While bad actors continue their denial-of-service for ransom activities, SRG would like to remind all clients and businesses to continue your due diligence as you work to protect your company assets:

Actors claiming to be various Advanced Persistent Threat (APT) groups have been threatening to carry out large-scale distributed denial-of-service attacks for ransom, commonly known as Ransom DoS (RDoS). Recent reported threats were against the financial sector, globally and in Canada, but other sectors are expected to be subject to the same activities. The threats are typically accompanied by short Distributed Denial of Service attacks (DDoS) that are intended to demonstrate the actor’s capability.

Details vary from case to case but the core elements are as follows:

  • An organization is approached via e-mail by an actor identifying explicitly as a well-known APT, indicating an intent to demonstrate the capability to disrupt the organization’s infrastructure, and demanding a specific payment in Bitcoin be made. In return for payment, the actor undertakes to refrain from further activity.
  • A short time after the e-mail is sent, the targeted organization’s infrastructure is subjected to a relatively short DDoS, as threatened in the e-mail.

There are reports across Canada of such activity where the subject line of the ransom email is: “DDoS Attack on <organization name>’s network”. The email specifies a date on which the organization’s network would be subjected to a DDoS attack and imply that a small-scale attack on a specific IP address range will be carried out immediately to prove the message was not a hoax. The mail demands a ransom amount, to be paid in Bitcoin, to avoid a larger and sustained attack. The ransom attack then escalates daily with non-payment.

The following denial-of-service techniques have been reported:

  • UDP flooding;
  • DNS amplification;
  • NTP amplification;
  • CLDAP amplification;
  • IP Fragmentation; and possibly others.

Recommended Protection Activities are as follows:

  • Work with your cloud and Internet service providers to implement service-level agreements that include DoS defence provisions. Your service providers may use multiple tools and techniques to help your organization protect itself against DoS attacks.
  • Ensure your system administrators are familiar with DoS protection services. Familiarity with these services can help them effectively rate limit or whitelist.
  • Monitor network and systems. Configure monitoring tools to alert you when there is an increase in traffic (outside of your baseline) or any suspicious traffic overloading a site.
  • Install and configure firewalls and intrusion prevention systems. You can use these tools to monitor traffic and block known-malicious and illegitimate traffic.
  • Update and patch operating systems and applications. Update and patch systems and applications, including your firewalls, to ensure that security issues are addressed and prevent threat actors from taking advantage of vulnerabilities.
  • Defend your network perimeter. To protect your network, use a layered approach to security by implementing multiple controls and techniques.
  • Plan for an attack. Have a recovery plan that prioritizes systems and processes based on their tolerable downtime. You should also identify points of contact and an incident response team.
  • Monitor for inbound e-mails to publicly available addresses where addressing and subject line is similar to that provided above.

Reach out to us with your concerns or for more information on how to protect yourself or your business.

During the COVID-19 pandemic, there has been a significant increase in the adoption of additional network software by companies endeavoring to enable their employees to work from home.

This has turned the attention of the “bad actors” looking to exploit potential vulnerabilities in these work-from-home technologies. As always, their intent is to disrupt business or to compromise computer systems.

In addition to the vulnerabilities that may exist in the software being used, some companies are implementing these collaboration systems in a less secure manner for ease and convenience of the home worker, further exposing themselves to being exploited during online meetings and while file sharing from one home worker to another.

Here are some key mitigation strategies and guidance SRG recommends:

  • As overall guidance, treat home workers as if they are still in the office in terms of security, policies and practices. Specifically follow your corporate rules and expectations of sharing information no matter what the data classification is.
  • Use existing corporate solutions whenever possible. These are tried and known to your IT group.
  • If you need to adopt other technologies for home collaboration, choose those that comply with your needs to control your data (some products may be routing your data or storing your data outside of Canada).
  • Choose network collaboration products with appropriate security features. Factors to consider are level of encryption, password requirements and methods of authentication.

Keep these technologies as well as home user systems patched and updated for protection.

The health and safety of our employees, clients, and the general public remains SRG’s top priority during the COVID-19 pandemic.

While we continue to provide cyber and physical security services as required services during this period, we are taking all reasonable precautions to protect our employees, contractors, and the public. We are committed to ensuring security needs are met without sacrificing the health and safety standards recommended by national, provincial, and regional health authorities. Some of these standards include, but are not limited to:

  • Stay home if sick policy for all SRG employees and contractors
  • Working from home where possible
  • Avoiding all unnecessary physical contact (i.e. modified greeting practices, maintaining distance) – practicing Social Distancing
  • Practicing frequent and correct hand hygiene and coughing and sneezing etiquette
  • Wearing of protective gloves in situations where interactions with public may be required

SRG executives and senior management continue to monitor developments in respect to COVID-19 and are in frequent communication with our clients and our staff to ensure health and safety standards are being met during this period.

While this situation continues to evolve, we are confident in our ability to provide our clients and partners with the highest standard of security services for which we have become known.

Thank you for placing your trust in SRG Security Resource Group Inc.

I would also like to express my thanks to our extraordinary SRG team of security guards, cyber security analysts, and office workers, who have continued their responsibilities without fail during these trying times.

Blair Ross

President & COO

The industry is seeing heightened activity pertaining to COVID-19 themed malware that is proliferating on the internet. Counterfeit websites and email phishing campaigns are leveraging public fear of and interest in the COVID-19 pandemic to spread malware that can infect corporate and personal systems.

 

As staff use the internet to search out status and information on the COVID-19 world situation, they may be redirected to sites that can cause a malware infection. Further, phishing campaigns and email attachments that may look like a legitimate correspondence from executives regarding the COVID-19 situation should be scrutinized.

 

We encourage companies to make their people aware of this situation and be wary of any email attachments, suspicious website redirections and unauthorized email in general.

John Cozman, Regional Manager, Saskatchewan for Security Resource Group and a legend of the Canadian wrestling world, passed away on November 28th at the age of 52 after a battle with cancer.

“I learned a lot from John over the many years we knew each other. Not only in-ring lessons, but how to carry yourself in the locker room. It’s been said over and over again, John was one of the few true gentlemen in an industry full of hustlers and carnies.”

– Mike Roberts
Owner of High Impact Wrestling, Regina

He is survived by his children Nathan (Tasha), Chris (Lakin) and Cassandra and their mother Shelley Cozman; brother Jim (Tracey); sisters Merle (Bruce) and Lynda Nelson. John is also survived by his best friend Joan Kotyk and their princess Sophie.

SRG is pleased to announce the acquisition of Investigation Services Ltd (ISL) of Cambridge Ontario. Most of their operations are in Western Canada which makes this an ideal fit for SRG. ISL is a great company that specializes in the provision of security to large distribution centres that service the food industry. ISL also specializes in Private Investigation services thus providing SRG with additional resources to continue to offer our existing clients a high quality security service.