In this blog series, our Executive Director Ben Taylor highlights a selection of cybersecurity, physical security, health or natural threat related stories relevant to the cannabis industry.


Online Cannabis Retail Regulations in Alberta Highlight Fight Against Illicit Websites

The government of Alberta, Canada, officially handed over responsibility for online cannabis sales and delivery to the private sector on Tuesday, with a handful of companies prepared to start marijuana e-commerce and more on the way.

At the same time, Alberta cannabis retailers are being required to take steps meant to give their new, online operations an air of trustworthiness compared to underground mail-order marijuana websites. The change includes new requirements intended to help customers distinguish licensed online cannabis retailers from illicit mail-order websites.

“One of the most important considerations will be how to ensure Albertans know they are buying from a licensed online site,” said Dave Berry, the AGLC’s vice president for regulatory affairs.

To that end, the AGLC will require online cannabis retail websites to show:

  • Their license numbers.
  • The names and addresses of their licensed physical stores.
  • Public education material.
  • A link to the AGLC’s cannabis licensee search webpage.
TLP:WHITE CISA Releases Updated Conti Ransomware Advisory

This Joint Cybersecurity Advisory was originally published on 22 September, 2021. It was updated this week to include indicators of compromise. Conti cyber threat actors remain active and reported Conti ransomware attacks against U.S. and international organizations have risen to more than 1000. Notable attack vectors include Trickbot and Cobalt Strike. While there are no specific or credible cyber threats to the U.S. homeland at this time, CISA, FBI, NSA, and the United States Secret Service (USSS) encourage organizations to review this advisory and apply the recommended mitigations. According to the advisory, the listed domains “have registration and naming characteristics similar to domains used by groups that have distributed Conti ransomware. Many of these domains have been used in malicious operations; however, some may be abandoned or may share similar characteristics coincidentally.”

Additionally, the FBI released a TLP:WHITE FLASH Report on “RagnarLocker Ransomware Indicators of Compromise“.  According to the report, “The FBI first became aware of RagnarLocker in April 2020 and subsequently produced a FLASH to disseminate known indicators of compromise (IOCs) at that time. This FLASH provides updated and additional IOCs to supplement that report. As of January 2022, the FBI has identified at least 52 entities across 10 critical infrastructure sectors affected by RagnarLocker ransomware, including entities in the critical manufacturing, energy, financial services, government, and information technology sectors. RagnarLocker ransomware actors work as part of a ransomware family, frequently changing obfuscation techniques to avoid detection and prevention.” 

Cyber-Incident Reporting Legislation Clears House in Bipartisan Spending Bill

According to a joint statement from several members of the U.S. House of Representatives, “The Cyber Incident Reporting for Critical Infrastructure Act, included within the Consolidated Appropriations Act, 2022, is one of the most significant pieces of cybersecurity legislation in the past decade. Requiring owners and operators to report significant cyber incidents and ransomware attacks to CISA will mean greater visibility for the Federal government, earlier disruption of malicious cyber campaigns, and better information and threat intelligence going back out to the private sector so they can defend against future attacks. The authorities and resources provided in this bill can’t come soon enough, as CISA works to combat rapidly evolving cyber threats in this shifting geopolitical landscape. Passage of this legislation further solidifies Congress’ intent that CISA is the lead Federal agency for cybersecurity.”

In a Tweet from Cybersecurity & Infrastructure Security Agency’s (CISA) Director Jen Easterly, replying to a question on who would be impacted by the new legislation she stated that, “Focus is on critical infrastructure owners & operators; detailed reporting processes & procedures, inc scope of covered entities & incidents will be determined thru a rule-making process that we’ll begin shortly & will involve extensive engagement w/industry & fed partners.” A follow-up tweet indicated that reporting can be done 24/7 via the following methods

At the time, there is no immediate impact to the cannabis industry. But what this does indicate is a tightening a cyber reporting regulations from the government. What the Cannabis ISAO is hoping to instill in the industry are best practices for information sharing, so that if the time comes that this type of action turns it’s sites on the cannabis industry, we can have a seat at the table to help shape those future regulations because we can show the industry is already following best practices.

Physical Security

Cannabis Delivery Driver Robbed in Fresno, Police Say

A Cannabis delivery driver was robbed by someone who claimed they had a gun during a delivery, according to the Fresno Police Department.

