November 2023 Security Update: LockBit claims responsibility for Canadian Government Employee Data Breach

LockBit claims responsibility for Canadian Government Employee Data Breach, while organizations fight back against other types of attacks with stronger security and greater transparency.

LockBit May Have Put Canadian Government Employee Data at Risk

The Treasury Board of Canada Secretariat announced on November 17 that the BGRS and SIRVA Canada systems were breached in October, which may have made 24 years’ worth of data of employees who relocated vulnerable. Employees that the breach may have impacted include Government of Canada employees, the Canadian Armed Forces, and the Royal Canadian Mounted Police.

Bleeping Computer reports that the LockBit ransomware group claimed responsibility for the SIRVA system and leaked 1.5 TB of stolen documents they claim to have come from that system.

Action Items:

The November 17 statement urges people potentially impacted by the breach to:

  • Update login credentials if they are similar to those used with BGRS and SIRVA Canada.
  • Turn on multi-factor authentication (MFA) for online accounts and applications.
  • Monitor financial and personal accounts for suspicious activity, and contact local police and the Canadian Anti-Fraud Centre (CAFC) online or by phone at 1-888-495-8501.

New Detection Rule for Barracuda Email Security Gateway Vulnerability

In May, Barracuda announced CVE-2023-2868 in its Email Security Gateway appliance. Proofpoint’s Emerging Threats team released a Suricata detection rule (SID 2046280); however, Vectra AI discovered in a discussion with a client that the rule was not performing as intended.

Vectra AI investigated the problem and found the rule didn’t alert on a specific proof-of-concept exploit and identified the detection gap. It submitted findings to Proofpoint’s Emerging Threats team, which released a new M2 detection rule.

Action Items:

Vectra suggests the following:

  • Don’t rely only on fixed rules and standards; it’s an inadequate strategy in an evolving cybersecurity environment.
  • Take a more proactive approach with more sophisticated detection and defense mechanisms.
  • Implement a layered approach to security, including the Zero Trust Model.

SEG Security May Not Be Enough to Ensure Email Security

Trustifi released a study revealing that 62 percent of email inboxes still sustained attacks when using secure email gateway (SEG) security. Additionally, Trustifi analyzed data from 1.3 million emails that passed through its ThreatScan email network scanning tool. Of the emails examined, 15 percent still contained malicious content after they passed through the company’s security filters. The study also found that once an email inbox was targeted, it was more likely to receive more malicious emails; 81 percent of the mailboxes that were attacked received up to 40 threats in the following two weeks.

Action Items:

To reduce security risks from email:

  • Expand email security beyond blacklisting malicious IP addresses.
  • Implement solutions that protect against phishing and other forms of social engineering.
  • Consider implementing advanced solutions leveraging artificial intelligence (AI) to identify threats and quarantine content.
  • Download the report for more information.

Prepackaged Malware Kits Are Helping Evade Detection

HP Wolf Security’s Q3 2023 Threat Intelligence Report details how cybercriminals are using prepackaged malware kits to launch attacks that can evade detection. For example, a Wjw0rm campaign, using a 10-year-old Houdini worm, can carry out multi-stage attacks from a single JavaScript file while remaining hidden.

The report also includes information on an increase in the abuse of Excel add-in (XLL) files and attackers hosting fake remote access trojans (RATs) on GitHub in an effort to trick inexperienced cybercriminals into infecting their own PCs.

Action Items:

The report recommends that HP customers:

  • Enable threat intelligence services.
  • Keep systems and endpoints updated.
  • Download the report for more information.

NSA, CISA, and ODNI Release Securing the Software Supply Chain Report

The National Security Agency (NSA), Cybersecurity and Infrastructure Agency (CISA), and the Office of the Director of National Intelligence (ODNI) have released a technical report: Security the Software Supply Chain; Recommended Practices for Software Bill of Materials Consumption.

The report provides guidance to software developers and other stakeholders on how to enhance security through contractual agreements, software releases and updates, notifications, and vulnerability mitigation. The report details SBOM consumption and risk scoring with the goal of greater transparency.

Jamie Scott, CISSP, CCSP, founding product manager at Endor Labs and volunteer consultant for the Center for Internet Security, comments, “This document is the first to put into writing fundamental practices that leaders in industry may have assumed, but few have said out loud. The idea that asset inventories for suppliers and applications should track SBOMs and that you should know where your applications are based on the SBOM are foundational controls that have not been discussed broadly in industry to date.”

“The proposal for an industry risk scoring system is a big leap forward, but is far ahead of the industry. We need to begin building bridges to get there, but it is a directionally ambitious goal,” Scott says.

Action Items:

Varun Badhwar, CEO and co-founder of Endor Labs, lists some key considerations for organizations so they can get the most value from SBOMS:

  • Determine how to send, receive, and store SBOMs; it’s necessary to track and ingest them and analyze the information they contain.
  • Conduct a study to determine which vendors and partners must provide SBOMs.
  • Choose the right tool to analyze SBOM data.
  • Create policies that specify risk tolerance and how to resolve issues when they are identified.
  • Download the NSA, CISA, and ODNI report here.

For more security updates and insights, visit DevPro Journal’s Security resources page.

Jay McCall

Jay McCall is an editor and journalist with 20 years of writing experience for B2B IT solution providers. Jay is co-founder of XaaS Journal and DevPro Journal.

Jay McCall is an editor and journalist with 20 years of writing experience for B2B IT solution providers. Jay is co-founder of XaaS Journal and DevPro Journal.