Transcript
Transcript: Discover Cyber Security: Louis' Lesson
[The text "Canadian Centre for Cyber Security | Centre canadien pour la cybersécurité" appears onscreen.]
[The text "Canada School of Public Service | École de la fonction publique du Canada" appears onscreen.]
Louis' Lesson
[A threat actor is standing in front of a blue background; the image zooms out to a crowd of people.]
Threat actors look for any way they can to gain access to a system. Most of the time, they look for opportunities to compromise a large group of people; that way their attack is more likely to be successful in at least a few cases.
[A thought bubble appears with a person typing some code into a laptop.]
They may try to guess passwords linked to thousands of users' emails. Emails such as Louis'.
[Louis, with blond hair and glasses, is sitting at his computer.]
Meet Louis.
[A thought bubble appears with a laptop.]
Louis has to remember a lot of passwords.
[The laptop shows a list of different online sites and accounts which are owned by Louis.]
Passwords for rewards cards, social media accounts, bank accounts, personal and work email accounts, hobby websites and online shopping. Louis reuses four or five passwords to access more than 100 services.
[A list of accounts and corresponding passwords appear with red lines underlining the similarities in each password.]
Sometimes, Louis will change the number at the end of the password or add a letter at the beginning.
[Louis stands on a blank screen with a blue background, pulls out his phone from his pocket and answers a call – the background then turns orange, and his jaw drops open.]
Louis was informed by a company that his personal information had been compromised because of a privacy breach.
[Louis is typing on a laptop next to the list of accounts and passwords which he is trying to change.]
He changed his password for the service that had been breached, but he did not change that same password that he was also using for accounts on social media, with an online retailer, and his personal email.
[Laptop screen appears with the threat actor standing to the side. The screen shows them accessing different sites using the same passwords.]
Hackers had looked at the breached information, figured out Louis' email and password, and tried that combination on numerous other sites. This is called credential stuffing.
[The laptop screen pauses at a page with an email icon in the middle.]
Through these attempts, they managed to access his personal email. The threat actors then crafted malicious emails that were disseminated to all of Louis' contacts, including his co workers' work email.
[The threat actor's laptop is shown at the bottom of the screen with animated emails flying into an office space's computers. There are seven employees shown at the upper centre of the screen, all working at shared desks. A building with the Canadian flag appears, used to represent Louis' department in the Government of Canada.]
Emails from Louis' account persuaded his co workers to send money to a payment system, send sensitive business information to the threat actor and follow a link to a spoofed website, causing them to become victims as well.
[Transition to a co-worker opening an email sent to him by the threat actor impersonating Louis and clicking a link which leads to a big warning sign implying that his information was breached.]
Louis' bad habit ignited a series of cyber compromises throughout his department.
[Bullet points appear.]
Louis could have kept himself and his department safe by using strong passwords or passphrases, by using a different password for every account, by using a password manager to store his passwords and by setting up two-factor authentication on his accounts. Doing so would have limited the likelihood of a cyber attack and reduced the impact on his department.
[Green checkmarks appear over the bullet points.]
The Government of Canada has dealt with the impact of cyber attacks like this. Are you confident in your passwords? If not, then it's time to learn from Louis and take some action.
[This video was co-created by: Canadian Centre for Cyber Security | Centre canadien pour la cybersécurité, Canada School of Public Service | École de la fonction publique du Canada.]
[The Government of Canada logo appears.]
