COVID-19 cyber guidance Monthly update for CIO/CISO

August 10, 2020 kpmg.ca The COVID-19 cyberera Global threat actors increasing cyber attacks COVID-19 poses a HIGH cyber-security risk for Canadian organizations as new risks continue to emerge. Key threat observations Recommendations Precision spreading Attacks have more than doubled in the US (1). Recently an outdoor navigation and fitness company had – Incident response playbooks for ransomware attacks should be updated to multiple products disrupted by an apparent ransomware attack. In this case, the unique datasets of this invoke data exfiltration actions, e.g., privacy measures. victim company can provide pattern of life information of its customers that is exploitable by threat actors. – Leveraging threat intelligence can help companies pinpoint attack patterns The attack is attributed to a Russian crime syndicate which implies that the information accessed was likely that could affect their unique posture. exfiltrated and will be commoditized on underground marketplaces well after the breach (2).

Healthcare at the forefront of vaccine race As the COVID-19 vaccine race continues, officials in the U.S., U.K. and Canada warned that the threat actor – Healthcare is now at the forefront of information warfare and security. Cozy Bear, associated with Russia’s SVR foreign intelligence agency, is actively hacking vaccine trials and Security posture reviews can help raise the bar deterring most common dropping custom . An active player in Russia's massive influence campaign in the 2016 US attacks. election, Cozy Bear’s targeting of vaccine research is of note (3). While this entity’s motivations are – Integration with industry and government can dramatically improve one’s historically for intelligence purposes only, they do sometimes appear to work with other Russian entities that security posture by sharing and receiving collective intelligence. perform acts of disinformation.

Breached admin tools: a common weak link A coordinated social engineering campaign targeting multiple employees was behind a hack of – Enforcing thorough logging to all administrative tools for security applications several high-profile Twitter accounts in July (4). The severity of this account takeover attack highlights the and other key business applications is essential for threat detection. importance of effective measures for managing privileged access to critical applications and admin tools. – User behavior monitoring is essential to detect user profiles that display Effective privileged access management is even more critical now that many companies are continuing to abnormal behavior. have a considerable workforce working from home as a result of the pandemic, and are relying heavily on – All privileged accounts should be clearly associated with individual users and remote access to administer application and security tools. shared accounts should be eliminated.

© 2020 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative 2 (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered tra d em arks or trademarks of KPMG International.

* The references are listed on the next slide. COVID-19 cyber guidance – References References

1. https://www.telecompetitor.com/report-u-s-ransomware-attacks-up-109/

2. https://arstechnica.com/information-technology/2020/07/garmans-four-day-service-meltdown-was-caused-by-ransomware/

3. https://www.scmagazine.com/home/security-news/apts-cyberespionage/covid-19-vaccines-economies-in-peril-after-russian-apt29-

attacks/?utm_source=newsletter&utm_medium=email&utm_campaign=SCUS_Newswire_%7b%7b%27now%27|date:%27%25Y%25m%25d%27%7d%7d&

hmSubId=%7b%7bcontact.cms_id_encrypted%7d%7d&email_hash=%7b%7bcontact.email|md5%7d%7d&oly_enc_id=2359F5955423H5W

4. https://www.scmagazine.com/home/security-news/insider-threats/twitter-hack-is-a-reminder-of-the-dangers-of-unfettered-employee-

access/?utm_source=newsletter&utm_medium=email&utm_campaign=SCUS_Newswire_%7b%7b%27now%27|date:%27%25Y%25m%25d%27%7d%7d&

hmSubId=%7b%7bcontact.cms_id_encrypted%7d%7d&email_hash=%7b%7bcontact.email|md5%7d%7d&oly_enc_id=2359F5955423H5W

© 2020 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative 3 (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered tra d em arks or trademarks of KPMG International. KPMG’s cyber security services KPMG can help you with a wide range of cyber security services Key services Contact us

Cyber maturity assessment National leaders Regional leaders Compliance assessment Strategy and Cyber security strategy HartajNijjar Governance Partner & National Leader, Cyber Security Information governance and privacy 416 228 7007 Third-party security risk management [email protected]

Identity and access management and Robert Moerman Jeff Thomas Partner, Cyber Defense Partner, Cyber Security Privileged access management KPMG in Canada Calgary Transformation 416 777 8308 403 691 8012 Cyber governance, risk, and control [email protected] [email protected]

Security architecture Adil Palsetia Ya ssir Bellout Partner, Strategy and Governance Partner, Cyber Security Security operations advisory KPMG in Canada Montreal 416 777 8958 514 840 2546 Cyber threat intelligence Cyber [email protected] [email protected] Defense Vulnerability monitoring John Heaton Erik Berg Partner, Transformation Partner, Cyber Security Application security KPMG in Canada Vancouver 416 476 2758 604 691 3245 Compromise assessment and simulations [email protected] [email protected] Cyber Response Incident response readiness and planning Guillaume Clément Robin Tong Partner, Cyber Response Partner, Cyber Security Digital investigations and remediation 418 265 8734 Edmonton KPMG in Canada 780 429 7335 © 2020 KPMG LLP,Cloud a Canadiansecurity limited liability partnership and a member firm of the KPMG network of independent member firms affiliated wi th KPMG International Cooperative [email protected] [email protected] 4 Cross(“KPMG-PillarInternational”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International. Secure DevOps kpmg.ca

The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although w e endeavour to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it w ill continue to be accurate in the future. No one should act on such information w ithout appropriate professional advice after a thorough examination of the particular situation. © 2020 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG netw ork of independent member f ir ms affiliated w ith KPMG International Cooperative (“KPMG International”), a Sw iss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.