A Potluck of Canadian Cyber Attacks

img blog A Potluck of Canadian Cyber Attacks r2

It seems that our fearless leader, Brett Gallant, is stopped on a regular basis – at the grocery store, gas station, pharmacy – and asked some form of this same question: Are cyber attacks really as bad as you make them out to be? 

His answer?

No. They’re worse. 

But instead of taking our word for it, we’re going to present a veritable buffet of Canadian cyber-attack stories. We’ll start with “Main Courses.” These are 3 hearty stories that will be followed by “8 Side Dishes,” which are several smaller, bite-sized tales. And we’ll top it off with a single dessert – a disturbing article by the National Post, called: Canada the target of ‘thousands’ of cyberattacks every day, CSIS reveals. Let’s dive right in…

Main Courses

A recent, eye-opening article was called, Canadian admits to hacking spree with Russian cyber-gang. In it, the BBC wrote, “An ex-Canadian government IT worker has admitted to being a high-level hacker with a Russian cyber-crime group.

Sebastien Vachon-Desjardins, from Quebec, Canada, has agreed to plead guilty in a Florida court. The 34-year-old was affiliated with the NetWalker ransomware crew, which has attacked companies, municipalities, hospitals, schools, and universities. 

When he was arrested, police discovered he was in possession of $27m (£22.2m) in Bitcoin and nearly 800,000 Canadian dollars in cash was found in Sebastien Vachon-Desjardins’ apartment

The case represents a rare example of a successful arrest and prosecution of a hacker working for a Russia-based cyber-crime group. US court documents state that the Canadian was one of NetWalker’s most prolific affiliates.

Evidence gathered by police shows he went on a hacking spree between April and December 2020, attacking 17 Canadian companies and many others around the world.

NetWalker operated a ransomware-as-a-service criminal business, offering its malicious software and extortion website to hacker affiliates.

The leaders, who are still at large, communicate in Russian online and ensure that their malware does not infect Russian computer systems, or those of former Soviet countries which are now members of the Commonwealth of Independent States.

Affiliates like Mr. Vachon-Desjardins are responsible for identifying and attacking high-value victims with ransomware. NetWalker developers and affiliates split the ransom or, if the victim refuses to pay, a share of the money made from selling the stolen data.

Mr Vachon-Desjardins was arrested in Canada in January 2021 and subsequently extradited following a US investigation into the cyber-crime group, which dismantled its online operation and uncovered a database of affiliate details. It revealed the NetWalker group had roughly 100 members, including affiliates, who extorted at least $40m [each] from victims.

In each incident, the victims would find a note on their computers reading: ‘Hi! Your files are encrypted by NetWalker. Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to co-operate with us and get the decrypter program. For us, this is just business.’

Police seized dozens of computers and storage devices, 719 Bitcoin worth approximately C$35m and C$790,000 in cash from M.r Vachon-Desjardins’ house. The hacker is a former IT consultant for Canada’s public works and government services department.

On his LinkedIn profile, he says he worked for various government departments from 2010 onwards and cites expertise in responding to cyber-security incidents.

He is pleading guilty to one count of conspiring to commit computer fraud, and one count of transmitting a demand in relation to damaging a protected computer. The court has agreed not to proceed with two other charges. He will be sentenced at a later date and could face 10 years in prison.”

In keeping with the Russian theme, another recent article was published by GlobalNews.ca. In it, they wrote, “The Canadian government is on “high alert” for cyberattacks by Russia and others amid a global threat environment that continues to shake the foundations of the post-second World War international order.

Public Safety Minister Marco Mendicino issued the warning during an appearance at the House of Commons public safety committee on Thursday morning. He told members of the committee that the threat is not just to the federal government but also to provinces and critical infrastructure.

“I cannot emphasize enough how important it is that, in the current geopolitical environment in which we find ourselves, that we are very much on high alert for potential attacks from hostile state actors like Russia,” said Mendicino.

He described those attacks as potentially coming in the form of cyberattacks and ransomware “which look to identify potentially valuable targets to Canadian interests like critical infrastructure but equally, to sub-national targets, different orders of government, different sectors to the economy.

His comments come as the committee studies the nature of the threats posed by Russia to Canada. But under Canadian law, there is no obligation on companies or service providers to report if they are the target of a cyberattack, including ransomware.

