Cybersecurity Is No Longer Just An IT Problem
In this edition of the Be Everyday Ready Briefing, cybersecurity is a crucial educational and institutional priority. As governments become increasingly involved, schools should do the same.
GHOST RANSOMWARE INFILTRATED ORGANIZATIONS IN 70 COUNTRIES
CISA and FBI Release Advisory on Ghost (Cring) Ransomware
Contributed by Brian Rushton-Phillips
According to CISA and the FBI, attackers using Ghost ransomware have infiltrated victims across industry sectors in over 70 countries, including critical infrastructure organizations.
Other affected sectors include healthcare, government, education, technology, manufacturing, and numerous small and medium-sized businesses.
Beginning early 2021, Ghost actors began attacking victims whose internet-facing services ran outdated versions of software and firmware," stated CISA, the FBI, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) in a joint advisory.
"This indiscriminate targeting of networks containing vulnerabilities has led to the compromise of organizations across more than 70 countries, including organizations in China".
Ghost ransomware operators often change their malware executables, modify the file extensions of encrypted files, alter ransom note contents, and use multiple email addresses for ransom communications, leading to varying attribution of the group over time.
Names associated with this group include Ghost, Cring, Crypt3r, Phantom, Strike, Hello, Wickrme, HsHarada, and Rapture, with ransomware samples used in their attacks such as Cring.exe, Ghost.exe, ElysiumO.exe, and Locker.exe.
This financially driven ransomware group exploits publicly available code to exploit vulnerable servers' security flaws. They target unpatched vulnerabilities in Fortinet (CVE-2018-13379), ColdFusion (CVE-2010-2861, CVE-2009-3960), and Exchange (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207).
To protect against Ghost ransomware attacks, implement the following measures:
The joint advisory released by CISA, the FBI, and MS-ISAC also features indicators of compromise (IOCs), tactics, techniques, procedures (TTPs), and detection methods associated with past Ghost ransomware activities uncovered in FBI investigations as recently as January 2025.
CANADIAN GOVERNMENT ADDRESSES CYBER THREATS WITH NEW STRATEGY
The new approach aims to support critical infrastructure in both Canada and the U.S.
Contributed by Brian Rushton-Phillips
The Canadian federal government has introduced a new National Cyber Security Strategy to safeguard individuals and businesses and address cyber threats.
Public Safety Minister David McGuinty stated that the NCSS, titled “Securing Canada’s Digital Future,” focuses on a comprehensive societal approach to cyber security.
The long-term goal is to enhance collaboration across all levels of government, law enforcement, industry, Indigenous communities, academia, and international partners to minimize disruptions to critical infrastructure. The strategy also seeks to improve information sharing and ensure compliance among partners in preventing cyber incidents.
The NCSS will support initiatives to improve cyber security, including awareness and education programs for children and youth to boost digital resilience and preparedness. Additionally, it supports critical infrastructure and cyber resilience in Canada and the US.
This strategy builds on the 2018 initiative establishing the Canadian Centre for Cyber Security within the Communications Security Establishment and the National Cybercrime Coordination Centre under the Royal Canadian Mounted Police. In accordance with the NCSS, an initial investment of $37.8 million will be allocated over six years.
“Canada must remain a leader in cyber security, particularly in the face of ongoing and persistent cyber threats,” McGuinty stated. “The new National Cyber Security Strategy reflects the Government of Canada’s dedication to a comprehensive and flexible approach to safeguarding our nation’s cyber security for citizens across our country, Canadian businesses, and vital cross-border services and critical infrastructure.”
On December 13, 2024, the federal government announced its investment in establishing a Cyber Attribution Data Centre at the University of New Brunswick, marking the first step in strengthening ties with academia.
The “National Cyber Threat Assessment 2025-2026” report highlighted that malicious cyber threat actors threaten Canadians’ safety, economic prosperity, and national security through fraud, scams, and ransomware targeting critical infrastructure and essential services.
AVOID INSTALLING THIS CRITICAL UPDATE
Alert for Microsoft Windows Users
Contributed by Brian Rushton-Phillips
A crucial warning about a dangerous new browser update aimed at Microsoft Windows users has emerged. This attack uses social engineering tactics to lure users into making regrettable clicks.
The alert was issued by Palo Alto Networks' Unit 42, as reported by Cyber Security News, which emphasized the research. Attackers have embedded "malicious JavaScript" into legitimate websites, prompting users with notifications that their browser modules in Chrome, Edge, or Firefox are outdated and need to be updated.
