Scammers behind 1,000 government of canada covid-19 websites.
Cyber defence agency issues warnings
Canada’s cyber defence agency has identified over 1,000 websites falsely parading as Government of Canada COVID-19 pages that are in fact designed to scam Canadians.
In a new report on COVID- 19- related cyber threat activity, the Canadian Centre for Cyber Security ( CCCS) says health care and medical research facilities, Canadians employed in “areas of strategic interest” working from home, and financial institutions are under increasing threat from cyber threat actors.
“Cyber threat actors of varying motivations and sophistication have taken advantage of the COVID-19 pandemic in recent months as a thematic lure or subterfuge for their malicious activities, such as cyberespionage and cybercrime,” the CCCS writes in a report based on both classified and unclassified sources.
Of particular interest to cybercriminals, and particularly state- sponsored ones, is Canada’s health care and medical research sector.
In some cases, the cyber threat actors use software such as ransomware to extort money out of health-care organizations such as medical clinics and hospitals.
If employees and organizations aren’t attentive to potential cyber security issues, the impacts could be major, CCCS warns.
“Ransomware attacks against health- care providers, research facilities, and medical manufacturers will have negative consequences on patient care and hinder the development and production of Canadian medical research and domestic supply chains,” reads the report.
In other cases, foreign intelligence services are targeting research facilities in the hopes of stealing intellectual property related to the COVID-19 virus and potential treatments.
“State intelligence collection requirements have shifted in response to COVID-19. We judge it is almost certain that cyber espionage directed at Canada will continue to attempt to steal Canadian intellectual property relating to COVID-19 medical research, as well as classified information regarding Government of Canada responses,” the centre warns.
Canadians are also increasingly at risk of being scammed, defrauded, spied upon or exploited as a technological vulnerability by cyber criminals.
As of April 27, the cyber defence agency says its launched procedures to have over one thousand “malicious imitations” of federal government websites related to COVID-19 taken down. Most of these websites were related to the Canada Revenue Agency or the Canada Emergency Response Benefit.
And that only seems to be the tip of the iceberg.
“CCCS was aware of over 120,000 newly registered COVID-19 themed domains, a large proportion of which was considered malicious or related to fraudulent activity. One notable SMS phishing campaign claimed to notify the victims awaiting a Canada Emergency Response Benefit (CERB) deposit with a link where they could access their benefits, but only once they divulged personal financial details,” the report details.
But employees currently working from home have now become an increasingly appealing target to cyber criminals of all stripes.
“Cyber threat actors are increasingly attempting to identify and exploit the devices of individuals working at home, particularly targeting those who are employed in areas of strategic interest,” the CCCS notes.
Among the main vulnerabilities cyber criminals are trying to exploit, the centre notes popular VPN services ( such as Pulse Secure), cloud- based applications ( such as Citrix), “poorly secured” Microsoft Remote Desktop Protocol (a tool used to support remote working) and video- conferencing tools like Zoom.
Canadian banks are also an increasingly attractive target for foreign state-sponsored cybercriminals as the COVID-19 pandemic tears through the global economy, warns the report.
“We judge that increased state- sponsored or state- tolerated cybercrime will very likely continue to pose a significant risk to Canadian financial institutions,” writes CCCS.
The reason: countries whose economies were already in poor shape before the pandemic, particularly because of international sanctions, will “very likely” turn to state- sponsored cybercrime in order to steal funds.
The report also highlights that it is “very likely” that “authoritarian” governments use the pandemic as a cover to deploy spying technology against expatriates living in Canada or Canadians living abroad. The report does not identify any such country by name.
“In the past, telecommunications surveillance products — such as those of surveillance technology company NSO Group — have been marketed to authoritarian governments, who have used them to covertly target Canadians in Canada,” reads the April 27 document.
One silver lining highlighted by CCCS is that Canadians have not been overtly targeted by foreign or local disinformation campaigns involving COVID-19.
“We do not assess Canada or Canadians to be a high- priority target of COVID-19- related influence campaigns,” the report’s authors write.
The cyber defence agency also warns that as social distancing efforts begin paying off and infection rates start dropping, cybercriminals will start turning their attention to new coronavirus- related scams.
“As social distancing efforts begin to ‘ plank the curve’ and the wider public grows increasingly anxious for a return to normalcy, we expect that cybercriminals will likely begin crafting phishing lures which play on an increased appetite for information around COVID-19 vaccine development and production,” the report says.