Bryson Blog

Phishing in COVID-19 waters

The COVID-19 outbreak continues to disrupt our lives. There are many experiencing a heightened sense of concern for their personal safety and the safety of their loved ones.

Unfortunately, people hungry for information are also perfect targets for phishing scams. One of the most frequent is the fake World Health Organization email that prompts readers to download a Safety Measures report.

CEO of Darn IT Group, Darnley Greson, joined us us to discuss the rise in phishing attacks and provides tactics individuals and companies can follow to help reduce the risk of being caught.

Does NAL Insurance protect truck drivers if they get COVID-19 while in the USA?

Many transportation driving professionals are putting themselves at an added risk right now every time they leave isolation and get behind the wheel of their their truck. A big concern many drivers have is knowing whether or not they have medical coverage while driving in the USA if they started to show symptoms of COVID-19. In short, the answer is yes but we thought it better to hear direct from one of the benefit providers we recommend commonly to our fleets and owner-operators.

Glenn Caldwell is from NAL Insurance. He joined us to answer: "Does the NAL Insurance benefit product protect drivers if they start to show signs of COVID-19 symptoms while on duty in the USA?"

Peace of mind is important. If you have benefits through NAL Insurance for your drivers please share this video with them.

Ontario Trucking Association COVID-19 update for Truck Drivers

Marco Beghetti, Vice President of Communications for both the Ontario Trucking Association and the Canadian Trucking Alliance, joined us to provide an update on what life is like for truck drivers right now, some initiatives the Provincial and Federal government are rolling out to help truckers, and gives insight into what the person at home can do to show their gratitude.

Happy to see companies like McDonald's adjusting to this norm but updating their mobile app so truckers are able to order (they are not able to fit in the drive-thru).

COVID-19 & HR requirements for layoffs

HR professional, Corette Miller of newINITIATIVES HR., joined us to tackle a difficult and emotional conversation many HR professionals and business leaders are having today because of the impact of COVID-19. How do employers manage layoffs and benefit programs as a result of COVID-19?

Questions answered include:

  • Can an employee be temporary laid off due to shortage of work during the COVID-19 crisis?
  • Does an employer have to provide written notice with a recall date?
  • What is the importance of a Record of Employment?
  • How does it impact company benefits?
  • Can a layoff be considered a termination?

Have HR related questions you would like us to answer? Email them to kpaterson@brysoninsurance.ca

COVID-19 Financial Softening Options for Businesses

Accountant and tax planning specialist, Chris Makris, joined me to discuss some of the tax and cashflow related opportunities the Government of Canada has made available in response to the economic impact of COVID-19 for businesses in Ontario.

In this video we cover:

  • Business Loan Deferral
  • Temporary Wage Subsidy
  • Deferral of Corporate Income Tax Payments
  • Business Development Bank of Canada's Business Loan Program

 

BDC Webinar - How to cope with the impacts of COVID-19 on your business

With the COVID-19 situation constantly evolving, you need to be prepared for any disruptions.

As part of ongoing support measures BDC Chief Economist Pierre Cléroux shares economic perspectives and advice on how to manage your business through the COVID-19 crisis. This webinar is valuable to business leaders across Ontario and Canada.

Pierre reviews potential outcomes from an economic perspective and reviews some of the programs brought forward at a federal level.

To learn how BDC can support through this challenge visit their support page here.

You can also reach out to Senior Account Manager, Keith Cowley, at the local BDC branch by emailing keithb.cowley@bdc.ca.

 

HR Employee Human Rights & COVID-19

These are turbulent times for everyone. Within organizations HR departments are having to digest many updates (sometimes conflicting) on various HR related topics. We hope to help HR leaders by bringing a sense of clarity on pressing COVID-19 related HR issues.

Corette Miller of new initiatives HR joined me to answer HR related Human Rights questions including:

- Employer rights on employees disclosing if they have COVID-19.
- Employer rights on employees disclosing if they have been in close contact with someone with the virus.
- Employees right to refuse to work due to fear of contracting COVID-19.

Have HR related questions you would like us to answer? Email them to kpaterson@brysoninsurance.ca

Fun & Fascinating in Isolation

Over the past few weeks many of us have experienced drastic changes in our day-to-day work and personal lives. Whatever business and personal plans we had have halted as we focus in on a new reality. In this, though many individuals and families are now actively self-isolating we are coming together in new ways both at work and in the community. Mo Willems sums it up nice in his new self-isolation Youtube show “Lunch Doodles”… isolated but together.

While this is an extremely serious situation for everyone it is important to bring moments of lightness to our day. Here is a list of fun and fascinating things our team is finding popping up since self-isolating became a thing.

Ideas for add to our list? Email Kyle at kpaterson@brysoninsurance.ca.

We will keep updating so come back for updates.