According to Cyber Security News, "these lures leverage realistic branding and urgency warnings, such as 'Critical Security Update Required.'" When you download and execute the script, the malware retrieves the NetSupport RAT code necessary to compromise your PC. This code includes an executable for remote device control, a library for data extraction, and Windows "Registry modification scripts for persistence," making it difficult to terminate the process once it is active on your system.
Researchers caution that "NetSupport RAT delivered a secondary payload: StealC, a credential-stealing malware." This malware does what its name suggests: it seeks key login information and bypasses security measures.
The researchers emphasize that "the SmartApeSG campaign highlights the ongoing threat of social engineering combined with fileless attack techniques. Threat actors maintain extended network access while avoiding traditional defenses by exploiting trusted software update mechanisms and Windows internals."
MITIGATION STRATEGIES
The dangers of fake browser installations and updates are escalating.
It is now more crucial than ever for users to install or update browsers and browser modules only through traditional methods.
You can use your browser to check for updates and avoid clicking on popups or website links, no matter how legitimate they appear.
THE IMPORTANCE OF CYBERSECURITY EDUCATION FOR STUDENTS
Cybersecurity awareness begins at home, where young people first interact with internet-enabled devices and online connectivity.
Contributed by Brian Rushton-Phillips
As the digital world becomes more intricate and cyber threats continue to develop, schools must actively promote thorough cybersecurity education. By incorporating cybersecurity awareness and training into school curricula, we can equip students with the skills to identify, address, and prevent cyber threats, laying the groundwork for a secure digital future.
Children and students face the same cybersecurity risks as adults and organizations in our highly connected world. Despite their general tech-savviness, students are particularly susceptible to cyberattacks and often use technology without fully understanding the associated risks.
The increase in credential theft, identity fraud, and personal data exploitation are becoming primary attack methods affecting people of all ages. Cybercriminals often target students with phishing scams, tricking them into revealing login credentials and sensitive information. This issue can extend beyond individual students to entire campuses, as attackers aim to access institutional data, financial details, and personally identifiable information.
In 2023, 79% of higher education institutions experienced ransomware attacks, highlighting the vulnerability of colleges and universities to cybercriminals who exploit security weaknesses.
Data from Comparitech shows 121 record-breaking successful ransomware attacks on U.S. schools in 2023, up from 71 the previous year, costing these educational institutions $550,000 per day of downtime. This increase underscores the significant risk posed by the large amount of personal and financial data that schools handle, making them prime targets for cybercriminals.
Despite the rising number of breaches, including high-profile incidents affecting the Los Angeles Unified School District and Stanford University, there remains a lack of formal, comprehensive cybersecurity education for students and schools at all levels.
Cybersecurity education should be integral to every student's academic journey, starting from K-12 and continuing through higher education. Students will benefit from this knowledge by learning to protect themselves, their families, and their educational institutions from cyber threats.
Prioritizing Cyber Education
The education sector has a distinct responsibility to equip students for the digital challenges they will encounter in the classroom and throughout their careers.
It is crucial for security that cybersecurity education be incorporated into academic curricula and that appropriate cybersecurity measures be invested in to safeguard institutional data. The upcoming generation of leaders, researchers, and professionals must possess the skills and knowledge to tackle cyber threats.
By prioritizing their cybersecurity efforts and offering comprehensive resources, schools and universities can more effectively shield their students, faculty, and critical systems from the escalating threat of cyberattacks.
Acknowledging that cybersecurity is not merely an IT concern but a fundamental educational and institutional priority is essential.
Follow our story ➜ https://linkedin.com/company/cyderes
Cybersecurity Professional | Protecting Systems, Reducing Risk, Defending What Matters
6moGreat insight. Many organizations mistakenly assume cybersecurity is solely the responsibility of the IT department. In reality, effective protection requires collaboration across all departments. That cross-functional effort is what builds true resilience.
Strategic Leader | Driving Growth Across Start-Up, Telecommunications, Healthcare, Automotive, and Government Sectors.
8moIt's true, the danger is everywhere. Getting complacent and lazy is a great way to become compromised.
CEO of STIC CONSULTANT COMPANY & Trainer at TRECCERT
8mocybersecurity is a strategic business issue that requires leadership attention, cross-departmental collaboration, and integration into overall corporate governance and risk management frameworks.