Mendicino said that could change.

“I absolutely think it’s something that we need to be considering, for sure,” he said in response to a question about whether it should be mandatory to report cyber attacks.

“It’s an option that we are considering very carefully.”

Canadian critical infrastructure and governments have been hit with repeated cyberattacks over recent years. Among those are Toronto’s Humber River Hospital, the Toronto Transit Commission, beef producer JBS Canada, the City of Saint John in New Brunswick, and multiple small municipalities and towns.”

But it’s not just Russian hackers attacking Canadian businesses, recently a 16-year-old teenager from Oxford, England was accused of being a multi-millionaire cyber-criminal. 

The boy’s father told the BBC: “I had never heard about any of this until recently. He’s never talked about any hacking, but he is very good with computers and spends a lot of time on them. I always thought he was playing games.”

Although he never attacked Canadian targets, it goes to show you how easy hacking is becoming, if you have the right software. 

In an article called,20 Best Ethical Hacking Tools & Software (Aug 2022 Update), they wrote, “Hacking Tools are computer programs and scripts that help you find and exploit weaknesses in computer systems, web applications, servers, and networks. There are a variety of such tools available in the market. Users can easily download hack tools for ethical hacking. Some of them are open source while others are commercial solutions.

Following is a handpicked list of Best Hacking Tools, with their popular features and website links to download hacker tools. The list contains open-source (free) and paid software.”

The article stresses the “ethical” type of hacking, but if software can exploit weaknesses in computer systems, web applications, servers, and networks (with the intention of patching them), it can also use that information to break into computers and IT infrastructures in order to extract data. 

Getting back to cyber attacks specifically in Canada, let’s take a look at our 3rd Main Course:  an article that was published by Canadian Lawyer. In it they wrote, “More than half of cyber attacks in Canada last year were ransomware attacks.  There is an unabated increase in the velocity of growth in cyber-attacks.

The number and severity of cyber-attacks increased significantly in 2021, so organizations must heighten vigilance and improve awareness at all levels, according to a new study by Blake, Cassels & Graydon LLP. The firm’s third annual Canadian Cybersecurity Trends Study reports that 55 percent of cyber-attacks last year were ransomware attacks.

“It’s not just the frequency, but the complexity of attacks, the techniques that are being layered on, the quantum of the ransoms, and in the business email compromise world, it’s the amount that is being defrauded,” says Sunny Handa, a partner at Blakes. “All those things are continuously increasing.”

Ransomware attacks generate considerable money for the perpetrators and are fairly easy to implement, Handa says, so it is unsurprising that they have become so prevalent.

The report also found that ransom payments continue to rise, with 25 percent of ransom payments now exceeding US $1-million. Attackers are targeting a wide range of industries across Canada.

In approximately 40 percent of cyber-attacks, corporate data and personal information of an organization’s employees was accessed and/or exfiltrated. The report recommends that organizations undertake a data mapping exercise in which they identify their crown jewels – sensitive corporate information and any personal information they hold – and then implement appropriate safeguards such as encrypting, restricting access, or password-protecting more sensitive information.

Handa is not surprised by the report’s finding that 83 percent of companies hit by a cybersecurity attack did not report it to law enforcement.

“Law enforcement is getting better at this, so I think those numbers will change,” he says. “It is difficult for them to find the hackers because they are generally overseas. I think what needs to happen is a better relationship between breach coaches and law enforcement so that everyone has a clearer understanding of who is doing what in the middle of a breach.”

Software vulnerabilities are becoming an increasing root cause of cybersecurity incidents, with 34 percent now caused by unpatched software vulnerabilities, according to the report. Attackers can exploit vulnerabilities in programs used by organizations to gain access to their environment and carry out the attack. In nearly half of cybersecurity incidents (49%), the attacker was able to exfiltrate data, meaning it was able to remove data from the organization’s environment and store it on a computer system that it controls.

To help mitigate this risk, it is important to ensure critical security updates are patched quickly, the report states, and to provide ongoing cybersecurity training to the employees.

Handa reminds legal departments that cybersecurity is an enterprise risk, not [just] an IT issue.

“Anyone who thinks this gets fixed in the IT department is not getting [the] point,” he says. “This needs to start off at the board level or senior management suite level. They are going to need to take this seriously, and allocate resources and financial budget – but the costs are much much higher in an attack.”

