Email Icon info@fiveninesit.ca
Phone Icon +1-519-893-3359

Our job is to ensure you can do yours. Let’s talk.

Commuter hackers target Ontario transportation firm

Image courtesy of Metrolinx 2015-16 Annual Report

 

Computers at Metrolinx, the Ontario government agency responsible for GTA/Hamilton and Ottawa area public transportation services were said to be targeted by North Korean hackers in mid-January 2018. At the time of writing, details are still coming in, but a statement from Metrolinx assures that both the systems that manage rail and bus services and servers storing personal information are safe and secure. 

 

The question this begs is, "Why?"

 

Are they (North Korea) looking for new ideas on how to (or how not to) manage their public transportation? Could it be a group of bored but talented teenagers pulling a prank? Odds are it is organized crime looking to add to the ever-increasing pool of available identity-related data for far more nefarious purposes. Reports say that hacking brings in a billion dollars to NK coffers each year. No word as to whether that money goes directly to their illustrious leader or is divvied up to give their commuters a break. One can only speculate.

 

Why is this particular situation so important? Well, this kind of attack is not random, it is targeted. Consider that over 35,000 people use GO trains and buses every day, travelling to and fro for work and pleasure, and over two million Presto cards are in use. That's a lot of names, addresses, and credit/debit cards, but what about simple details like demographics and travel patterns? This kind of information also feeds into plans for disruption and chaos, not just financial gain. I'm sure the terrorists responsible for attacks on commuter trains in other parts of the world did background research beforehand to determine where and when to strike with maximum effectiveness.

 

The point is, every network, every computer and every Internet-connected device everywhere is potentially vulnerable to attacks of one kind or another. In this case, the folks at Metrolinx responsible for cybersecurity were on the ball, prepared and ready for action (GO team!) How well do you know your network?

 

After all, you have a responsibility to protect yourself, your business, your employees, your data.

 

Let's talk.

 

Read more here.

view all comments (20) add a comment
Subscribe to this Blog Like on Facebook Tweet this! Share on LinkedIn

Contributors

Stefan Myles
8
March 2, 2018
show Stefan's posts
Douglas Grosfield
4
January 17, 2018
show Douglas's posts

Latest Posts

Show All Recent Posts

Archive

Tags

Everything Hardware Software Cybersecurity Malware Antivirus Business Continuity Microsoft AMD Intel Infrastructure IoT (Internet of Things) Cyberwar

 

Still have questions? Of course you do.
Good news! We listen.
After all, you know your business and we know IT.

 

LET'S TALK

 

Gimme ten Timbits® and a large ÐÖÜߣ€ ¥®±§H?

No Sale

 

Whether karmic retribution over the minimum wage scandal, just another high-profile target chosen for its prestige or simply an opportunity to mess with a whole lot of half-awake people at the same time as they attempted to acquire their daily fix, somewhere between a hundred and a thousand Tim Hortons locations across the country were hit by a form of computer virus a couple of days ago. This one hit them right where it hurts – in the cash register. Literally.

 

According to the company, a substantial number of the chain’s Panasonic Point-Of-Sale systems were smacked with undisclosed malware, resulting in service delays and in some cases, the shutdown of entire restaurants. Sources say there was no threat to client data or other computer systems, but there are unconfirmed reports of lawsuits launched by the franchisees who argue their systems should have been better protected by the company’s IT support services.

 

Only time will reveal the amount of damage and lost productivity resulting from a major blip in the country’s primary caffeine supply chain.

 

Read more here.


view all comments (84) add a comment
Subscribe to this Blog Like on Facebook Tweet this! Share on LinkedIn
Hardware Software Cybersecurity Malware Business Continuity IoT (Internet of Things) Cyberwar

Canadians are nice but it's not enough to be immune

 

It seems that being nice just isn't enough anymore. In today's world, sad as it may be, we need to be suspicious and cautious, especially when it comes to our digital presence. Of course, the open and friendly nature of the fine folks behind the firewalls helps define us as a culture and a nation, but the truth is, our shops, offices and industries face the same risks as even the most hard-hearted, cynical and mistrustful around the globe. Nice as we may be, we can no longer ignore the threats that loom large and threaten our privacy and security with every keystroke and finger swipe. I'm not saying this just to rattle cages or ramp up the fear factor - this is a reality.

