Cybersecurity Today: Episode Summary

Title: Unraveling Cyber Threats: Ransomware, Kidnapping, and Record-Breaking DDoS Attacks
Host: David Shipley (Sitting in for Jim Love)
Release Date: May 26, 2025

1. Introduction

In this episode of Cybersecurity Today, host David Shipley delves into some of the most pressing cybersecurity threats facing businesses today. From ransomware attacks on energy utilities to unprecedented DDoS botnets and disturbing real-world cybercrimes, the discussion offers a comprehensive overview of the current cybersecurity landscape.

2. Major Ransomware Attack on Nova Scotia Power

Overview of the Attack

The episode opens with a discussion on what may be the most serious ransomware attack ever publicized against a Canadian energy utility. Nova Scotia Power, owned by Amira, confirmed that the cyberattack it suffered in April was indeed ransomware. This attack forced the company to shut down several customer-facing systems and impacted other business operations, including HR.

Impact and Response

Nova Scotia Power initially announced that some data had been stolen and later confirmed on Friday that customer data was published on the Dark Web. Importantly, the company did not pay the ransom, aligning its decision with law enforcement guidance and sanctions laws targeting specific ransomware groups.

David Shipley (00:XX):
"Nova Scotia Power's decision to not pay the ransom aligns with law enforcement guidance and applicable sanctions, avoiding legal repercussions associated with sanctioned ransomware groups."

Financial and Regulatory Implications

In response to the attack, Nova Scotia Power filed a request to increase its cybersecurity budget by $6.8 million over the next few years, having already spent $1.7 million between 2023 and 2024. This incident raises critical questions about the capability of utility regulators to assess cybersecurity investments and preparedness effectively.

Shipley (04:30):
"Do utility regulators have the skills to scrutinize cybersecurity investment and preparedness for the critical infrastructure firms they regulate?"

National Cybersecurity Landscape in Canada

The attack underscores the lack of comprehensive national cybersecurity laws in Canada. The episode highlights the anticipation around Ottawa's upcoming Parliament session, where cybersecurity may feature prominently in the Speech from the Throne—a rare event read by King Charles in person.

Shipley (06:15):
"This is yet another reminder of Canada's lack of serious national cybersecurity critical infrastructure laws."

3. Ransomware Statistics and Global Efforts

Current Ransomware Landscape

Palo Alto's Unit 42 report is discussed, revealing that between January and March 2025, over 822 organizations in the United States were hit by ransomware, making the U.S. the most affected country, followed by Canada with 88 victims. The leading sectors targeted are manufacturing, retail and wholesale, and professional and legal services.

Shipley (08:45):
"Manufacturing leads the way, followed by retail and wholesale, and then professional and legal services. These aren't just digital attacks; they're economic body blows to sectors that keep our society running."

Operation Endgame: A Success in Combating Ransomware

The episode highlights the successful Operation Endgame led by Europol in collaboration with global law enforcement agencies. The operation resulted in:

300 hacker-controlled servers taken offline
650 malicious domains seized
Over 21 million Euros in criminal cryptocurrency assets frozen

Shipley (10:20):
"This is what happens when governments and policing agencies around the world work together to fight cybercrime. It's a huge win."

4. Cryptocurrency and Real-World Cybercrime

Kidnapping for Bitcoin Password

A shocking case from New York is examined, where a cryptocurrency investor was arrested for kidnapping and torturing a man to extract his bitcoin wallet password. The victim was subjected to severe physical abuse but eventually escaped, leading to the suspect's capture.

Shipley (12:35):
"Digital assets like cryptocurrency don't just attract hackers. They can also attract real-world cybercriminals willing to commit violence to get access to digital funds."

Coinbase Customer Breach

The discussion moves to the breach at Coinbase, the world's largest crypto exchange, where customer data was leaked. This incident illustrates how digital vulnerabilities can translate into tangible threats, increasing the likelihood of violent crimes related to cyber theft.

Shipley (14:10):
"These kinds of attacks are likely going to increase real-world violence."

5. Record-Breaking DDoS Botnet: The 'Ciru' Threat

Unprecedented DDoS Attack

Security researchers have identified what may be the largest botnet ever seen, named Ciru. This botnet executed a test attack on cybersecurity journalist Brian Krebs' website, reaching a peak of 6.3 terabits per second—ten times larger than the infamous Mirai botnet from 2016.

Shipley (16:50):
"The 'Ciru' botnet's attack peaked at 6.3 terabits per second, enough data to cripple even the largest global websites instantly."

