Top Cyber News of 2016
December 5, 2016
Ever more Canadians turned to the Internet in 2016 for information, news, entertainment, to shop, and to socialize. With this growing interconnectedness between Canadians and the rest of the world, there could be no doubt that complications and security incidents would arise. Here is a countdown of some of the top cyber security newsmakers of the past year:
10. Cyber Security Consultation
We at Public Safety Canada couldn't possibly forget to mention our Cyber Security consultation, in which Canadians were invited to voice their opinions on how to identify gaps and opportunities, bring forward new ideas to shape Canada's renewed approach to cyber security, and capitalize on the advantages of new technology and the digital economy. Canadians were particularly inclined to submit recommendations on how to address cybercrime, what policing in cyberspace should look like, and how to protect against advanced cyber threats.
- For a complete look at the content from this consultation, please visit the workbook: Security and Prosperity in the Digital Age.
9. Pokémon Go
It was hard to miss the crowds of people gathering in parks, hanging out near landmarks, and occasionally stopping mid-stride on the sidewalk in front of you, all in the name of trying to “catch ‘em all!” While the hype around Pokémon Go has tapered down to a smaller number of die-hard trainers, it can only be considered the first major taste of augmented reality gaming, which will likely become a mainstay of mobile gaming in the future. Concerns around privacy of personal information upon signing up for the game was one of the first issues raised; concern about privacy of individuals' property became another. As official launch of the game in Canada was somewhat delayed compared to other parts of the world, gamers who chose to download modified or unofficial versions of the game made themselves vulnerable to malware.
- Only download games from reputable sites, such as the Apple store or Google Play
- Verify security settings on the game and ensure personal information is not accessible publicly
- Always be aware of what information apps gain access to; read the fine print
- Do not play games while operating heavy machinery, such as while driving
- Respect private property, and be sensitive to public monuments' real purpose
- When playing games outdoors, be aware of your surroundings, consider wearing easily visible clothing, and play with a friend – that's the best part!
8. Flammable cellphones
Smartphones have developed a permanent place in our lives. Some people have even chosen not to have a desktop or laptop computer, so powerful have these little handheld devices become. Unfortunately, some have been developed with flaws, and there were several incidents in 2016 of phones catching fire when the liquid electrolyte inside the lithium ion battery pack became superheated during charging. The risk was not only to phones, but potentially to any surface the phone was touching as well. This year's particular model of flammable phone was recalled, but there could always be risks when any cell phone is damaged.
- Research your options before purchasing a phone, especially if it's used
- Be aware of any recalls on products; check Health Canada's advisories and warnings database to stay up-to-date on the latest recalls, and act quickly if you own a recalled product
- Be extra careful with damaged phones; the damage may go deeper than just the surface
- Regularly back your files up with an external storage drive
7. Fraudulent phone calls/emails
Canadian residents have been receiving phone calls and emails from people saying they're calling from Canada Revenue Agency or Refugees, Immigration and Citizenship Canada. The scam artists say their victims have not paid their taxes or have an outstanding fine and threaten to involve the RCMP/have them deported if they are not paid. Some even say they'll accept payment in iTunes cards. Another version of this scam has a fraudster saying they are calling or emailing from a well-known business' technical support department with false claims about your computer or browsing habits and offers to fix the problem for a fee. They may ask for remote access to your computer, and then can install malware, create backdoor access, or obtain financial or other sensitive information
- Hang up; if you are genuinely in doubt, look up the contact information of the government agency or the company the call was supposedly from (don't use a phone number the suspected fraudster gave you!) and call to check if someone from there really did call you
- Don't pay them (remember: a government agency would never, ever ask for payment in iTunes cards!)
- Don't give them remote access
- Report the incident to local police and the Canadian Anti-Fraud Centre at 1-888-495-8501.
6. Paying by smartphone
Have you ever forgotten your wallet at home, maybe when switching purses or jackets? Are you looking for a solution to your back pocket bulging with ID, credit and debit cards, and more loyalty and reward cards than you know what to do with? You may choose to go minimalist and pay using your phone. Today there are apps that will pay for your coffee, your groceries, even your night out, and can allow you to do all that so much faster than counting out change or finding the right card.
- Make sure the app you're using to pay is reliable and secure, and will protect your banking or credit information
- Be careful not to leave your phone unattended or unlocked, and use a strong password to lock it; some phones are equipped with biometric unlock features, such as fingerprint recognition
- Some Wi-Fi connections may not be secure from hackers; when in doubt, use your mobile data network
- Double check your bank statements or loyalty account balances regularly to ensure there are no surprises
5. Prevalence of ransomware
Ransomware is a type of malware that restricts access to your computer or your files and displays a message that demands payment in order for the restriction to be removed. The two most common means of infection appear to be phishing emails that contain malicious attachments, and website pop-up advertisements, sometimes purporting to be from a government agency or well-known IT company. Files are commonly either locked down or encrypted. In 2015, Canadians were affected by 1,600 ransomware attacks a day, and as of September 2016, the Canadian Cyber Incident Response Centre's investigations into ransomware were up nearly double over last year's figures. A particularly destructive version that has been active in 2016 is Locky, which has targeted healthcare facilities in Canada as well as the United States, New Zealand and Germany.