 

Datto, a world leader in Backup and Disaster Recovery and Business Continuity technology has released its latest report on the state of Ransomware in the Canadian computer market. While this document is primarily targeted at service providers, it offers considerable insight into what's really going on and how this and related threats are impacting our livelihood and infrastructure. And they present it in the nicest way. We Canadians rub off on others, and that's a good thing. :0)

 

You can download the report here


view all comments (46) add a comment
Subscribe to this Blog Like on Facebook Tweet this! Share on LinkedIn
Cybersecurity Malware Business Continuity

You can hide but you can't run

 

In a pilot program to monitor obesity in soldiers, the US military issued fitness tracking smartwatches to some 2500 active duty personnel to help track their day-to-day exercise and activities. Last Saturday, a 20-year-old student in Australia stumbled upon what appeared to be US military operations in Somalia and Yemen while researching international security in the Middle East. It seems that the devices were plotting the soldiers' routes and activities on a "heat map" made available on a publicly accessible website. Experts say some of the information that may have been gleaned included special ops, locations of missile bases and other potentially sensitive activities.

 

All the more reason to stay on the couch.

 

Read more here.


view all comments (36) add a comment
Subscribe to this Blog Like on Facebook Tweet this! Share on LinkedIn


This message ain't from my (Pay) Pal

Thank heaven I learned to read at an early age. Typos jump out at me, especially those made by others (Note - I am still working on reducing my own.) Thankfully, the baddies haven't yet discovered grammar checkers.

 

I received this e-mail today; it looked pretty legit and I have purchased a few things using PayPal over the last couple of months. However, the clues were right there, especially if you're one for details. Can you see what I'm seeing? There are at least ten errors in just this snippet (It goes on.)

 

If only they were all so obvious. 

 

As with all messages, if you receive something like this, read and proceed with caution.

 


view all comments (25) add a comment
Subscribe to this Blog Like on Facebook Tweet this! Share on LinkedIn


Ding, dong, Bell, they're hacking you as well.

 

 

OK, this is getting a little scary.

 

Bell Canada, one of the world leaders in communication services and technologies has announced that they have experienced yet another a data breach. While this hack apparently involves fewer than 100,000 clients, that's 100,000 more than should be.

 

Sadly, this is not the first time, but it brings new light to the importance of reporting incidents as soon as they are identified and/or confirmed. New federal regulations regarding detection, reporting and remediation are soon to be implemented as part of the government's cybersecurity strategy for both the public and private sectors as well as international dealings.

 

In the meantime, we as individuals and business owners need to be not only cognizant but prepared for these eventualities.

 

Let's talk.

 

Read more here.


view all comments (26) add a comment
Subscribe to this Blog Like on Facebook Tweet this! Share on LinkedIn


Commuter hackers target Ontario transportation firm

Image courtesy of Metrolinx 2015-16 Annual Report

 

Computers at Metrolinx, the Ontario government agency responsible for GTA/Hamilton and Ottawa area public transportation services were said to be targeted by North Korean hackers in mid-January 2018. At the time of writing, details are still coming in, but a statement from Metrolinx assures that both the systems that manage rail and bus services and servers storing personal information are safe and secure. 

 

The question this begs is, "Why?"

 

Are they (North Korea) looking for new ideas on how to (or how not to) manage their public transportation? Could it be a group of bored but talented teenagers pulling a prank? Odds are it is organized crime looking to add to the ever-increasing pool of available identity-related data for far more nefarious purposes. Reports say that hacking brings in a billion dollars to NK coffers each year. No word as to whether that money goes directly to their illustrious leader or is divvied up to give their commuters a break. One can only speculate.

