In this blog series, our Executive Director Ben Taylor highlights a selection of cybersecurity, physical security, health or natural threat related stories relevant to the cannabis industry.
Ontario Cannabis Store says Police Investigating ‘Criminal’ Data Breach
The government-run Ontario Cannabis Store, the province’s legal wholesaler of adult-use marijuana, said the Ontario Provincial Police (OPP) is investigating what the OCS alleges is the theft of sensitive business data. The OCS confirmed the breach in an email to the province’s retailers late Tuesday.
Business sources say the sensitive information could have implications on everything from expansion plans and the possible sale of a store to relationships with licensed producers. “Anybody who’s seen this now has an unfair competitive advantage, knowing what your neighboring (store) is making,” a store owner who asked to remain anonymous told MJBizDaily.
While it is not known how the information was obtained, and could have been by accident, insider threat, or a cybersecurity incident, it does demonstrate the importance of information security. While customer data, particularly protected health information (PHI) is highly sensitive and can bring about big fines if mismanaged, there are plenty of other sensitive pieces of information which all businesses maintain. We will keep an eye on this developing story for any updates.
Historic Hotel Stay, Complementary Emotet Exposure included
Business Email Compromise (BEC) is a topic we have touched on within the last few weeks. This article reviews a malicious email which can be used a content for staff training on what to look for when determining if an email is suspicious. Shared earlier today in our free Slack Workspace, there have been reports of phishing attempts in the past 24 hours with email subject lines “GreenBroz Proposal”. Organizations that conduct business with GreenBroz will want to be mindful of potential phishing attempts generating from legitimate or potentially spoofed GreenBroz email accounts.
As we shared last week, this FBI Public Service Announcement update and companion piece to Business Email Compromise PSA I-091019-PSA posted on www.ic3.gov. This PSA includes new Internet Crime Complaint Center complaint information and updated statistics from October 2013 to December 2021.
DEA Investigating Breach of Law Enforcement Data Portal
The U.S. Drug Enforcement Administration (DEA) says it is investigating reports that hackers gained unauthorized access to an agency portal that taps into 16 different federal law enforcement databases. KrebsOnSecurity has learned the alleged compromise is tied to a cybercrime and online harassment community that routinely impersonates police and government officials to harvest personal information on their targets.
On May 8, KrebsOnSecurity received a tip that hackers obtained a username and password for an authorized user of esp.usdoj.gov, which is the Law Enforcement Inquiry and Alerts (LEIA) system managed by the DEA. KrebsOnSecurity shared information about the allegedly hijacked account with the DEA, the Federal Bureau of Investigation (FBI), and the Department of Justice, which houses both agencies. The DEA declined to comment on the validity of the claims, issuing only a brief statement in response.
“DEA takes cyber security and information of intrusions seriously and investigates all such reports to the fullest extent,” the agency said in a statement shared via email. According to this page at the Justice Department website, LEIA “provides federated search capabilities for both EPIC and external database repositories,” including data classified as “law enforcement sensitive” and “mission sensitive” to the DEA.
CISA Joins Partners to Release Advisory on Protecting MSPs and Their Customers
The cybersecurity authorities of the United Kingdom, Australia, Canada, New Zealand, and the United States have released joint Cybersecurity Advisory (CSA), Protecting Against Cyber Threats to Managed Service Providers and their Customers, to provide guidance on how to protect against malicious cyber activity targeting managed service providers (MSPs) and their customers. The CSA—created in response to reports of increased activity against MSPs and their customers—provides specific guidance for both MSPs and customers aimed at enabling transparent discussions on securing sensitive data. The CSA also provides tactical actions for MSPs and customers, including:
- Identify and disable accounts that are no longer in use.
- Enforce MFA on MSP accounts that access the customer environment and monitor for unexplained failed authentication.
- Ensure MSP-customer contracts transparently identify ownership of information and communications technology (ICT) security roles and responsibilities.
In their efforts to compromise MSPs, malicious cyber actors exploit vulnerable devices and internet-facing services, conduct brute force attacks, and use phishing techniques. MSPs and their customers should ensure they are mitigating these attack methods. Useful mitigation resources on initial compromise attack methods are listed below:
- Improve security of vulnerable devices.
- Selecting and Hardening Remote Access VPN Solutions (CISA, NSA)
- Vulnerability Scanning Tools and Services (NCSC-UK)
- Protect internet-facing services.
- Defend against brute force and password spraying.
- Defend against phishing.
SAFE Banking For Cannabis Is A Social Equity Issue
This Op-Ed was penned by Frederika McClary Easley of The People’s Ecosystem. The People’s Ecosystem, a 70 percent BIPOC-, women- and LGBTQ-owned and led business that successfully transitioned from the legacy to the regulated industry, has experienced firsthand the danger and inconvenience of running a predominantly cash-based business, having had a vehicle intentionally drive into their dispensary during a robbery attempt. The Op-Ed explains why The People’s Ecosystem is in support of the SAFE Banking Act.