Fun & Fascinating :

Wellness:

  • Beachbody with a 14-day trial - get us up and moving with weight-free and easy-to-difficult workouts we can do indoors
  • Slumber - stories that will help you doze right off into lala land

Connecting:

  • Netflix Party - this idea came from one of our clients. Install the Google Chrome extension, send the video link to your friends and family... and chat as you watch (need to watch using a laptop/computer)
  • Facebook Video Chat / Google Hangouts / Facetime / ZOOM with friends/family
  • Family Feud and other types of online games to play with family/friends

What is Sodinokibi Ransomware?

No company can eliminate the risk of being hacked, not even the CEO of Amazon. Do what you can to mitigate cyber risk while also ensuring your organization considers cyber risk transfer seriously too.

Here is a common statement you may hear expressed from an executive at a company actively focusing on cyber risk mitigation:

“We have a good data back-up and recovery program in place. Our employee cyber awareness training is going smoothly, no one is clicking on our faux-phishing campaigns. At the end of the day, ransomware only encrypts files locally. Even if we do fall victim we can get things back up and running quickly… we can finally take a deep breath and relax…”

News Alert: Sodinokibi ransomware sneaked through a backdoor of a third-party software stealing sensitive client data from a corporate victim. The criminal hackers are now holding the corporate victim's data hostage. The hackers are demanding a significant ransom payment. The hackers are threatening to release the sensitive data publicly stating ‘pay us because it will be 5 times worse suffering penalties enforced by the regulators’.

Sodinokiwhat?!

Welcome to the next phase of ransomware. From the linked article: "The authors behind Sodinokibi ransomware were threatening companies for the past one month to make the stolen files public if victims don’t pay the demanded ransom."

What is Sodinokibi ransomware?

It is a script that doesn’t require any human misstep to successfully breach and transfer a company’s most sensitive data. This code exploits a vulnerability with Oracle software and automatically injects itself into the terminal. Unlike traditional ransomware that only creates a local cryptolocker (local encryption of files), this ransomware sends copies of the files directly to the hackers. hack thief

This ransomware is akin to that swift museum thief that sneaks in and out of a building completely undetected with a valuable artifact in hand.

If the thief then shares photos of that artifact on public forms and further threatens to ruin the reputation of the museum, by publicly sharing details how the lack of care the museum takes in protecting their entrusted assets, then it may sound like something aligned with what these hackers are chatting about in public forms:

Ranswomare

Today an Oracle software vulnerability, tomorrow what?

Since the Oracle software vulnerability, we have already witnessed a exploit in Internet Explorer reaping havoc and the phone of Jeff Bazos, CEO of Amazon, was hacked by a Saudi Prince (for real).

Being okay with not being able to fully eliminate cyber risk at your company.

The cyber landscape is like the Wild West. We need to utilize technology to effectively operate our business, but we have no idea what is going to be hijacked next. This is not intended to scare you, it’s just the reality we live in right now.

We care about businesses staying in business because businesses are essential to building a great community and society. There is a good chance the corporate victims of the Sodinokibi ransomware will struggle to remain in business. If they do stay in business this attack has crippled their future.

We strongly encourage you to have a conversation with us. In the cyber risk conversation, we are the risk transfer specialists. Our goal is to ensure your business continues to thrive when the unexpected occurs. We naturally work with you to explore your current business practices and often highlight quick wins to enhance your risk mitigation plan as well.

It is important to have a professional cyber risk mitigation team. See if we fit on your team as your cyber risk transfer specialists.

Why should my business care about Ransomware-as-a-Service?

Ransomware is not a new threat for businesses. It is one of the most commonly talked about cyber security issues facing companies today. This comes with good reason. It is very profitable for cyber criminals and the barrier of entry is getting smaller and smaller. Because of the ability to make money fast, many online criminals have grown curious on how to get in on the action but did not know where to start.

As any entrepreneur would tell you, where there is a business problem there is a creative entrepreneur developing a solution. Enter Ransomware-as-a-Service (RaaS).

“Ransomware will continue to both dominate headlines and cause havoc in 2020. The complexity of the attacks and the packaging of Ransomware-as-a-Service will continue to increase, while organizations grapple with both prevention and implementing practices to respond appropriately. Responses by organizations will be split between those who recover from backups, and those with more limited options who opt to pay the ransom”—Danny Allan, Vice President of Product Strategy, Veeam *Source Forbes

ransomware as a serviceRansomware-as-a-Service is similar in ways to the Software-as-a-Service (SaaS) model in that users pay a subscription fee for use of the platform (think above board SaaS products like Salesforce, Dropbox, DocuSign, Zendesk, Adobe).

RaaS’s subscription-based malicious model enables rookie cybercriminals to launch ransomware attacks without the difficulty of having to know how to code. RaaS allows non-technical cybercriminals the ability to create their own ransomware with ease. RaaS users can set the ransom amount, payback terms, deadlines and other features.