 

Why is this particular situation so important? Well, this kind of attack is not random, it is targeted. Consider that over 35,000 people use GO trains and buses every day, travelling to and fro for work and pleasure, and over two million Presto cards are in use. That's a lot of names, addresses, and credit/debit cards, but what about simple details like demographics and travel patterns? This kind of information also feeds into plans for disruption and chaos, not just financial gain. I'm sure the terrorists responsible for attacks on commuter trains in other parts of the world did background research beforehand to determine where and when to strike with maximum effectiveness.

 

The point is, every network, every computer and every Internet-connected device everywhere is potentially vulnerable to attacks of one kind or another. In this case, the folks at Metrolinx responsible for cybersecurity were on the ball, prepared and ready for action (GO team!) How well do you know your network?

 

After all, you have a responsibility to protect yourself, your business, your employees, your data.

 

Let's talk.

 

Read more here.


view all comments (20) add a comment
Subscribe to this Blog Like on Facebook Tweet this! Share on LinkedIn


I'll huff, and I'll puff, and I'll shut your network down

 

Many areas of the world, including ours, have experienced extreme weather events in recent years. Natural and man-made disasters like floods, fires and earthquakes have had their way, destroying everything from beachfront property to cities and even entire countries. These threats are expanding in frequency and scope, even showing up in unexpected places, wreaking untold havoc upon the unprepared.

 

Now there is a new set of threats that are approaching in potential severity and impact.

 

According to the World Economic Forum, cyber attacks are among the most serious risks facing the world as we know it today. The ability to attack not only individuals and businesses but also government and infrastructure like power, gas and water puts these threats into the same category as hurricanes and forest fires.

 

We not only need to be aware of the immediate effects us as computer users and as business owners, we must understand how small weaknesses in our systems can play a serious role in much larger scenarios. No one wants to be hacked, but we must also be vigilant to ensure we're not leaving a door to our clients or suppliers unlocked, allowing troublemakers entrance to do their dirty deeds on a grander scale.

 

The big, bad wolf has a new kind of wind machine; bricks and mortar might not be enough to hold up this time. It's time to review, test and reinforce your defences.

 

Let's talk.

 

Read more here.

 

 

 


view all comments (37) add a comment
Subscribe to this Blog Like on Facebook Tweet this! Share on LinkedIn
Business Continuity Infrastructure IoT (Internet of Things) Cyberwar

CES 2018: Tons of Cool Stuff for the Nerd in Your Life...

 

While the way to a man's heart may be through his stomach, the way to a nerd's heart is showcased in vivid technocolour every year at the Consumer Electronics Show in Las Vegas!  This year's CES was no different, and you can see some of the very best highlights of the show here.  Hug your techie today...


add a comment
Subscribe to this Blog Like on Facebook Tweet this! Share on LinkedIn
Hardware Software

New Ransomware Coming: This One Can Even Encrypt Cloud-based Email

 

There is a new kind of very scary ransomware expected soon, which can do something that has not been done before, and the majority of folks who use cloud-based email services such as Office 365 do not have appropriate protections in place to recover from something like this.

 

Have a look at this video to see it in action, and ask for help to protect yourself today!

 

 

 

 


add a comment
Subscribe to this Blog Like on Facebook Tweet this! Share on LinkedIn
Cybersecurity Malware Business Continuity

Network Device Patching: Slow yer Roll

 

 

While patching related to the recent CPU vulnerabilities is critical, doing so on network devices is significantly lower in priority than with operating systems and computer CPUs themselves.  Have a look at the article here for more information, and think about how you can prioritize patching your network systems.

 

 

 


add a comment
Subscribe to this Blog Like on Facebook Tweet this! Share on LinkedIn
Hardware Cybersecurity Microsoft AMD Intel