Insights

As an active contributor to Canadian Centre for Cyber Security (Cyber Centre) projects and GeekWeek, Critical Path Security is pleased to share the key findings from the recently published National Cyber Threat Assessment 2025-2026 (NCTA). This report from the Cyber Centre underscores the evolving cyber threat landscape in Canada, revealing the complex, rapidly advancing cyber threats facing individuals, organizations, and critical infrastructure. About the Cyber Centre The Canadian Centre for Cyber Security, part of the Communications Security Establishment Canada (CSE), acts as Canada's primary authority on cybersecurity. Collaborating with government, critical infrastructure, and private sector partners, the Cyber Centre aims to mitigate and recover from cyber events, raising the nation's cyber resilience. This latest threat assessment forms part of the Cyber Centre's mission to deliver timely, relevant information that Canadians and organizations can use to stay secure. National Cyber Threat Assessment (NCTA) 2025-2026: Key Takeaways Increasingly Complex and Aggressive Cyber…

On October 16, 2024, the New York Department of Financial Services (NYDFS) issued guidance on managing cybersecurity risks associated with the use of Artificial Intelligence (AI) within the framework of 23 NYCRR Part 500. The guidance applies to all entities under NYDFS jurisdiction and provides direction for assessing and managing new cybersecurity risks posed by AI adoption, without introducing new regulatory requirements. This report consolidates the guidance from NYDFS with the upcoming amendments to Part 500, effective November 1, 2024, and explores key technical and administrative measures for financial institutions to achieve compliance and mitigate AI-related cybersecurity risks. Key Amendments Effective November 1, 2024 1. Multi-Factor Authentication (MFA) Requirement: MFA is required for all individuals accessing information systems, covering both internal access and remote access to third-party applications and privileged accounts. Exemptions: Limited exemptions may apply, though compensating controls must be implemented. Implementation: Organizations should ensure MFA systems meet the…

The Canadian Centre for Cyber Security released its Cyber Security Readiness Goals (CRGs) on October 29, 2024. This guidance provides Canadian critical infrastructure (CI) operators with 36 actionable goals designed to enhance security, minimize risks, and reinforce Canada's resilience against evolving cyber threats. Aligned with the NIST Cybersecurity Framework 2.0, the CRGs support system owners in protecting vital assets and improving the security posture across various sectors, including energy, finance, healthcare, and telecommunications. Key Threats Addressed Canada's CRGs address the increased cyber risks impacting CI. Key threats include: Nation-State Cyber Actors: CI sectors face persistent targeting from state-sponsored actors in countries like China, Russia, Iran, and North Korea, using cyber operations for espionage, geopolitical leverage, and potential disruption of essential services. Ransomware Attacks: Targeted ransomware (or "big game hunting") poses an immediate threat to CI operators who, facing operational disruptions, are often more willing to pay large ransoms. This tactic…

The Government Emergency Response Team of Ukraine (CERT-UA) and Microsoft have issued alerts concerning an advanced spear-phishing campaign conducted by the threat actor Midnight Blizzard. The campaign targets public authorities, critical industries, and military organizations with emails themed around "integration with Amazon and Microsoft services" and "Zero Trust Architecture (ZTA)." The emails contain malicious RDP (Remote Desktop Protocol) configuration files that establish unauthorized RDP connections to attacker-controlled infrastructure. Attack Methodology: The attackers embed .rdp configuration files in their emails, which establish outbound connections to their servers upon execution. Key elements of this approach include: Local Resource Access: These RDP files allow attackers access to local resources such as disks, network resources, printers, COM ports, audio devices, and the clipboard. Potential Code Execution: CERT-UA reports that these files could allow the installation of third-party scripts or programs on the victim's machine, enabling further malware deployment. Impersonation of AWS Domains: Attackers use…