Latest news with #BeauceronSecurity
Globe and Mail
23-05-2025
- Business
- Globe and Mail
Nova Scotia Power confirms server breach was ‘sophisticated' ransomware attack
Nova Scotia Power confirmed on Friday what cybersecurity experts have suspected for weeks – that it was the victim of a ransomware attack. In an update posted to its website, the private utility said that no payment was made to the person or group behind the 'sophisticated' attack. It refused to pay the ransom, it said, after 'careful assessment of applicable sanctions laws and alignment with law enforcement guidance.' The utility's investigation had found that its servers were breached on or around March 19 and the stolen customer information included credit histories, social insurance numbers, and bank account data. The company said late last month it was dealing with a cybersecurity incident it had discovered on April 25. Cybersecurity experts have said the breach has the hallmarks of a ransomware attack – in which extortionists steal a company's data and then demand a ransom to unlock the files or prevent them from being sold. David Shipley, CEO of New Brunswick-based Beauceron Security, said the nature of the information released by Nova Scotia Power on Friday was a 'positive sign' that the company was being transparent about what happened. However, he said the utility could have gone public with the information earlier than it did. 'People would not believe the army of nerds and lawyers that descend on a company when something like this happens,' he said. 'Everything goes through this process that makes a Vatican conclave look ad hoc. Every sentence is scrutinized, particularly when you are a publicly traded company, to balance what they can say versus what they could be opening themselves up for.' He said it's telling that the company didn't pay a ransom – Nova Scotia Power likely knew the group they were dealing with. 'That's a really important clue that this entity is likely one that's been well-identified and is sanctioned by the U.S. government and or the Canadian government,' he said. Had the utility paid, he suggested, the company could have left itself open to sanctions. Shipley said the information stolen in such breaches can be published on what's known as the dark web – part of the internet that can be accessed with special software – and through peer-to-peer file sharing services. He described the Nova Scotia Power breach as a 'canary in the coal mine,' signalling that other utilities and companies are vulnerable. 'If every provincial regulator does not wake up to this right now we are risking more harm to Canadians in terms of financial fraud, but we are definitely risking the stability of our power generation,' Shipley said. 'It's on the provinces to do this and I don't think there's a damn one that's doing it well.' Meanwhile, the utility said it has contacted affected customers and given them support, including a two-year subscription to a comprehensive credit monitoring service at no cost. It has also warned customers to watch out for unsolicited communications such as messages appearing to be from Nova Scotia Power asking for personal information.
Global News
13-05-2025
- Business
- Global News
Theft of NS Power customer data is likely ransomware attack: security experts
Security experts say the theft of customer data from Nova Scotia's electric utility has the hallmarks of an extortion attempt by cybercriminals. In a news release following the April 25 data breach, the utility said it notified police about the theft and confirmed that 'certain customer personal information was accessed and taken by an unauthorized third party.' Nova Scotia Power, however, refuses to say whether it was being extorted by criminals. But cybersecurity experts have little doubt about what happened. The breach at the utility 'walks, talks, barks like a ransomware attack' or other similar forms of cyber extortion, David Shipley, CEO of New Brunswick-based Beauceron Security, said in a recent interview. Ransomware extortionists use malicious software to infiltrate a system to prevent companies from accessing files and then demand a ransom — often cryptocurrency — to unlock them. Shipley said there are also instances of 'double extortion,' cases in which cybercriminals steal data and threaten to sell it unless they are paid. Story continues below advertisement Natalia Stakhanova, the Canada research chair in security and privacy at the University of Saskatchewan, said in a recent interview it appears 'a ransomware attack happened.' She said, 'these kinds of organizations have been the target of attacks for a very long period of time. Certainly, Nova Scotia Power is not the first one.' Get breaking National news For news impacting Canada and around the world, sign up for breaking news alerts delivered directly to you when they happen. Sign up for breaking National newsletter Sign Up By providing your email address, you have read and agree to Global News' Terms and Conditions and Privacy Policy Casey Spears, Nova Scotia Power's social and digital adviser, said last week the company wasn't releasing details about the breach, adding, 'we have committed to notifying customers whose data has been affected as soon as our investigation allows.' Mark Plemmons, vice-president of intelligence operation at Dragos Inc. — a global cybersecurity firm that specializes in utilities and large industrial companies — said Tuesday his firm documented 30 cases last year of ransomware attacks against electrical utilities around the world. The Dragos annual report also documented 80 ransomware groups in 2024, compared to 50 the year before. All four experts say the attack likely involved a criminal organization attempting to make a profit, not a state-sponsored group trying to harm Canadians. Had the attack against Nova Scotia Power, a subsidiary of Emera, been directed at its infrastructure — at shutting down power plants — then that would have been a sign of the participation of a state-sponsored group, Shipley said. Plemmons, for his part, said groups who try to infiltrate the operations of utilities use 'living off the land techniques,' designed to look like legitimate activity within the network. 'Once they get in, they blend in and are very difficult to differentiate from legitimate users,' he explained. Those kind of techniques don't seem to have been used in the Nova Scotia Power attack, he said. Story continues below advertisement The difficulty in the ransomware scenario is bringing the extortion to an end, Shipley said. A recent example, he said, is the breach last December of data belonging to students and staff across Canada held in the PowerSchool system. The Toronto District School Board said this week that four months after it paid a ransom to retrieve the personal information, the board discovered that a 'threat actor' made a separate ransom demand in exchange for the same stolen data. 