Security Alert: Ottawa warns Canadian businesses of increased threat of Russian cyberattacks

Communications Security Establishment (CSE), a government agency responsible for signals intelligence and cybersecurity in Canada, said it is monitoring threats directed at infrastructure networks and has been issuing bulletins or public advisories. The agency is also relaying confidential information through protected channels about new forms of malware and other tactics, techniques and procedures being used to target victims.

“Russia has significant cybercapabilities and a demonstrated history of using them irresponsibly,” CSE spokesperson Ryan Foreman said Monday. “In light of Russia’s ongoing, unjustified military offensive in Ukraine, CSE and its Canadian Centre for Cyber Security strongly encourage all Canadian organizations to take immediate action and bolster their online cyberdefences.”

CSE would not confirm whether there are any Canadian organizations or businesses that have been affected so far by the war in Ukraine, but said “there has been an historical pattern of cyberattacks on Ukraine having international consequences.”

“While we can’t speak about specific operations, we can confirm that CSE has been tracking cyberthreat activity associated with the current crisis. CSE has been sharing valuable cyberthreat intelligence with key partners in Ukraine. We also continue to work with the Canadian Armed Forces in

support of Ukraine, including intelligence sharing, cybersecurity and cyberoperations,” the agency said.

Independent cybersecurity experts said organizations that are already strained – such as hospitals, police communications and the country’s

utility companies – are most vulnerable to Russian retaliation in the form of cyberattacks, malware or ransomware. Phishing and social engineering tools are the preferred methods that attackers use to gain unauthorized access over systems, experts said.

“The fact is that really everyone should have already been bracing for this, because almost everything we do is digitized and

thus has potential to be digitally breached,” said Lisa Kearney, chief executive officer of the Women CyberSecurity Society Inc.

Last week, the Canadian Centre for Cyber Security sent out a public alert stating it is aware of a new malware called “HermeticWiper” that is

targeting Ukrainian organizations. The centre said the malicious software wipes all the data of a company or agency and makes it completely unrecoverable.

Charles Finlay, executive director of Rogers Cybersecure Catalyst at Ryerson University in Toronto, said there is no need to panic yet, however.

“Canada has invested lots of funding into cybersecurity over the years. We know what the challenges are. We understand the kinds of attacks that the government of Russia has launched in the past and we understand what we need to do about those kinds of attacks,” he said.

“But we have to be very careful here because more often than not these attacks may be launched against that one target, but it can then spread well beyond the intended target.”

How can you beef up your cyber defences?

With the threat of Russian cyberattacks looming, experts say it’s as good of a time as ever to ensure your online presence is secured.

Some of the things you can do are quite basic. Give yourself a strong password, and enable two-factor authentication so you get a code sent to your phone before logging into a device or account.

It’s also smart to keep your systems updated so any security vulnerabilities are patched, and to avoid clicking links in emails without carefully verifying that it’s actually from someone you know — and isn’t an attempt to infiltrate your systems.

CSE states “individual or groups of patriotic hackers may seek to instill chaos against any victim they can find online. So do the basics at home, take cyber security seriously and remain vigilant, and remember you still have a role in cyber security at your place of work as well.

It will make a difference.”

Source: Globe and Mail / Global News