank. “No other ransomware campaign comes even close in terms of impact.”

The cybersecurity firm ESET says there are victims in at least 17 countries, including the United Kingdom, South Africa, Canada, Argentina, Mexico, Kenya and Germany.

In Sweden, most of the grocery chain Coop’s 800 stores were unable to open because their cash registers weren’t working, according to SVT, the country’s public broadcaster. The Swedish State Railways and a major local pharmacy chain were also affected.

Kaseya CEO Fred Voccola said in a statement that the company believes it has identified the source of the vulnerability and will “release that patch as quickly as possible to get our customers back up and running.”

Read more:
Recent increases in ransomware attacks may lead to a new internet

Voccola said fewer than 40 of Kaseya’s customers were known to be affected, but experts said the ransomware could still be affecting hundreds more companies that rely on Kaseya’s clients that provide broader IT services.

John Hammond of the security firm Huntress Labs said he was aware of a number of managed-services providers — companies that host IT infrastructure for multiple customers — being hit by the ransomware, which encrypts networks until the victims pay off attackers.

“It’s reasonable to think this could potentially be impacting thousands of small businesses,” said Hammond, basing his estimate on the service providers reaching out to his company for assistance and comments on Reddit showing how others are responding.

At least some victims appeared to be getting ransoms set at $45,000, considered a small demand but one that could quickly add up when sought from thousands of victims, said Brett Callow, a ransomware expert at the cybersecurity firm Emsisoft.


Click to play video: 'U.S. recovers ‘majority’ of cryptocurrency paid in Colonial Pipeline ransomware attack'



1:42
U.S. recovers ‘majority’ of cryptocurrency paid in Colonial Pipeline ransomware attack


U.S. recovers ‘majority’ of cryptocurrency paid in Colonial Pipeline ransomware attack – Jun 7, 2021

Callow said it’s not uncommon for sophisticated ransomware gangs to perform an audit after stealing a victim’s financial records to see what they can really pay, but that won’t be possible when there are so many victims to negotiate with.

“They just pitched the demand amount at a level most companies will be willing to pay,” he said.

Voccola said the problem is only affecting its “on-premise” customers, which means organizations running their own data centers. It’s not affecting its cloud-based services running software for customers, though Kaseya also shut down those servers as a precaution, he said.

The company added in a statement Saturday that “customers who experienced ransomware and receive a communication from the attackers should not click on any links — they may be weaponized.”

Read more:
Ransomware attack on world’s largest meat producer disrupts global production

Gartner analyst Katell Thielemann said it’s clear that Kaseya quickly sprang to action, but it’s less clear whether their affected clients had the same level of preparedness.

“They reacted with an abundance of caution,” she said. “But the reality of this event is it was architected for maximum impact, combining a supply chain attack with a ransomware attack.”

Supply chain attacks are those that typically infiltrate widely used software and spread malware as it updates automatically.

Complicating the response is that it happened at the start of a major holiday weekend in the U.S., when most corporate IT teams aren’t fully staffed.


Click to play video: 'How hackers can exploit vulnerabilities in Canadian companies'



2:14
How hackers can exploit vulnerabilities in Canadian companies


How hackers can exploit vulnerabilities in Canadian companies – May 10, 2021

That could also leave those organizations unable to address other security vulnerabilities, such a dangerous Microsoft bug affecting software for print jobs, said James Shank, of threat intelligence firm Team Cymru.

“Customers of Kaseya are in the worst possible situation,” he said. “They’re racing against time to get the updates out on other critical bugs.”

Shank said “it’s reasonable to think that the timing was planned” by hackers for the holiday.

The U.S. Chamber of Commerce said it was affecting hundreds of businesses and was “another reminder that the U.S. government must take the fight to these foreign cybercriminal syndicates” by investigating, disrupting and prosecuting them.

Read more:
Ransomware demands double amid COVID-19, with health care industry a key target: report

The federal Cybersecurity and Infrastructure Security Agency said in a statement that it is closely monitoring the situation and working with the FBI to collect more information about its impact.

CISA urged anyone who might be affected to “follow Kaseya’s guidance to shut down VSA servers immediately.” Kaseya runs what’s called a virtual system administrator, or VSA, that’s used to remotely manage and monitor a customer’s network.