In the event of a cyber attack, Handa advises organizations to contact the right professionals such as a breach coach and an insurance company.

“Don’t unplug your systems, especially if there is an encryption process happening, as you could irrevocably lose your encrypted files,” he adds.

Side Dishes

These bite-sized (cautionary) tales seem to hit closer to home (all of which have happened in 2022), but remember, nearly 95% of cyber attacks go unreported. The fact that there are countless Side Dishes, should be evidence of a MUCH bigger problem. Here we go…

Town of St. Marys

The Town of St. Marys is investigating a cyber security incident that locked its internal server and encrypted its data.

The incident occurred on July 20, 2022. Upon learning of the incident, staff took immediate steps to secure any sensitive information, including locking down the Town’s IT systems and restricting access to email. The Town also notified its legal counsel, the Stratford Police Service and the Canadian Centre for Cyber Security.

The Town is now working with cyber incident response experts to investigate the source of the incident, restore its backup data and assess the impacts on its information, if any. These experts are also assisting staff as they work to fully unlock and decrypt the Town’s systems, a process that could take days.

Waterloo Region District School Board

Waterloo Region District School Board (WRDSB) says it’s working on restoring its IT system and safeguarding personal information after what it’s calling “cyber incidents.” 

“We have confirmed that data was stolen and we are working to determine the exact content of that data,” the board’s email to staff said in part. The board said it will provide staff with one year of complimentary credit monitoring – a service that notifies people about unusual banking activities.

The school board also said it’s retained expert advisors as they work to restore services. In a separate email sent to students and their families on Wednesday, the board said it “has now confirmed that an unauthorized person accessed and removed certain data from our systems.”

Manitoba and across Canada

An unspecified number of credit unions in Manitoba and across Canada were hit by a targeted cybersecurity incident last week, and a company that provides digital technology services to credit unions says it has implemented a crisis response plan.

Celero Solutions, a Calgary-based company, says it became aware of “unauthorized access to the company’s systems” on June 8.

The company’s website says its services are used by more than 115 credit unions and financial institutions across Canada. Celero did not indicate how many of those clients have been affected by the cybersecurity incident.

“The ability of some members to access online services may be impacted due to individual credit union’s actions as part of the ongoing investigation and response into the incident,” the company said.

Montreal

A Canadian company that supplies fighter jets for airborne training exercises has been hit with a ransomware attack.

Emsisoft threat analyst Brett Callow noted that attacks on companies in the defense sector are concerning because “there is no way of knowing where stolen data may end up.”

“Even if the individuals behind the attack are simply for-profit cybercriminals, they may sell the data or make it otherwise available to third parties which could potentially include hostile governments,” Callow said.

“There have been multiple attacks on companies in the defense industrial base sector in recent years, and government really needs to find a way to enhance security it’s supply chain.”

Quebec

In a notice sent to its community on Thursday afternoon, Collège Montmorency confirmed that an intrusion has indeed taken place in its computer system. Its internal network, paralyzed since Wednesday morning, will remain inaccessible for a few days, provides the Laval college.

Deeming the threat serious, the Cégep enlisted the help of the cyberdefense operational center of Quebec, the Ministry of Cybersecurity and Digital and the firm KPMG, specializing in cybersecurity. The Laval police were also called upon.

Toronto

Sunwing technical issue continues to disrupt travel plans for thousands of passengers. The airline says its check-in systems provider continues to experience a system outage and thousands of passengers remain stranded and the start of vacations delayed for others as the company continues to struggle with a technical problem that has grounded flights.

It says Airline Choice is working with relevant authorities to find a solution as soon as possible and is processing flights manually, subject to airport restrictions, curfews, and required crew reassignments.

“Our team has been working day and night to find alternate ways to get customers to their destination or on return flights home,” it said in a news release.

Elgin County, Toronto

Elgin County officials and politicians remain tight-lipped about the cyber disruption that’s rendered its government website and email system inactive for weeks, but say they’re optimistic it will be back online soon.

In the March 31 memo, the county’s top administrator said officials were concerned about “a very large amount of spam” sent to staff. Officials were working with an external consultant to determine the cause of the issue.

The online disruption has affected various Elgin County departments, including the library’s computer system and email correspondence between the community and officials.