Economic Impact and Accessibility

The cost of defending against such attacks is astronomical. Canadian firm Postdigm estimates that a DDoS attack can cost online retailers $6,000 per minute in lost revenue. Additionally, the botnet is now more accessible, with rental prices having tripled from last year, making it a disproportionate threat.

Shipley (18:25):
"A Seru is a large asymmetric threat. It's a weapon that small-time criminals can rent to do big-time damage and leverage to demand lucrative extortion payments."

6. Microsoft's 'Recall' AI Feature and Privacy Concerns

Introduction to Recall

Microsoft's second attempt at its AI feature, Recall, is scrutinized. This tool, now rolling out in Windows 11, takes screenshots every three seconds of user activities, storing them and thereby posing significant privacy risks.

Criticism and Response

Upon its initial announcement in 2024, Recall faced severe criticism from privacy and cybersecurity experts. After being pulled and reworked, the tool still raises alarms. Signal, the company behind the encrypted Signal messenger, has responded by blocking screenshots in its Windows app by default to protect user privacy.

Shipley (20:40):
"Even if messages are encrypted, anyone who can get access to your credentials and your PC can read them."

Security Expert Findings

Security researcher Kevin Beaumont tested Recall and found that it continues to capture sensitive data, including credit card details. Moreover, the database can be unlocked with just a fingerprint or a PIN, making it a potential "treasure chest for hackers."

Shipley (22:15):
"That's not security, that's a treasure chest for hackers."

7. Conclusion and Call to Action

David Shipley wraps up the episode by emphasizing the importance of staying informed and proactive in tackling cybersecurity threats. He encourages listeners to share the episode with colleagues and friends to raise awareness and collectively work towards preventing and addressing cyber incidents.

Shipley (23:50):
"The more we talk about these issues, the better chance we all have of preventing incidents and fixing problems."

Listeners are invited to share their opinions and contact the team via email or YouTube comments. David signs off, mentioning that Jim Love will return as host next Wednesday.

Stay informed and vigilant. Until next time, stay sharp and stay safe.

Transcript

David Shipley (0:00)