The privately held Kaseya is based in Dublin, Ireland, with a U.S. headquarters in Miami.

REvil, the group most experts have tied to the attack, was the same ransomware provider that the FBI linked to an attack on JBS SA, a major global meat processor forced to pay an $11 million ransom, amid the Memorial Day holiday weekend in May.


Click to play video: 'FBI: Russian hacker group to blame for ransomware attack on Colonial Pipeline'



2:02
FBI: Russian hacker group to blame for ransomware attack on Colonial Pipeline


FBI: Russian hacker group to blame for ransomware attack on Colonial Pipeline – May 10, 2021

Active since April 2019, the group provides ransomware-as-a-service, meaning it develops the network paralyzing software and leases it to so-called affiliates who infect targets and earn the lion’s share of ransoms.

U.S. officials have said the most potent ransomware gangs are based in Russia and allied states and operate with Kremlin tolerance and sometimes collude with Russian security services.

Alperovitch said he believes the latest attack is financially motivated and not Kremlin-directed.

However, he said it shows that Putin “has not yet moved” on shutting down cybercriminals within Russia after Biden pressed him to do so at their June summit in Switzerland.

Asked about the attack during a trip to Michigan on Saturday, Biden said he had asked the intelligence community for a “deep dive” on what happened. He said he expected to know more by Sunday.

© 2021 The Canadian Press

Adblock test (Why?)



Source link

Continue Reading

Business

Canada's job vacancies reached one million in April and these sectors have the most openings – Economic Times

Published

 on



Employers in Canada were actively seeking to fill about one million vacant positions at the beginning of April, up 44.4 per cent from the same period of the previous year, Statistics Canada said on Friday.

There was an average of 1.1 unemployed people for each job vacancy in April, down from 1.2 in March, and down from 2.4 one year earlier, the national statistical office said, adding that labor shortage trends continue in Canada with record-high job vacancies in many sectors.

Think you check all the immigration boxes? Find out

The number of job vacancies in the construction sector reached a new high of 89,900 in April, up 15.4 percent from March and up 43.3 percent from April 2021.

Job vacancies also increased to a record high in April in professional, scientific and technical services; transportation and warehousing; finance and insurance; arts, entertainment and recreation; and real estate and rental and leasing, the agency said.

In manufacturing, there were 90,400 vacant positions in April, up 7.3 percent from March and up 30.7 percent from April 2021. In accommodation and food services, employers were actively seeking to fill 153,000 vacant positions in April, little changed from the previous month.

RECOMMENDEDSTORIES FOR YOU



Meanwhile, in the health care and social assistance sector, the number of job vacancies decreased 15.1 percent to 125,200 in April from its peak of 147,500 reached in March 2022, but was 21.3 percent higher than in April 2021. There were 97,800 job vacancies in retail trade in April, down 7.1 percent from March, but 27.9 percent higher than in April 2021, Statistics Canada said.

NRI-QR-labelET Online

Adblock test (Why?)



Source link

Continue Reading

Business

New B.C. sales tax rules go into effect July 1 for online marketplaces like Amazon, eBay – Vancouver Sun

Published

 on


Online marketplaces with annual gross revenues of more than $10,000 — hello, Facebook and Amazon — will be required to collect the provincial sales tax on goods and services sold on their sites

Article content

Starting July 1, British Columbians could be paying more for goods they buy through online marketplaces such as Facebook and Amazon.

Advertisement 2

Article content

That’s because the B.C. government has made changes that require these online marketplaces that have annual gross revenues of more than $10,000 to collect the provincial sales tax on goods and services sold on their sites.

It shifts the responsibility to companies like eBay and Amazon to collect the PST, rather than the small businesses that may use a marketplace facilitator site to sell their products, according to the B.C. finance ministry.

In addition, these marketplaces are also being required by the province to charge PST to individual sellers for use of their services, such as help with listing the sales of goods, advertising, warehousing and payment collection.

It’s the latest move by the province to create a more even playing field for online operations that continue to increase their share of the economy.

Advertisement 3

Article content

The B.C. government expects the PST rule changes will generate an additional $100 million in revenues this fiscal year and $120 million the following year.

The Retail Council of Canada, which has offices in B.C., says the move to treat online marketplaces the same as brick-and-mortar stores makes sense because it puts businesses on an equal footing.