Police say the robbery took place near Bulldog Avenue and 9th Street. According to police, the delivery driver met up with a potential customer who said he was waiting for his girlfriend.

The man then indicated to the driver that he had a gun, and demanded the marijuana the driver had, as well as personal items, according to officials. Police say none of the driver’s personal belongings were taken, however, the man did break into the delivery driver’s car and steal a container of marijuana from the driver. The suspect fled on foot through nearby apartment buildings, according to police.

Additional reported dispensary robbery events this week include:

FBI Warns of Impersonation of Law Enforcement and Government Officials

The FBI is warning the public of ongoing widespread fraud schemes in which scammers impersonate law enforcement or government officials in attempts to extort money or steal personally identifiable information.

Scammers will often spoof authentic phone numbers and names and use fake credentials of well-known government and law enforcement agencies. Scammers will use an urgent and aggressive tone, refusing to speak to or leave a message with anyone other than their targeted victim; and will urge victims not to tell anyone else, including family, friends, or financial institutions, about what is occurring.

Payment is demanded in various forms, with the most prevalent being prepaid cards, wire transfers, and cash, sent by mail or inserted into cryptocurrency ATMs. Victims are asked to read prepaid card numbers over the phone or text a picture of the card. Mailed cash will be hidden or packaged to avoid detection by normal mail scanning devices. Wire transfers are often sent overseas so funds almost immediately vanish.

We have previously reported on scams that were specifically targeting cannabis businesses like ones in Oklahoma, Vermont, and Colorado. Keeping employees aware of all types of potential scams that can target your business is essential  and it is recommended that these type of reports are shared during regular staff meetings to keep everyone aware.

Natural Events

Developing Winter Storm and Severe Weather Threats into the Weekend

A potent winter storm will spread snow from the U.S. Plains and parts of the Midwest and South into New England, while turning into a “bomb cyclone” packing high winds as it tracks up the East Coast. Additionally, severe thunderstorms, including a threat of tornadoes, and flooding rain will hammer parts of the Southeast through Saturday.

This weather system has been named Winter Storm Quinlan by The Weather Channel. The setup for this storm began with a potent blast of cold air surging south out of Canada into the Plains and Rockies. A pair of strong jet streams are then forecast to spin up low pressure along a cold front in the lower Mississippi Valley Friday, then intensify as it races into the Northeast Saturday and eastern Canada by Sunday.

The area of low pressure is expected to become a “bomb cyclone” when it tracks up the East Coast. We’ll have more about that aspect of the forecast after first discussing the expected snow. Winter weather alerts have been issued by the National Weather Service along the entire path of the storm, including areas from the southern Plains to the mid-South, Ohio Valley, Appalachians and interior Northeast.

Showers and thunderstorms are ongoing near the Gulf Coast and in the adjacent offshore waters right now. Some severe weather is possible from this cluster of storms as it tracks toward northern Florida and southern Georgia during the day. Beginning Friday night, though, severe thunderstorms may become more numerous and last into at least Saturday morning.

Tornado Warnings were Delayed to the Public During Deadly Weekend Outbreak.

As deadly tornadoes were carving a path through the state of Iowa on Saturday, the residents in harm’s way had no idea their warnings were delayed. The National Weather Service’s (NWS) warning system was having technical issues getting warnings to the public, so the NWS office in Des Moines had to scramble to warn the public there were tornadoes.

There were reportedly six tornados that touched down on Saturday, mostly in Iowa, although as site surveys are conducted that number could go up. Seven people, including two children were killed by the storms. All of this was happening while the NWS experienced a technology glitch, impacting its warning system, causing, at times, nearly a 10-minute delay for some warnings to get out. “Any delays with the receipt of tornado warnings is serious business as seconds count with a fast moving and violent tornado,” said Daryl Herzmann, a systems analyst with Iowa State University.

The NWS noted that NOAA Weather Radio and the Emergency Alert System were activated and broadcast the warnings immediately, with no delay. They were still able to give around an average 20-minute lead time for people to get to safety, which is impressive. This demonstrates the importance of developing backup communications methods as part of any emergency response plan. As cannabis businesses consider emergency response and business continuity plans to deal with situation like wildfires, earthquakes, hurricanes, and tornados, communications is such a vital piece to the equation. Organizations should consider what their emergency communications plans look like and whether there are backup protocols in place.

Check out the latest blog highlighting issues important to cannabis security!