Weekly Web Security Warning – the beginnings of a national strategy

The story of the week (or rather late last week) is the federal government unveiling the blueprint for its National Cyber Security Strategy.

The story of the week actually broke late last week but it is worth disrupting our normal itinerary. The federal government unveiled the blueprint for its National Cyber Security Strategy with more than $500 million in new funding. The document itself is light on specifics (it is a framework with more promised in the fall) but it essentially combines public and private projects along with education to better mitigate individual and country risk. 

We were particularly happy to see that the strategy specifically addresses the issues that small and medium-sized businesses have in protecting themselves from cyber threats. It calls on organizations like CIRA, to be part of the solution and for us that is pretty darn exciting. Especially as we continue to roll out our own Canadian cybersecurity services. How we can be involved in the future relies on a combination of product development, policy development, and collaboration with public and private sector peers.

Here are a few reasons why it is so important…

Election hacking

Much of the most interesting cybersecurity stories this week were, thankfully, not Canadian, but it is important to keep an eye on the international trends. In Mexico, a DDoS attack targeted an opposition presidential candidate’s website during a debate. Poor timing to be sure as people often visit political websites while watching debates and a non-responsive site reflects poorly on the candidate. Elections continue to be targeted by hackers and there seems to be little to stop it. It creates confusion and undermines the credibility of electoral systems in democratic countries.

Our money

We are used to hearing the Bank of Canada talk about the risk of high inflation, household debt, and interest rate changes, but now they are also concerned about cyber-attacks. While many Canadians feel that the role of the Bank of Canada is to set benchmark interest rates to help manage inflation, the question is, what tools does it have to mitigate against the long-term economic risks of a cyber-attack? As we saw with the recent data theft at BMO and Simplii, the threat is real and has the potential to dramatically impact our economy.

There are new tools every day

Notwithstanding what you think the latest diplomatic goings-on; CNN reports a new variant of malware with its origins in North Korea called “Typeframe”. This is the latest tool that can take over a machine and install malware that adds to the constant barrage of threats against data and networks around the world.

And finally, the top blocks of the week

The coast-to-coast coverage we have with D-Zone DNS Firewall provides us with some great data and oversight on the types of malware we are seeing on our network. The top ten list changes week-over week more frequently than it used to, and represents a combination of malware and phishing domains. Interestingly, this week’s nefarious domains were an even split of those using traditional ccTLDs and generics and those using new TLDs. In general, it was also a mix of randomized domains with no obvious typo-squatting or obviously misleading domains.