In an update on Organized Retail Crime, Representative Young Kim (CA) has introduced “Improving Federal Investigations of Organized Retail Crime Act” (H.R. 7499), directing the Department of Justice, the Department of Homeland Security, the U.S. Postal Service and other relevant agencies to create a cohesive strategy to improve coordination and information sharing among stakeholders such as federal law enforcement agencies, retailers and state-run retail crime task forces, and to assist state and local authorities in compiling evidence for the prosecution of organized retail crime.
Potential Protests in Response to Imminent Roe v. Wade Ruling
In response to the leaked Supreme Court decision involving abortion rights, many protests and rallies have occurred throughout the U.S. Those events are only expected to increase when the ruling is finalized, which is expected to be soon. When that happens there is potential for civil unrest which can directly or indirectly impact cannabis businesses. Organizations are encouraged to remain vigilant and increase security as necessary and to brief staff on de-escalation tactics as well as how to remain safe during times of civil unrest.
The Real Estate Information Sharing & Analysis Center (ISAC) recently published an alert on the potential threat surrounding increased civil unrest, and that has been shared on our free Cannabis ISAO Slack Workspace. If you would like access to that document, please submit an application via our website.
CVS Health Installs Time-Delay Safe Technology at All Arizona Pharmacy Locations
CVS Health recently announced it has completed installing time-delay safe technology in all of its 198 Arizona pharmacy locations, including those located in Target stores, to reduce robbery and organized retail crime. “Criminal activities that organized retail crime rings fund are a clear danger to our communities, so it is important that retailers, law enforcement and political leaders work together to solve this problem,” Thomas M. Moriarty, chief policy officer and general counsel of CVS Health, said in a press release.
The company said the technology electronically delays the time it takes for pharmacy employees to open a safe and it cannot be overridden, which aims to help prevent robberies and the potential for associated diversion of medications such as oxycodone and hydrocodone. Since implementing the technology in 21 states, the company said it has witnessed a 50% decline in robberies at CVS pharmacies.
‘Triple-dip’ La Niña to Hold Vast Influence Over Pacific Hurricane Season this Year
With the East Pacific basin’s hurricane season starting on May 15 and the Central Pacific basin season following 16 days later, forecasters are predicting that the conditions presented by the La Niña pattern will keep a lid on the number of major hurricanes that may develop in the two basins, unlike what forecasters are expecting in the Atlantic basin. The El Niño-Southern Oscillation (ENSO) cycle plays a crucial role in the hurricane season, ushering in warmer waters during El Niño years and promoting colder waters in the Pacific during the La Niña phase. With this season set up as a rare “triple-dip” La Niña, the Southwest and Latin American coastlines can expect to have similar conditions, regarding the Pacific basin hurricane season, as the 2020 and 2021 seasons.
A La Niña pattern for the third year in a row means that this hurricane season will present many similar conditions that last season did, AccuWeather Hurricane Expert Dan Kottlowski said. “The conditions are very similar, but that doesn’t mean if you got hit last year you’re going to get hit this year. And it also certainly doesn’t mean that if you didn’t get hit last year, you’re not going to get hit this year either,” Kottlowski added.
ICYMI. CISA 2022 Hurricane Season Preparedness Webinar
The Cybersecurity and Infrastructure Security (CISA) 2022 Hurricane Season Preparedness Webinar is scheduled for 01 June from 10am – 11:30 am ET. This webinar will focus on providing awareness of CISA’s role and resources in hurricane preparedness and response activities associated with systems that make landfall on the continental U.S. or U.S. territories. It will also feature presentations from the NOAA Liaison to the National Operations Center and FEMA’s National Business Emergency Operations Center. Presentations will be provided from:
- NOAA Liaison to the National Operations Center
- Divisional Representatives from CISA
- FEMA National Business Emergency Operations Center
There will be a Question & Answer Period following the presentations.
For those organizations that are still developing or updating hurricane plans, the Ready.gov Business Hurricane Toolkit may be a useful reference.
Worsening Drought Fuels ‘Catastrophic’ Wildfires
“Given the prognosis for continued wind and the historic dryness, it’s a nexus for catastrophic disaster. I shudder to think that the entire bottom of the Rocky Mountain range, the Sangre de Cristo Mountains, homes to our villages for hundreds if not thousands of years, when you talk about indigenous peoples, [is] burning completely,” said New Mexico State Representative Roger Montoya. “It could go on for the entire summer.”
Check out the latest blog highlighting issues important to cannabis security!Tweet