'So, you can't exactly take it to the bank, even if you do pay them, that they're going to delete the data,' Shipley said. The cybercriminals could also sell the information on the 'dark web' — a part of the internet accessible only through special software. 'We see all kinds of crazy things with identity theft, and it can be extraordinarily painful for individuals. The average Canadian loses about $4,000 when their identity gets hijacked,' Shipley said. Stakhanova said the intrusion highlights the need for Ottawa and provincial governments to bring in regulation requiring stricter protections of personal information held by companies and public institutions. 'As customers, we are very unprotected. We have no control over what happens with the data, our personal data, and we have no say over how the company should protect it and how the company should act in unfortunate cases like this,' she said. Rebecca Brown, a communications officer with the Nova Scotia Energy Board, said in an email that the regulator would hold a 'formal proceeding' into the breach. Story continues below advertisement 'The scope of the matter is still to be determined,' she noted, adding the review could include studying the cause of the incident and Nova Scotia Power's response, as well as the impact of the breach on the utility and ratepayers.
Winnipeg Free Press
13-05-2025
- Business
- Winnipeg Free Press
Theft of NS Power customer data is likely ransomware attack: security experts
HALIFAX – Security experts say the theft of customer data from Nova Scotia's electric utility has the hallmarks of an extortion attempt by cybercriminals. In a news release following the April 25 data breach, the utility said it notified police about the theft and confirmed that 'certain customer personal information was accessed and taken by an unauthorized third party.' Nova Scotia Power, however, refuses to say whether it was being extorted by criminals. But cybersecurity experts have little doubt about what happened. Power lines are seen in Dartmouth, N.S., on Thursday, Nov. 29, 2018. THE CANADIAN PRESS/Andrew Vaughan The breach at the utility 'walks, talks, barks like a ransomware attack' or other similar forms of cyber extortion, David Shipley, CEO of New Brunswick-based Beauceron Security, said in a recent interview. Ransomware extortionists use malicious software to infiltrate a system to prevent companies from accessing files and then demand a ransom — often cryptocurrency — to unlock them. Shipley said there are also instances of 'double extortion,' cases in which cybercriminals steal data and threaten to sell it unless they are paid. Natalia Stakhanova, the Canada research chair in security and privacy at the University of Saskatchewan, said in a recent interview it appears 'a ransomware attack happened.' She said, 'these kinds of organizations have been the target of attacks for a very long period of time. Certainly, Nova Scotia Power is not the first one.' Casey Spears, Nova Scotia Power's social and digital adviser, said last week the company wasn't releasing details about the breach, adding, 'we have committed to notifying customers whose data has been affected as soon as our investigation allows.' Mark Plemmons, vice-president of intelligence operation at Dragos Inc. — a global cybersecurity firm that specializes in utilities and large industrial companies — said Tuesday his firm documented 30 cases last year of ransomware attacks against electrical utilities around the world. The Dragos annual report also documented 80 ransomware groups in 2024, compared to 50 the year before. All four experts say the attack likely involved a criminal organization attempting to make a profit, not a state-sponsored group trying to harm Canadians. Had the attack against Nova Scotia Power, a subsidiary of Emera, been directed at its infrastructure — at shutting down power plants — then that would have been a sign of the participation of a state-sponsored group, Shipley said. Plemmons, for his part, said groups who try to infiltrate the operations of utilities use 'living off the land techniques,' designed to look like legitimate activity within the network. 'Once they get in, they blend in and are very difficult to differentiate from legitimate users,' he explained. Those kind of techniques don't seem to have been used in the Nova Scotia Power attack, he said. The difficulty in the ransomware scenario is bringing the extortion to an end, Shipley said. A recent example, he said, is the breach last December of data belonging to students and staff across Canada held in the PowerSchool system. The Toronto District School Board said this week that four months after it paid a ransom to retrieve the personal information, the board discovered that a 'threat actor' made a separate ransom demand in exchange for the same stolen data. 'So, you can't exactly take it to the bank, even if you do pay them, that they're going to delete the data,' Shipley said. The cybercriminals could also sell the information on the 'dark web' — a part of the internet accessible only through special software. 'We see all kinds of crazy things with identity theft, and it can be extraordinarily painful for individuals. The average Canadian loses about $4,000 when their identity gets hijacked,' Shipley said. Winnipeg Free Press | Newsletter Winnipeg Jets Game Days On Winnipeg Jets game days, hockey writers Mike McIntyre and Ken Wiebe send news, notes and quotes from the morning skate, as well as injury updates and lineup decisions. Arrives a few hours prior to puck drop. Sign up for The Warm-Up Stakhanova said the intrusion highlights the need for Ottawa and provincial governments to bring in regulation requiring stricter protections of personal information held by companies and public institutions. 'As customers, we are very unprotected. We have no control over what happens with the data, our personal data, and we have no say over how the company should protect it and how the company should act in unfortunate cases like this,' she said. Rebecca Brown, a communications officer with the Nova Scotia Energy Board, said in an email that the regulator would hold a 'formal proceeding' into the breach. 'The scope of the matter is still to be determined,' she noted, adding the review could include studying the cause of the incident and Nova Scotia Power's response, as well as the impact of the breach on the utility and ratepayers. This report by The Canadian Press was first published May 13, 2025.