Once ready, the cybercriminal can focus on having the right person in a company take the wrong action.

How does the RaaS game work?

The object of the game is to successfully launch a ransomware attack on a small-to-medium sized business, hold sensitive and critical information hostage and get paid.

The game is won when the victim pays the ransom.

Within this game we have four players.

  • Cybercriminal #1 – role is to write the ransomware code
  • Cybercriminal #2 – role is to distribute (sell/rent) the ransomware code
  • Cybercriminal #3 – role is to choose a ransomware code and launch an attack (there can be hundreds of Cybercriminal #3 players in this game for every Cybercriminal #1)
  • Company employees – role is to defend their company’s survival

Cybercriminal #1 and #2 can be the same player and for the sake of this scenario it is easier to keep them as one player now known as Chief Cybercriminal.

The Chief Cybercriminal is like a franchisor. Beyond writing and selling the ransomware code, RaaS Modelthey also provide cybercriminal #3 with technical know-how and step-by-step information on how to launch a ransomware attack. Once the attack is successful and the game is won (meaning the victim paid the ransom) the collected money is split between the Chief Cybercriminal (coder & service provider) and cybercriminal #2 (the attacker).

Like other Software-as-a-Service providers, the real difference in this game is that there can be many cybercriminal #3s utilizing the platform at the same time. This is one of the key factors leading to the continued exponential growth in ransomware attacks on small and medium sized businesses.

Now those proficient at utilizing the ransomware attack weaponry can focus on their craft of phishing and exploit kits, allowing the Chief Cybercriminals focus on their craft of coding. Specialization is another factor increasing the success rate and number of ransomware attacks.

What weapons does Cybercriminal #3 (the attacker) deploy?

The cybercriminal is a real person sitting behind an actual computer somewhere in the world. Because this person is a specialist, they have the time to study and research before deploying their attack. Consider a salesperson prospecting their future client. This individual may check out the company’s website, look at LinkedIn profiles of key employees, read articles and posts from employees and about the company… really build an understanding of who they are building a relationship with. The cybercriminal’s early approach in this game may look quite similar.

If the cybercriminal #3 deploys a highly targeted strategic approach they will most likely leverage a phishing strategy. With these attacks they will write enticing (both written and visual) emails to employees with the purpose of gaining important information to support the attack, or to have the malware activated in the employee’s computer.

If the cybercriminal #3 deploys a spray and pray approach they will invest some of their future game winnings in an exploit kit. An exploit kit is designed to automatically and silently exploit vulnerabilities on the victim’s machines while the victim is browsing the web.

The most effective cybercriminal #3s will deploy a mix of both strategies simultaneously.

The future of Ransom-as-a-Service

“In 2020, we will see, at minimum, a 300% increase in RYUK-related ransomware attacks, and most of those attacks will be focused on U.S. small businesses. Ransoms on small businesses will jump to $150,000 to $300,000 per event on the low end, causing a spike in U.S. small business bankruptcies and closures. About 2 out of every 10 small businesses attacked will have no choice but to halt operations for financial reasons. Another reason we'll see a spike in attacks on small U.S. businesses is the sheer volume of these businesses running outdated windows servers with known vulnerabilities”—Zohar Pinhasi, CEO, MonsterCloud Cyber Security *Source Forbes

This vicious model is wildly profitable for the Chief Cybercriminal, so much so that there are advertisements populating on the dark web for RaaS solutions.

Any business owner can see why this model is growing in popularity. Instead of having to be the product developer, builder and lead salesperson, this model allows for specialization and leads to economy of scales.

Each of the code writer, ransomware platform provider and attacker can focus on what they do best. And once a product is built and available on the platform, there can be hundreds of attackers utilizing the product instead of the original writer of the code.

What should businesses do?

There have been countless articles suggesting tactics and strategies to reduce the risk of cyber crime on a company’s operations. We wrote this one on protecting your company assets and this one on understanding and recognizing phishing scams. Will implementing all of this end the threat for good? No.

Here is the pain point and reality: malicious coders, some of the best in the world, are spending their time writing attack commands specifically designed to exploit vulnerabilities in the very best company IT plans.

Training staff is critical, investing intelligently in IT will drastically reduce risk… but there is almost no way to eliminate the risk without rendering your business operation ineffective (you could cease emails, digital file storage and computers/smart phones but that will probably cease your business operation too).

Cyber insurance is a risk transfer tool designed to compliment your IT strategy. It is in no way intended to replace investing in IT and security, employee awareness training or any other risk mitigation strategy.

Except for very specific circumstances, cyber insurance should be a standalone policy and it should be purchased through an insurance brokerage that specializes in cyber insurance wordings and coverage.

I invite you to have a conversation with us on cyber insurance. By knowing the price of insurance, what cyber insurance covers and how it works compared to other insurance solutions (for example, you get access to a breach coach as soon as a breach occurs) companies can make an informed decision.