But the addition of the PST for services purchased by sellers in B.C., often small businesses, will simply add costs for consumers here and make local sellers uncompetitive as other jurisdictions in Canada have not introduced a similar measure, said Karl Littler, senior vice-president of public affairs for the Retail Council of Canada.

“It doesn’t exist anywhere else. It’s a new tax between a marketplace facilitator, like an Amazon or like a Best Buy or like a Facebook, and somebody who’s selling goods,” said Littler.

Advertisement 4

Article content

The council is concerned that small B.C. merchants will be paying seven per cent on these online marketplace services, irrespective of whether the end-customer is in B.C. or elsewhere. This will make them less competitive versus other businesses operating in other North American jurisdictions.

In B.C., people who buy goods and services through online marketplaces will be charged the PST on top of the now higher-priced goods themselves, a sort form of double taxation, argued the retail council.

As well, the changes serve as a disincentive to marketplace services to locate facilities, and thus jobs, in B.C., says the retail council.

In a written response, finance ministry officials said the application of the PST to marketplace services attempts to keep pace with the changing digital economy.

Advertisement 5

Article content

There is no explicit breakout for the tax on services from online marketplace facilitators, but in an email the ministry said it expects it to account for less than 10 per cent of the estimated additional $100 million in tax revenue that will be collected.

Werner Antweiler, a professor in the Sauder School of Business at the University of B.C., said having online marketplaces collect the PST on goods and services closes a loophole in taxation and helps collect tax from sellers abroad.

What’s different about B.C.’s approach is the inclusion of the PST on online marketplaces services provided to online marketplace sellers, said Antweiler.

It may be that other provinces or the federal government will follow suit, but this new rule may disadvantage online facilitators setting up in B.C., as B.C. would be hard pressed to enforce tax collection outside its own jurisdiction, even in another province.

Advertisement 6

Article content

“There is a trade-off. While the economic rationale to tax all services, including online marketplace services provided to sellers, is sound, B.C. going this alone puts B.C. at a disadvantage,” said Antweiler.

In 2020, the B.C. government introduced new rules that required sellers of software and telecommunications services, such as Netflix, had to collect the PST.

That measure was expected to generate $11 million in new tax revenues in 2020-21 and $16 million in 2021-2022.

ghoekstra@postmedia.com

twitter.com/gordon_hoekstra


More news, fewer ads, faster load time: Get unlimited, ad-lite access to the Vancouver Sun, the Province, National Post and 13 other Canadian news sites for just $14/month or $140/year. Subscribe now through the Vancouver Sun or The Province.

Advertisement 1

Comments

Postmedia is committed to maintaining a lively but civil forum for discussion and encourage all readers to share their views on our articles. Comments may take up to an hour for moderation before appearing on the site. We ask you to keep your comments relevant and respectful. We have enabled email notifications—you will now receive an email if you receive a reply to your comment, there is an update to a comment thread you follow or if a user you follow comments. Visit our Community Guidelines for more information and details on how to adjust your email settings.

Adblock test (Why?)



Source link

Continue Reading

Business

The U.S. wants to ban Juul. Where is Canada on regulating e-cigarettes? – Yahoo News Canada

Published

 on


The vaping company Juul has been ordered to remove its products from the U.S. market.  (Tony Dejak/The Associated Press - image credit)

The vaping company Juul has been ordered to remove its products from the U.S. market. (Tony Dejak/The Associated Press – image credit)

Earlier this week, regulators in the United States ordered Juul to pull its vaping products from the market, dealing a major blow to one of the most powerful players in the industry.

The company is appealing the decision by the U.S. Food and Drug Administration (FDA), asking a federal court to block a government order to stop selling its electronic cigarettes.

While the attempted ban in the U.S. doesn’t directly affect Canada, some health advocates say it raises questions about the slow pace of regulation in this country.

Here’s a closer look at the FDA’s decision and what’s happening in Canada.

Why was Juul banned?

As part of the FDA’s review process, companies had to demonstrate that their e-cigarettes benefit public health. In practice, that means proving that adult smokers who use them are likely to quit or reduce their smoking, while teens are unlikely to get hooked on them.

