National Post (National Edition)
BEWARE RUSSIAN HACKERS, CANADA WARNED
Infrastructure likely target, experts say
OTTAWA • Canada's digital cybersecurity agency is warning the country's “critical infrastructure” providers to be increasingly wary of attacks from Russia-backed hackers as tensions between the two countries increase over the threat of war in Ukraine.
Experts say those attacks could come in a range of forms, from a “widespread ransomware attack” to a “single, carefully focused” attempt to significantly impact core infrastructure.
“Canada's Cyber Centre … is aware of foreign cyber threat activities, including by Russian-backed actors, to target Canadian critical infrastructure network operators, their operational and information technology,” the agency, which is part of the Communications Security Establishment (CSE), noted in a bulletin published late Wednesday.
CSE's brief statement comes on the heels of similar and much more detailed warnings from their U.S. and U.K. counterparts.
Both warn their countries' cybersecurity communities to be in a “heightened state of awareness” and begin proactively hunting for risks to their networks as threats from Russia loom increasingly large.
A spokesperson for Canada's Cyber Centre declined to say if it had noted an increase in cyberattacks from Russian-sponsored hackers; which methods they were most likely to use, or which of Canada's “critical infrastructure” sectors was a likely target.
But according to David Masson, director of Enterprise Security at cyber-AI defence company Darktrace, just the fact that Canada, the U.S. and the U.K. put out the warnings speaks to the direness of the Russian threat.
“The depth of the information provided by the U.S. and the urgency used underlines the seriousness of this situation. These government bulletins do not come without sufficient research and justification,” he said in an email.
“While we can speculate what exactly drove this alert, the more important message is that the entire world should be watching the heightened tensions surrounding Russia's intentions towards Ukraine and, especially, the recent publicly acknowledged cyberattacks.”
The warning comes as Canada's Foreign Minister Mélanie Joly finishes a series of meetings in Europe with allies regarding Russia's increasing threat of invading Ukraine.
Wednesday, Prime Minister Justin Trudeau said that Russia is looking for “excuses” to invade its neighbour to the west as Canada debates whether it sends weapons and training resources to Ukraine.
That means Russian leader Vladimir Putin is watching Canada's moves closely, likely painting an even bigger target on this country's back when it comes to Russian-sponsored cyber threats.
In 2020, CSE noted that state-sponsored threat actors such as Russia were “very likely” trying to develop tools that would allow them to disrupt our critical infrastructure “such as the supply of electricity.”
It also concluded that they were unlikely to seek to disrupt Canada's critical infrastructure and cause “major damage or loss of life.” But there was a major caveat to that: “in the absence of international hostilities.”
This raises the possibility that if Canada were to go to war with Russia, Russian-backed cyberattackers could seek to cause massive damage and possibly casualties through cyberattacks on Canadian infrastructure.
“A cyberattack on any of Canada's critical support systems could cause crippling disruption to the population and the economy,” Masson warned. “For this reason, protecting critical infrastructure and the operational technology (OT) behind it is increasingly regarded as a matter of national security.”
Masson says there is no doubt that cyberattacks against Canada have increased recently, and Russia is a key actor behind it.
“Canada, and our allies, have experienced a general increase in cyberthreat activity throughout the last year, including ransomware attacks, supply chain attacks, and the exploitation of discovered vulnerabilities in commonly used software,” he said in an email.
“Russian-linked groups have been among the drivers of this activity.”
Masson says his company noted that information technology and communications sector was the “most attacked” industry last year. That shouldn't come as a surprise considering that the highest-profile attacks were on software companies like SolarWinds or ones that exposed billions of devices such as the “Log4Shell” vulnerability.
An attack from Russia on Canadian infrastructure could come in many forms, but the goal will be to have the highest impact possible, he noted.
“Should Russia-backed cyber threat activity launch against Canada, we can expect to see anything from a widespread ransomware attack to a single, carefully focused but impactful attack on our infrastructure,” Masson explained.
“It may take some time to work out what is going on (or what happened), as Russia has a long history of distracting opponents from its real intentions,” he added.
The U.S. bulletin notes that Russian state-sponsored cyber threat actors have often used common tactics to gain access to organizations' networks without them knowing.
“Russian state-sponsored advanced persistent threat actors have used sophisticated cyber capabilities to target a variety of U.S. and international critical infrastructure organizations, including those in the Defense Industrial Base as well as the Healthcare and Public Health, Energy, Telecommunications, and Government Facilities Sectors,” the Americans warned.