Cyber attacks up 151%, at least
The new head of Canada's cybersecurity centre says his first months on the job have been a “dizzying” experience of responding to one major incident after another, including a cyberattack from a hostile state against a federal government department in recent months.
“The last eight months have been somewhat a dizzying experience of a number of cyber incidents and managing all these cyber incidents,” Sami Khoury, who was named head of the Communications Security Establishment's (CSE) Canadian Centre for Cyber Security last august, told the audience at the Cyber UK conference Wednesday.
“Day one of the job, the federal election is called,” he began listing, noting that the government suddenly was responsible for defending the entire country at a time of particular interest for foreign states looking to interfere in Canada's affairs.
Then, just as the election ended, Newfoundland suffered a major cyber attack that crippled the province's health care system for weeks and led to 200,000 files being stolen. That required CSE to deploy a team to help the province essentially rebuilding its IT systems, Khoury told conference attendees.
Shortly after, CSE scrambled to help cyber defenders address a major vulnerability, known as Log4j, in a nearly ubiquitous software library that hackers quickly tried to abuse. At the time, it was qualified as of the single most critical vulnerabilities in the last decade.
At the same time, Khoury said CSE was trying to handle “a number” of ransomware incidents, which he has frequently qualified as one of the biggest cyber threats Canada faces right now.
In 2021, 304 ransomware attacks were reported to CSE, a 151 per cent increase on the previous year but still likely a drop in the bucket compared to the real number because the problem remains “way, way under-reported,” he said.
Khoury said that by the beginning of 2022, “we thought we would celebrate a quiet New Year,” he told conference attendees.
But that hope was dashed by a previously undisclosed “nation-state incident against one of our federal government departments.” He did not specify which hostile state was behind the attack, nor which department it targeted.
The only known incident around that time is a significant cyber attack against Global Affairs Canada (GAC) that was first detected on Jan. 19. The incident forced the department to shut down a host of internal programs for days and sometimes weeks to prevent further damage.
In an interview after his panel (but before it was made available publicly online), Khouri declined to say who was behind the GAC attack but noted that it was a “sophisticated incident.” He also confirmed that there was no private or sensitive government information that was either compromised or stolen during the GAC incident.
“We have not come out publicly with anything that points fingers at who's behind this,” he told National Post.
Then, Russia launched its invasion of Ukraine, creating significant concerns of increased attacks from the country that is repeatedly listed as a key hostile cyber threat to Canada. Khoury also spoke of “another incident we had to manage,” but did not provide any more detail.
But despite the fears of a looming cyber war with Russia since its invasion of Ukraine, the head of Canada's Cyber Security Centre says that Canadian organizations have not been targeted by Russian cyber criminals ... yet, he specified in an interview.
“We haven't seen anything in Canada that we can find a fingerprint that, `this is Russia turning its sights to Canada' at this point,” he said, noting that most of the country's cyber attacks have focused on Ukrainian targets.
But “we want Canadian businesses to be ready for when that happens,” he added, because the issue is serious and the threat is real. “Russia is throwing everything and the kitchen sink in the Ukraine conflict.”
But it's not because Canada isn't directly targeted by Russia yet that CSE isn't watching what it's doing to Ukraine and using that as a warning of what could be to come here.
“In the early days of the Russia campaign ... we saw them go against Ukrainian banks. So then we issued an advisory about trying to protect your web-facing servers,” Khoury detailed.
“Then we saw them flood the airwaves with misinformation and disinformation. And we issued another bulletin with that information,” he continued.
“Then we saw them deploy very nasty, destructive malware in the Ukraine,” he said. “It's a bit of a game of cat and mouse ... Every time we observed something to Ukraine, we turned around and updated Canadian guidance or made it a little bit more customized.”