Nova Scotia Power confirms cyberattack was ransomware and says it didn't pay Crypto investor charged with kidnapping and torturing a man in a New York City apartment new record setting DDoS botnet that can pummel any company off the Internet and signal raises alarms about Windows recall snooping on what people thought were private messages this is Cybersecurity Today and I'm your host David Shipley. Let's get started. First up, what may be the most serious ransomware attack ever made public against a Canadian energy utility continues to unfold. Nova Scotia Power, owned by Amira, confirmed Friday that the cyber attack it suffered a month ago in April was in fact ransomware. The attack forced the company to bring a number of customer facing systems down, along with impacts to other business applications, including hr. Nova Scotia Power has said in early announcements that some data had been stolen. The company confirmed Friday that customer data has now been published to the Dark Web. The company says it didn't pay the ransom. It said its decision aligned with law enforcement guidance along with applicable sanctions law for those who aren't aware of Some ransomware groups have already been specifically called out with sanctions, particularly by the US Government. Paying ransoms to sanctions groups can get you into a world of legal hurt. The attack didn't impact its energy generation or distribution operations, however, it has disrupted Nova Scotia Power's business operations for weeks. In March, Nova Scotia Power filed a request to spend $6.8 million more on cybersecurity over the next few years. They'd already spent $1.7 million of that amount between 2023 and 2024, but apparently it was either not enough or not fast enough to prevent this incident. A key question raised by the story is this. Do utility regulators have the skills to scrutinize cybersecurity investment and preparedness for critical infrastructure firms they regulate? Do they even have the legislative mandate to ask questions about cybersecurity? And the attack is yet another reminder of Canada's lack of serious national cybersecurity critical infrastructure laws. All eyes in the cybersecurity community will be on Ottawa this week as Parliament resumes to see if cyber's on the radar in what's known as the Speech from the Throne. As a bit of Canadian trivia, the speech will be read by King Charles in person. This is only the third time in Canada's history that the sovereign has done so. Wouldn't it be great if the King told us to clean up our act and get some cybersecurity legislation in place? Okay, that's not how it actually works. But one can dream, can't we? Back to ransomware. Palo Alto's Unit 42's latest report shows that between January and March 2025, over 822 organizations in the United States were hit by ransomware, including recently the largest U.S. steel producer. Canada came in second, but a distant second with 88 victims. Now we're about 110 the size of the U.S. so 88 sounds just about right proportionally. But it is a bit scary to see that Canada is second to the United States. What kinds of companies are being targeted the most? Manufacturing leads the way, followed by retail and wholesale, and then professional and legal services. And remember, these aren't just digital attacks. They're economic body blows to sectors that keep our society running. Now there is some good news to report on the ransomware front. Europol just wrapped up something called Operation Endgame in cooperation with law enforcement around the world. It was a massive global takedown of ransomware infrastructure. And the results? 300 hacker controlled servers taken offline, 650 malicious domains seized, and over 21 million Euro in criminal cryptocurrency assets frozen. Now this is what happens when governments and policing agencies around the world work together to fight cybercrime. It's a huge win. Now for the next story. If you have young kids listening, this story may contain some disturbing details. In a shocking case out of New York, a cryptocurrency investor has been arrested for kidnapping a man from Italy and torturing him for his password to his bitcoin wallet. The victim was abducted on May 6 and was allegedly beaten, electroshocked and threatened with death over several weeks. He eventually escaped and flagged down a traffic officer. His captors, according to prosecutors, drugged him, used electric wires to shock him, hit him in the head with a firearm, and at one point carried him to the top of a flight of stairs where they dangled him over the ledge and threatened to kill him if he didn't share his bitcoin password. The suspect, 37 year old John Woltz, is now in custody and police found a disturbing list of items in his apartment. Everything from body armor, weapons, even Polaroids of the victim with a gun to his head. The lesson here is digital assets like cryptocurrency don't just attract hackers. They can also attract real world cybercriminals willing to commit violence to get access to digital funds. How do they find out if you have crypto investments Every time you give up your information online and by hacking databases? The news of the Coinbase customer breach, where customer data from the biggest crypto exchange in the world was leaked. These kinds of attacks are likely going to increase real world violence. Now onto a very different kind of threat. We've all heard of distributed denial of service attacks that have brought down websites, but we haven't seen one quite this large. Security researchers have spotted what may be the largest botnet seen to date. It's called a ciru, and it just ran a test attack on the site of cybersecurity journalist Brian Krebs. Krebs noted that he thought this was either a rehearsal or a demonstration to a potential buyer of just how powerful this particular botnet is. The attack peaked at 6.3 terabits per second. That's 10 times bigger than the infamous Mirai botnet from 2016. And to put that in perspective, that's enough data to cripple even the largest global websites instantly. And here's the kicker. Last year you could rent a Ciro for as little as $150 a day. It was about a third of its current size. With that kind of power for that low a price, the threat is widely disproportionate, especially considering what it can cost victims to try and defend or in losses when online retailers are knocked offline. Canadian firm Postdigm estimates that a DDoS attack can cost online retailers around $6,000 per minute in lost revenue. And while attacks are shorter now, often lasting around 10 minutes, the damage can add up fast. A Seru is a large asymmetric threat. It's a weapon that small time criminals can rent to do big time damage and leverage to demand lucrative extortion payments. And finally, let's talk about Microsoft's second attempt at its AI feature, recall. This tool, rolling out now in Windows 11, takes screenshots every three seconds of everything a user does and stores it. Email, banking info, medical records, zoom call, signal messages, you name it. Recall can grab it. Privacy and cybersecurity Experts criticized this AI feature when it was first announced in 2024. It was pulled, massively reworked and relaunched. But now it's not just privacy and security experts raising concerns. Signal, the company behind Signal messenger, the encrypted app, which was mistakenly faulted for being used by US government officials while in reality they were using a clone of Signal software, is now blocking screenshots in its Windows app by default. And here's why. Even if messages are encrypted, anyone who can get access to your credentials and your PC can read them. And it's not just, of course, your messages. With Microsoft's new changes, the tool can still expose private conversations, not just yours, but the ones that other people who never consented to this feature can now be spied on. Security Reacher Kevin Beaumont tested Recall himself last year and again recently. He found that it was still capturing sensitive data, including credit card details, and that the database could be unlocked with just a fingerprint or a pin. That's not security, that's a treasure chest for hackers. Thanks for tuning in. If you found this episode helpful, do us a favor. Share it with a colleague or friend. The more we talk about these issues, the better chance we all have of preventing incidents and fixing problems. Until next time, stay sharp and stay safe. We're always interested in your opinion and you can contact us@editorechnewsday ca or or leave a comment under the YouTube video. I've been your host, David Shipley, sitting in for Jim Love, who will be back on Wednesday. Thanks for listening.