Sophos opens a Canadian data centre, people still fall for tech support scams and Amazon cuts off a controversial spyware company.
Welcome to Cyber Security Today. It’s Friday July 23rd, I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.
Sophos, which makes endpoint and firewall products, has opened a Canadian data centre. Located in Montreal, it supports the company’s cloud-based platform for managing Sophos’ enterprise endpoints, XDR servers, full disk encryption service and its managed threat response service. This is partly to meet the needs of organizations that need their data stored in this country to meet regulatory requirements. There are other data centres in the U.S., Germany and Ireland. Coming soon are data centres in Australia and Japan.
Tech support scams are still popular. These are scams where a crook emails or phones a victim claiming to be from a company that has discovered a problem with their computer. Unfortunately, despite warnings from experts, a lot of people still fall for them. Microsoft this week released the results of a global survey, with some Canadian numbers. Sixty-five per cent of those surveyed in this country said they had been exposed to a text support scam in the last 12 months. That was slightly down from 2018. However, 16 per cent continued with the scam, thinking it was real. That’s about the same as in 2018. And of those 16 per cent, six per cent lost money to the scammers buying useless repair services or software. That’s three per cent more than in 2018. Another five per cent spent money and/or time independently checking whether there was really a problem. Rule number one: No company calls people to say they’ve somehow detected a problem with their computer.
Amazon Web Services has cut off the access of an Israeli company called NSO Group that sells an application to governments and law enforcement agencies for hacking smartphones and using them for surveillance. This denial of access comes after the publication by Amnesty International and a number of media outlets that alleged the application, called Pegasus, is being used by some governments to target 80 reporters. There are also suspicions politicians and human rights activists were targeted. The revelation comes after a forensic analysis of some victims’ phones. Complaints against NSO Group have been going on for years. The company says it has no control over how customers uses Pegasus. What is troubling is Pegasus can be installed with out a victim clicking on a file or link. Amnesty International is calling on NSO Group to immediately stop selling its equipment to countries that put human rights defenders and journalists under unlawful surveillance.
For sophisticated users there’s a tool here for checking if your mobile device has been infected.
There’s more evidence to support the sense that ransomware attacks are getting worse. An analysis by researchers at a firm called Digital Shadows shows that in the second quarter of this year 740 different organizations were listed on several active criminal data leak sites. That’s an almost 50 per cent increase over the first quarter. And remember, those are just ransomware victims who suffered stolen data. Many attacks, like the attacks earlier this month through the Kaseya VSA on-premise software, are just straight ransomware.
Finally, next Wednesday, July 28th, IT World Canada will hold its second annual Top Women in Cybersecurity event. The names of 20 women from more than 150 nominees will be revealed during the online event. Their stories will be told in a series of videos. The event will also feature a briefing on the latest changes to the threat landscape and a panel discussion on how women can have a career in cybersecurity. To register click here.
Remember later today the Week In Review podcast will be out. I’ll be talking to Canadian privacy consultant Cat Coode about the fate of Canada’s proposed update to our federal privacy law.
Links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.