In its decision, the FDA said that some of the biggest e-cigarette sellers like Juul may have played a “disproportionate” role in the rise in teen vaping. The agency said that Juul’s application didn’t have enough evidence to show that marketing its products “would be appropriate for the protection of the public health.”

On Friday, the e-cigarette maker asked the court to pause what it called an “extraordinary and unlawful action” by the FDA that would require it to immediately halt its business. The company filed an emergency motion with the U.S. Court of Appeals in Washington as it prepares to appeal the FDA’s decision.

That dispute is far from over.

Marshall Ritzel/Associated PressMarshall Ritzel/Associated Press

Marshall Ritzel/Associated Press

What about in Canada?

Juul’s vaping products, as well as those sold by other companies, remain available in Canada.

Health Canada proposed a ban on flavoured vaping products last June. At the time, it cited research indicating that flavoured vaping products are “highly appealing to youth, and that youth are especially susceptible to the negative effects of nicotine – including altered brain development, which can cause challenges with memory and concentration.”

But after a round of consultations last year, that proposed ban still hasn’t been put into effect.

WATCH | P.E.I. now has toughest vaping, smoking laws in Canada:

Several provinces and territories have put in place their own limits on flavoured vaping products, citing their appeal to teenagers.

(Juul voluntarily stopped selling many of its flavoured cartridges in 2020 following criticism they were designed to entice youth.)

David Hammond, a public health professor at the University of Waterloo who researches vaping in youth, said banning Juul products in the U.S. won’t necessarily have a significant impact on the industry as a whole, given its declining market share and the variety of products available.

“You know, it’s like a tube of toothpaste. If you press at one point, you just kind of squeeze it to a different spot,” he said.

What does Health Canada say?

“Health Canada has no plans to remove any vaping products from the Canadian market that comply with the Tobacco and Vaping Products Act and the Canada Consumer Product Safety Act,” the agency told CBC News in an email.

The government has recently put in place new restrictions on the sector, including limits on advertising for e-cigarettes and the amount of nicotine in the products. It’s also undergoing a review of the legislation for vaping products that went into effect in 2018.

On its website, Health Canada warns of the risks of e-cigarettes, saying “the potential long-term health effects of vaping remain unknown” and the government continues to investigate “severe pulmonary illness associated with vaping.”

Last week, Health Canada announced another set of proposed regulations that would require vaping companies to disclose information about “sales and ingredients used in vaping products,” to help the government “keep pace with the rapidly evolving vaping market.”

How popular is vaping?

Vaping is popular among young people, with 14 per cent of Canadians between the ages of 15 and 19 having vaped in the last month of 2020, up from six per cent from the same month in 2017, according to the results of the Canadian Tobacco and Nicotine Survey.

Vaping is less popular for adults over the age of 25, with just three per cent reporting that they vaped within the last month in 2020.

Robert Schwartz, a senior scientist at Toronto’s Centre for Addiction and Mental Health, said the regulatory challenge is to strike a balance between making these products available to adults as an alternative to cigarettes, while at the same time limiting their appeal to younger non-smokers.

“We definitely are finding that young people who would not otherwise become cigarette smokers have started to use e-cigarettes and they fairly quickly develop a dependence on them,” said Schwartz.

“Our research is also demonstrating that some adults are able to quit by … using these cigarettes.”

What’s the holdup?

Like Schwartz, Hammond said vaping products could be a useful tool in helping wean smokers off cigarettes. He said it doesn’t make sense to put strict limits on vaping products if cigarettes, which are thought to be more harmful, are still available in corner stores.

Craig Chivers/CBCCraig Chivers/CBC

Craig Chivers/CBC

“I don’t think the answer lies just with how they are regulated,” he said. “I think it lies with the industry and reframing these products as something that a 50-year-old uses to quit smoking and not a 15-year-old grabs on the way to a party.”

Hammond, who sits on Health Canada’s advisory board for vaping products, said the agency could stand to move more quickly given the stakes.

“There’s no doubt these are difficult questions and the market shifts rapidly. But it’s not an area where slow, plodding regulation is a good fit,” he said.

Cynthia Callard, executive director of the advocacy group Physicians for a Smoke-Free Canada, said that, while the context is different in Canada, the FDA decision “is a reminder that governments can and should bar market access to products which cannot be shown to benefit public health.”

Adblock test (Why?)



Source link

Continue Reading

Trending