In April 2019, the City of Stratford was forced to pay a ransom of $75,000 in Bitcoins after a cyber attack crippled its email and telephone systems and part of its website. Later that same year, a similar cyber attack jammed Woodstock city hall’s email and computer systems, costing the local government more than $667,000 to fix.

Banff, Ontario

Town of Banff officials say no one has claimed responsibility for the March 19 computer hacking incident, but would not say if anyone had threatened to sell or release data that was accessed as part of any ransom demand.

“At this stage, we would not be providing details about any contact, during the ongoing cybersecurity investigation,” said Jason Darrah, the director of communications for the Town of Banff. But, “We believe that some of our files were accessed, some of the data were accessed; it was very concerning that that could include personal information.” 

Municipalities can be favoured targets of cybersecurity incidents because their cyber defences aren’t as sophisticated as larger levels of government. Attackers believe cities and towns may be more willing to pay ransoms than other organizations because of the amount of personal information they hold.

In 2018, two small Ontario towns, Wasaga Beach and Midland, paid ransom demands to reclaim data after anonymous computer hackers held their computer systems hostage for more than two days. Wasaga Beach paid $35,000, while Midland did not disclose how much was paid.

Dessert

Those examples were just a select few from this list by Kon Briefing. If they weren’t disturbing enough, this article by the National Post will be…

In it they wrote, “Canada is the target of ‘thousands’ of cyberattacks every day, CSIS reveals. 

And, federal reports have listed state-sponsored cyber attackers as the greatest strategic threat to Canada. Both CSIS and CSE told the House of Commons national defense committee that they are seeing an uptick in both the number and the complexity of state-sponsored cyberattacks.

The eye-popping number, a glimpse by the Canadian national security agency into the number of cyberattacks targeting Canada on a daily basis, was revealed by Canadian Security Intelligence Service (CSIS) assistant director Cherie Henderson during testimony Monday at the federal national defense committee.

“Canada suffers thousands of cyber threat attacks on a daily basis all across the country and numerous organizations are under that attack,” Henderson said in response to a question by Conservative MP Kerry-Lynne Findlay.

“It is an ever-increasing issue and it’s something that we all need to be alive to,” she added. “There has been much more cyber activity … and many more cyber actors.”

The federal government defines a cyberattack as an attempt to “interrupt, manipulate, destroy, or gain unauthorized access to a computer system, network, or device” through electronic means.

During her testimony, Henderson said Canada’s spy agency is witnessing an “unprecedented” amount of change in the cyber threat environment as technology evolves ever more rapidly. And that makes CSIS’s and the Communications Security Establishment’s (CSE), Canada’s cyber defense agency, jobs much more difficult. The threat environment “has become more complex, increasingly fluid, less predictable, and consequently, more challenging,” she said.

“These types of activities are not going away, and in fact, are currently on an upward trajectory. CSIS has observed persistent and sophisticated state-sponsored threat activity for many years. And we continue to see a rise in the frequency and levels of sophistication of this threat activity,” Henderson said.

Declassified Canadian intelligence reports have increasingly warned of growing cyber threats against Canada’s energy sector, healthcare providers and eight other industries considered to be critical infrastructure.

In a report published in December, CSE said there had been 235 known ransomware attacks against Canadians in 2021, with more than half against critical infrastructure. And that was just the tip of the iceberg, considering that most incidents still go unreported.

“The COVID-19 pandemic has made organizations like hospitals, governments, and universities more mindful of the risks tied to losing access to their networks and often feeling resigned to pay ransoms. Cybercriminals have taken advantage of this situation by significantly increasing the value of their ransom demands,” CSE wrote.

At Adaptive Office Solutions, cybersecurity is our specialty. We keep cybercrimes at bay by using analysis, forensics, and reverse engineering to prevent malware attempts and patch vulnerability issues. By making an investment in multilayered cybersecurity, you can leverage our expertise to boost your defenses, mitigate risks, and protect your data with next-gen IT security solutions.

When you know your technology is being looked after, you can forget about struggling with IT issues and concentrate on running your business. By making an upfront investment in your cybersecurity, you can lower your costs through systems that are running at their prime; creating greater efficiency and preventing data loss and costly downtime. 

To schedule your Cyber Security Risk Review, call the Adaptive Office Solution service hotline at 506-624-9480 or email us at helpdesk@adaptiveoffice.ca

Categories
Archives