At a glance.
- Research shows massive drop in people compromised in personal data breaches.
- Catalan presidents among victims targeted by Pegasus spyware.
- New intel on Rideau Hall data breach.
Research shows massive drop in people compromised in personal data breaches.
VPN provider Surfshark has released a report on personal data breaches, and the results show that the total number of individuals impacted by personal breaches globally decreased by a whopping 95% compared to last year, likely the result of government and industry’s increased investment in cybersecurity. Rajesh Muru, principal analyst in cybersecurity at GlobalData told Tech Monitor, “Counter attacks by UK and Western outfits are a key focus and resource on stepping up cybersecurity across Ukraine and US…Companies like Microsoft blocking or taking down source domains of known state-backed hacking outfits would play a role.” On the flipside, the number of Russians affected by personal breaches actually increased by 11%, likely due to hackers targeting the country in retaliation for the war in Ukraine. Cato networks senior director of security strategy Etay Maor explained, “With different groups, such as Anonymous and ransomware groups, individuals and government entities all taking aim at Russian organisations, it is not surprising to see these numbers go up."
Catalan presidents among victims targeted by Pegasus spyware.
Citizen Lab reports that at least sixty-three individuals were targeted with NSO Group’s infamous Pegasus spyware, and another four with Candiru. The investigation, conducted in collaboration with Catalan civil society groups, revealed that the victims included members of the European Parliament, every Catalan president elected since 2010, other legislators, jurists, and members of civil society organizations, as well as their family members. Though the perpetrators have not been officially identified, evidence indicates Spanish authorities could be behind the operation. The hackers likely exploited a previously-undisclosed iOS zero-click vulnerability called HOMAGE, effective against some versions of Pegasus prior to 13.2.
New intel on Rideau Hall data breach.
The internal computer network of Canada’s Rideau Hall suffered a cyberattack late last year, and newly released internal government emails reveal that the breach was described as a “sophisticated cyber incident” and that officials were “unable to confirm the full extent of the information that was accessed.” A draft message shared with Rideau Hall employees in November, two weeks before the public was informed of the incident, urged them to assess what information possessed by their respective units could have been potentially exposed. Communications Security Establishment (CSE) spokesman Evan Koronewski said the CSE was not at liberty to divulge further details. “What I can tell you is we continue to work diligently with (the Office of the Secretary to the Governor General) to ensure they have robust systems and tools in place to monitor, detect and investigate any potential new threats,” Koronewski stated, adding that CSE, in collaboration with Shared Services Canada, is providing cyberdefensive services to the Office of the Secretary. Former interim privacy commissioner of Canada Chantal Bernier told Global News that the incident highlights the need for a broadening of the privacy commissioner’s powers. “The magnitude of breaches and consequences is such that we need to have a regulator that is strong enough to hold all organizations that hold our data accountable,” Bernier explained.