Hackers target Canadian banks, mining companies, MPs told
OTTAWA — Foreign hackers have targeted Canadian banks, mining companies and government institutions in recent years to steal valuable secrets and spread malware, a leading cybersecurity analyst warns.
In February 2017, multiple major Canadian financial institutions were exposed to the risk of state-sponsored cybertheft from North Korea in a scheme to redirect people to malicious downloads that would seize control of their computer, says Christopher Porter, chief intelligence strategist at California-based security firm FireEye.
A number of Canadian financial organizations appeared prominently on the ultimate target list, he told the House of Commons committee on public safety and national security.
At least a half-dozen organized-crime groups conduct financial crime operations targeting companies and people in Canada with a sophistication once seen only among nation-states, Porter said Wednesday.
FireEye routinely uncovers major underground sites selling thousands of stolen Canadian credit cards at a time, sometimes from major banks, but also targeting customer accounts at smaller banks and credit unions, he added.
FireEye, which works with Canadian military and publicsafety institutions, said Canada is often one of the first nations targeted for new types of cyberoperations due to its financial wealth, high-tech development and membership in NATO.
One group in particular, which the firm calls FIN10, has focused specifically on Canada since 2013, carrying out numerous intrusion operations against gambling and mining organizations, pilfering business data and extorting victims, Porter said.
“The cyberespionage threat to Canada is moderate, but could be on the rise,” he said. “We have observed 10 separate espionage groups from China, Russia and Iran targeting Canada in recent years.”
Organizations in the government, defence, high-tech, nonprofit, transportation, energy, telecommunications, education, and media sectors, among others, have all been affected — much like they have in many Western countries, he said.
The Canadian Centre for Cyber Security warned in its recent annual report that the biggest online threat Canadians face is cybercrime including theft, fraud and extortion.
It also said foreign countries are very likely to try to advance their agendas in 2019 — a general election year — by manipulating Canadian opinion with malicious online activity.