Yahoo
13-05-2025
- Business
- Yahoo
Theft of NS Power customer data is likely ransomware attack: security experts
HALIFAX — Security experts say the theft of customer data from Nova Scotia's electric utility has the hallmarks of an extortion attempt by cybercriminals. In a news release following the April 25 data breach, the utility said it notified police about the theft and confirmed that "certain customer personal information was accessed and taken by an unauthorized third party." Nova Scotia Power, however, refuses to say whether it was being extorted by criminals. But cybersecurity experts have little doubt about what happened. The breach at the utility "walks, talks, barks like a ransomware attack" or other similar forms of cyber extortion, David Shipley, CEO of New Brunswick-based Beauceron Security, said in a recent interview. Ransomware extortionists use malicious software to infiltrate a system to prevent companies from accessing files and then demand a ransom — often cryptocurrency — to unlock them. Shipley said there are also instances of "double extortion," cases in which cybercriminals steal data and threaten to sell it unless they are paid. Natalia Stakhanova, the Canada research chair in security and privacy at the University of Saskatchewan, said in a recent interview it appears "a ransomware attack happened." She said, "these kinds of organizations have been the target of attacks for a very long period of time. Certainly, Nova Scotia Power is not the first one." Casey Spears, Nova Scotia Power's social and digital adviser, said last week the company wasn't releasing details about the breach, adding, "we have committed to notifying customers whose data has been affected as soon as our investigation allows." Mark Plemmons, vice-president of intelligence operation at Dragos Inc. — a global cybersecurity firm that specializes in utilities and large industrial companies — said Tuesday his firm documented 30 cases last year of ransomware attacks against electrical utilities around the world. The Dragos annual report also documented 80 ransomware groups in 2024, compared to 50 the year before. All four experts say the attack likely involved a criminal organization attempting to make a profit, not a state-sponsored group trying to harm Canadians. Had the attack against Nova Scotia Power, a subsidiary of Emera, been directed at its infrastructure — at shutting down power plants — then that would have been a sign of the participation of a state-sponsored group, Shipley said. Plemmons, for his part, said groups who try to infiltrate the operations of utilities use "living off the land techniques," designed to look like legitimate activity within the network. "Once they get in, they blend in and are very difficult to differentiate from legitimate users," he explained. Those kind of techniques don't seem to have been used in the Nova Scotia Power attack, he said. The difficulty in the ransomware scenario is bringing the extortion to an end, Shipley said. A recent example, he said, is the breach last December of data belonging to students and staff across Canada held in the PowerSchool system. The Toronto District School Board said this week that four months after it paid a ransom to retrieve the personal information, the board discovered that a "threat actor" made a separate ransom demand in exchange for the same stolen data. "So, you can't exactly take it to the bank, even if you do pay them, that they're going to delete the data," Shipley said. The cybercriminals could also sell the information on the "dark web" — a part of the internet accessible only through special software. "We see all kinds of crazy things with identity theft, and it can be extraordinarily painful for individuals. The average Canadian loses about $4,000 when their identity gets hijacked," Shipley said. Stakhanova said the intrusion highlights the need for Ottawa and provincial governments to bring in regulation requiring stricter protections of personal information held by companies and public institutions. "As customers, we are very unprotected. We have no control over what happens with the data, our personal data, and we have no say over how the company should protect it and how the company should act in unfortunate cases like this," she said. Rebecca Brown, a communications officer with the Nova Scotia Energy Board, said in an email that the regulator would hold a "formal proceeding" into the breach. "The scope of the matter is still to be determined," she noted, adding the review could include studying the cause of the incident and Nova Scotia Power's response, as well as the impact of the breach on the utility and ratepayers. This report by The Canadian Press was first published May 13, 2025. Michael Tutton, The Canadian Press Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