- Do not pay the ransom; payment offers no guarantee you will regain access to your system, and may motivate cybercriminals to keep up the bad work
- Be wary of free downloads that just pop up; they may install harmful programs without you knowing
- Regularly back your files up with a removable external storage drive
- Contact a reputable technician or specialist to try to retrieve your data
- Keep operating systems and anti-virus programs up-to-date
- Report the incident to local police and the Canadian Anti-Fraud Centre at 1-888-495-8501
4. Data breaches
Earlier this year at the SecTor security conference, a security consultant revealed that 70,000 Canadian credit card numbers had suddenly popped up for sale on the dark web. This is only one of many stories of Canadians' personal information falling victim to hackers through data breaches. Small businesses and large corporations have been breached, including IT companies, casinos, adult sites, social media accounts, and even government agencies.
- Individuals should consider avoiding allowing retail websites to remember their credit card information, and should change their passwords regularly
- Businesses ought to ensure they have strong firewalls, anti-malware/anti-virus protection
- Businesses can enforce a cyber safety policy among their employees, giving them advice on updating their passwords, protecting their devices, backing up sensitive business information on removable external storage devices, and keeping them up-to-date on current online threats
Cyberbullying has been big news the world over and 2016 was particularly bad, as bullies of all ages and walks of life took to social media to demonstrate how tough they were…behind a keyboard. Online, no one knows who you really are, and people develop social media personas that are sometimes radically different than how they act and appear in public. Enacting laws to fight cyberbullying has been a real challenge in Canada, with one law in Nova Scotia being struck down for infringing on the Canadian Charter of Rights and Freedoms.
However, the major social media networks have understood their role in protecting their users from abuse, while continuing to defend freedom of expression. Facebook has allowed concerned third parties to report posts that seem like distress signals. The person in distress would then receive a message offering suggestions on resources, self-help tips and reminders of friends who could help. Twitter allows users to mute, block or report other users in case of abuse, and celebrated the first anniversary of its #PositionOfStrength initiative that offers different resources to equip and empower women with tools and strategies to safely deal with negative interactions. And Instagram has added new features that allows high volume accounts to moderate comments, and any user to disable comments on a picture-by-picture basis.
- Do not respond to cyberbullying; arguing usually only fans the flames
- Keep a record of cyberbullying posts
- Block the cyberbully
- Contact law enforcement in case of threats of physical harm or violence, sharing of sexually explicit photos of minors, stalking, or hacking of a social media account or creation of a fraudulent account under the intended victim's name
- More information on cyberbullying
2. Internet of Things/Mirai
People are more connected than ever before, in ways straight out of science fiction. You can keep track of your steps and compete with friends using fitness trackers, keep an eye on your home while you're at work, change your home's temperature right before you return in the evening, schedule your DVR to record your favourite show, and check to see if your baby is just shifting in her sleep without risking waking her, all from the comfort of your smartphone. After setup, devices are designed to automatically send and receive information over the Internet on a constant basis. These devices are potentially insecure and can be used in a cyberattack. In October, hackers used a piece of malware called “Mirai” to turn hundreds of thousands of smart devices into a botnet (an army of infected computer devices that are remotely controlled by the originator) in order to flood Internet infrastructure company Dyn Co. with data, knocking it offline, and causing Twitter, PayPal, Reddit and Spotify to go down temporarily.
- Use strong passwords for your Wi-Fi network and smart device apps
- Install a firewall and configure it to restrict your computer's incoming and outgoing traffic
- Avoid opening email attachments, especially from people you don't know, and apply email filters
- Contact your Internet Service Provider if you believe you're a victim of a Distributed denial-of-service (DDoS) attack
1. Jobs, jobs, jobs!
And for all the above reasons, the field of cybersecurity is a great place for technophiles who enjoy solving problems creatively. It's an ever-growing field of study, and cybersecurity experts are in high demand. The Communications Security Establishment and the Canadian Cyber Incident Response Centre both had recruitment drives in 2016, and the Canadian Forces are working on creating a new cyberdefence field over the next year and will want to fill that field with knowledgeable recruits.
- Check www.jobs.gc.ca for government employment in the field of cybersecurity and watch out for career fairs in the field of security and defence
- Stay up to date on the latest software trends and threats
For more information, visit GetCyberSafe.ca
There are no comments at this time
- Date modified: