Canadian Commercial Real Estate Services Firm Accepts CyberBat

A Toronto-based commercial real estate services and investment management firm has admitted that it was the victim of a cyber attack in November, but is not saying whether the incident was as a ransom as a gang is claiming.

A spokeswoman for the publicly traded Colliers International Group, which has corporate and institutional customers in 36 countries, broke security controls on Wednesday after being asked by IT World Canada about a listing on the Dark Web by the Netfilm ransomware gang Accepted. The listing shows that the company was hit with ransomware and its files were copied.

Pamela Smith, the company's communications director, said in an email, "In November 2020, Colliers' information technology team discovered a cyber attack in North America for the company's IT infrastructure." Thanks to the immediate and decisive action taken by the Colliers IT team, the effects on business continuity were limited. Colliers conducted a comprehensive investigation with the support of leading cybersecurity experts in an effort to determine what data might have been affected during the recent program. Colliers continue to monitor the situation closely and will continue to notify affected individuals or organizations. The Colliers IT network is currently safe, secure and fully operational. "

When the attack was ransomware, a spokesperson was asked to confirm whether it was corporate or personally affected, and whether personal, whether it involved current and former employees.

In its most recent quarterly financial statement for the period ending September 30, 2020, Colliers said it had net income of less than $ 32 million on revenue of just over $ 692 million. As of its 2019 financial results at the beginning of last year, it had about 15,000 employees.

Colliers performs a number of services for real estate firms including property management, sales and valuation as well as tenant representation.

The main part in the Netfilim website entry for Colliers is "Part 1", suggesting that the two files posted show that the firm was compromised and may cause further trouble.

According to Brett Callow, a British Columbia-based threat researcher for Amisoft, Nephilim was first spotted in the spring of last year and has since been one of enterprise-space victims including Whirlpool, MAS Holdings, Luxottica and Australian logistics company Toll Group The string has been created. . "Unlike other large game-hunting groups, Nephilim appears to be a closed shop rather than a ransomware-as-a-service provider, which may explain why the group is a less active other," he said in an email. Said in the email. “The group typically uses Microsoft RDP (Remote Desk Protocol) and other public-facing applications for early access to victims. Often, it also takes advantage of unpublished versions of Citrix's application delivery controllers that occur after CVE-2019-19781. "

Imitation - The greatest form of flattery

Coincidentally, Amisoft released its annual status of ransomware in a US report this week. In early 2020, only the Labyrinth group used the threat of releasing stolen information as an additional leverage to withdraw payments. By the end of the year, at least 17 others had adopted it and were publishing stolen data on so-called leaked sites. At least 2,354 US governments, health facilities, and schools were affected by ransomware last year. In addition, looking at data leaked sites it is estimated that more than 1,300 companies worldwide, many U.S.-based, lost data.

The report concludes, "We estimate that there will be even more cases of data theft in 2021, in 2020 - at least twice." We also estimate that cybercriminal data can be stolen more in use Will use it to attack the individuals it relates to to put additional pressure on the organizations from which it was stolen. "

Ransomware attacks can usually be stopped or, at least, their scope is limited, it adds. "While organizations cannot completely eliminate the possibility of human error, they can design their networks in such a way that they do not collapse like card houses when those errors occur."