Who We Are
SRG Security Resource Group Inc. is a Canadian company dedicated to providing world-class Protective Security Guard and Patrol and Cyber Security services. Founded in the spring of 1996, SRG provides solutions and services for people and organizations across Canada.
SRG Security Resource Group Inc. is a wholly owned subsidiary of SSC Security Services Corp. (TSXV: SECU) (OTCQX: SECUF).
Information Technology Office
“SRG provides subject matter expertise to the Government of Saskatchewan in a timely, proficient manner. I have enjoyed working with the SRG team and appreciate the adaptability and professionalism they exhibit when dealing with our challenging environment.”
– Crystal Zorn
Director, Information Security Branch
The Manitoba Museum
“SRG has been a reliable and preferred supplier of security services to The Manitoba Museum for a number of years.”
– David Thompson
Director of Finance and Operations
The Alberta Teachers’ Association
“The IT security improvement journey for any organization can be a large and continuous undertaking. The Alberta Teachers’ Association (ATA) chose to partner with SRG many years ago to assist us on that journey. SRG continues to add value to the ATA by providing top quality service and resources in an annual security plan. Over the years, SRG has helped us to gain support and commitment from the various stakeholders in the Association and we continue to look forward to a long relationship with SRG.”
– Dr. Terry Bruchal
Director of Information Technology
Get In Touch
300-1914 Hamilton Street
Regina, SK S4P 3N6
Cyber Security Bulletin: Phishing Attack Campaigns Target MS Teams Users
A new attack vector has been identified specific to those organizations that use Microsoft Teams for collaboration with internal teams as well as with your customers. The phishing campaign pretends to be an automated message from Microsoft Teams. In reality, the attack aims to steal Office 365 recipients’ login credentials.
Teams is Microsoft’s popular collaboration tool, which has particularly risen in popularity among remote workforces during the pandemic. This particular campaign was sent to between 15,000 to 50,000 Office 365 users with suspicion that additional campaigns will be forthcoming. Because Microsoft Teams is an instant-messaging service, recipients of this notification might be more apt to click on it so that they can respond quickly to whatever message they think they may have missed based on the notification.
The initial phishing email displays the name “There’s new activity in Teams,” making it appear like an automated notification from Microsoft Teams. Within the body of the email, there are three links appearing as ‘Microsoft Teams’, ‘(contact) sent a message in instant messenger’, and ‘Reply in Teams’,” according to researchers. Clicking on any of these leads to a fake website that impersonates the Microsoft login page. The phishing page asks the recipient to enter their email and password.
Further, the phishing landing page also looks convincingly like a Microsoft login page with the start of the URL containing “microsftteams.” If recipients are convinced to input their Microsoft credentials into the page, they are unwittingly handing them over to attackers, who can then use them for an array of malicious purposes – including account takeover. See one sample of the phishing email below.
In May, a similar convincing campaign that impersonated notifications from Microsoft Teams in order to steal the Office 365 credentials of employees circulated, with two separate attacks that targeted as many as 50,000 different Teams users.
Users are warned to be diligent in reading all invites such as described above and when in doubt, delete the email and not click on any of the display areas.
Please reach out to us with your concerns or for more information on how to protect yourself and your business.
Cyber Security Bulletin: Increased Threat from Emotet Malware Campaigns
Since July 2020 there has been an increase in malicious activity associated with Emotet malware campaigns. Emotet has been frequently observed working in tandem with Trickbot and Ryuk malware in a persistent attempt to compromise computer systems within Canada. These threats have been successfully used to attack many Canadian companies since 2019.
Emotet is an advanced botnet attached to email. Once a system is infected by Emotet, additional malware, including Trickbot and Ryuk may be implanted on the system resulting in data exfiltration or attempts to extort the victim.
Emotet malware can be spread through untargeted bulk spam emails (such as shipping notifications, or “past-due” invoices), as well as what appear to be targeted malicious emails (spear phishing). Targeted emails are particularly effective as they appear to come from a trusted source, often from someone with whom the email recipient has recently been in communication.
Furthermore, Emotet email campaigns have been observed to be leveraging both ‘thread hijacking’, a technique where malicious emails are inserted into existing email threads, and using password-protected zip files to avoid detection by network defenses. These techniques result in convincing messages that an unaware recipient may believe to be trustworthy and encouraged to download malware by opening an attachment (a macro-enabled Microsoft Word document or PDF) or clicking a malicious link.
Please reach out to us with your concerns or for more information on how to protect yourself or your business.
Cyber Security Bulletin: Due Diligence vs Bad Actors
While bad actors continue their denial-of-service for ransom activities, SRG would like to remind all clients and businesses to continue your due diligence as you work to protect your company assets:
Actors claiming to be various Advanced Persistent Threat (APT) groups have been threatening to carry out large-scale distributed denial-of-service attacks for ransom, commonly known as Ransom DoS (RDoS). Recent reported threats were against the financial sector, globally and in Canada, but other sectors are expected to be subject to the same activities. The threats are typically accompanied by short Distributed Denial of Service attacks (DDoS) that are intended to demonstrate the actor’s capability.
Details vary from case to case but the core elements are as follows:
There are reports across Canada of such activity where the subject line of the ransom email is: “DDoS Attack on <organization name>’s network”. The email specifies a date on which the organization’s network would be subjected to a DDoS attack and imply that a small-scale attack on a specific IP address range will be carried out immediately to prove the message was not a hoax. The mail demands a ransom amount, to be paid in Bitcoin, to avoid a larger and sustained attack. The ransom attack then escalates daily with non-payment.
The following denial-of-service techniques have been reported:
Recommended Protection Activities are as follows:
Reach out to us with your concerns or for more information on how to protect yourself or your business.
Cyber Security Bulletin: Working from home during the COVID-19 Pandemic
During the COVID-19 pandemic, there has been a significant increase in the adoption of additional network software by companies endeavoring to enable their employees to work from home.
This has turned the attention of the “bad actors” looking to exploit potential vulnerabilities in these work-from-home technologies. As always, their intent is to disrupt business or to compromise computer systems.
In addition to the vulnerabilities that may exist in the software being used, some companies are implementing these collaboration systems in a less secure manner for ease and convenience of the home worker, further exposing themselves to being exploited during online meetings and while file sharing from one home worker to another.
Here are some key mitigation strategies and guidance SRG recommends:
Keep these technologies as well as home user systems patched and updated for protection.
Coronavirus (COVID-19) Pandemic Update – SRG Remains Fully Operational
The health and safety of our employees, clients, and the general public remains SRG’s top priority during the COVID-19 pandemic.
While we continue to provide cyber and physical security services as required services during this period, we are taking all reasonable precautions to protect our employees, contractors, and the public. We are committed to ensuring security needs are met without sacrificing the health and safety standards recommended by national, provincial, and regional health authorities. Some of these standards include, but are not limited to:
SRG executives and senior management continue to monitor developments in respect to COVID-19 and are in frequent communication with our clients and our staff to ensure health and safety standards are being met during this period.
While this situation continues to evolve, we are confident in our ability to provide our clients and partners with the highest standard of security services for which we have become known.
Thank you for placing your trust in SRG Security Resource Group Inc.
I would also like to express my thanks to our extraordinary SRG team of security guards, cyber security analysts, and office workers, who have continued their responsibilities without fail during these trying times.
President & COO