On March 14th New Brunswick will become the latest Maritime province in Canada to announce plans to remove all COVID-19 restrictions and guidelines. At that time, all mandatory orders will be lifted, which means masks won’t be required indoors or out, capacity limits will be eliminated and physical distancing requirements will end. Also gone, isolation requirements for the general public and proof of vaccination will no longer be required at facilities such as gyms, entertainment centres, churches and restaurants.
This should be an exciting time for us. But, the thrill of Covid becoming a thing of our past, is tainted by the suffering of the Ukrainian people at the hands of a mighty foe. As the Russian government attacks their neighboring state, most NATO aligned countries are sending in reinforcements. Not people, weapons and personal protection gear. It turns out that helping mankind may come with a price.
***Disclaimer: Despite the tone of the next few paragraphs, this is neither a political article, nor one that demeans the people of Russia. In fact, we feel this is (of course) a VERY difficult time for Ukrainian’s as well as Russian citizens. Additionally, we believe that it is our responsibility to let you know how the current events may affect your personal and business devices.
According to an article by CTV News – published on March 3rd, they wrote, “There have been several rounds of announcements of support from Canada, ranging from sanctions to humanitarian support. In terms of what military lethal and non-lethal aid has been committed since Feb. 27, here’s a breakdown of what the federal government says has been sent or will soon be on its way:
- 4,500 M72 rocket launchers and up to 7,500 hand grenades;
- $1 million towards the purchase of high-resolution modern satellite imagery;
- 100 Carl-Gustaf M2 anti-tank weapons system launchers and 2,000 rounds of ammunition;
- 1,600 fragmentation vests and 400,000 individual meal packs;
- $25 million in helmets, body armour, gas masks, and night vision gear; and
- Two C-130J tactical airlift aircraft and a team of 40-50 personnel to deliver aid and support.”
No matter your thoughts about the war, or your opinion about your mother-country sending reinforcements, there will be fallout from the Russian government. Attacks will happen and viruses will be spread to EVERY country – NATO affiliated or not – that “interfered with Russia’s special military operation in Ukraine.”
The thing is, we did “interfere.” We Canadians are extra nice, right? We like to help people, especially: underdogs, the innocent, and most certainly… victims. But, sometimes being nice can backfire. Especially, when big, bad bullies see kindness as a sign of weakness. So, what will the Russian government do to ALL of the countries who interfered? Attack them. Day and night for the rest of the foreseeable future.
Of course, we hope the only attacks that Russia will unleash on most of the “Western World,” will be limited to… the cyber kind.
But, why would Canada be on the Russian government’s radar when so many other countries have sent far more reinforcements than we did? Because we did something else to poke the big, bad bear.
For one thing, we placed sanctions on Russia and directly targeted Russian President Vladimir Putin, Foreign Minister Sergey Lavrov and figures in the Belarusian regime. But, there was something else. Something that REALLY ticked off the government-appointed Russian cyber criminals.
Since the Russian invasion began, Canada has been among the Western countries to provide cyber support to Ukraine. The Ukrainian government called for volunteers to ‘join its IT army,’ and we answered… by launching distributed denial of service (DDS) attacks against the Russian government, businesses and bank websites.
As if cyber attacks weren’t already out-of-control since the onset of Covid, things are about to get a WHOLE lot worse.
In excerpts from an article by the National Post, they wrote, “CSE said it was ‘sharing valuable cyber threat intelligence with key partners in Ukraine’ and continued to ‘work with the Canadian Armed Forces (CAF) in support of Ukraine, including intelligence sharing, cyber security, and cyber operations.’
‘Russia has significant cyber capabilities and a demonstrated history of using them irresponsibly,’ CSE noted. It said that while it was ‘not aware of any current specific threats to Canadian organizations’ in relation to events in and around Ukraine, there had been an historical pattern of cyber attacks on Ukraine having international consequences.
CSE said in its emailed statement that given ‘Russia’s ongoing, unjustified military offensive in Ukraine’ it ‘strongly encouraged all Canadian organizations to take immediate action and bolster their online cyber defenses’.”
Russia’s cyber warfare is a problem for everyone
In excerpts from an article by Global News, they wrote, “Canada is reviewing its cyber defenses to make sure it’s secured against potential cyberattacks from an increasingly aggressive Russian Government. Experts say you should do the same at home.
While cyberattacks are already pummelling Ukraine, they could affect the average Canadian in a number of ways, too. They could hit your pocketbook, permanently wipe important files, and delete sentimental photos from your electronics. In severe instances, they could disrupt the critical infrastructure we rely on.
‘You are a potential cybersecurity risk. The threat does apply to you,’ said Andrew Loschmann, co-founder and COO of cybersecurity company Field Effect.
‘This is something that a lot of people will dismiss and figure, ‘it’s not a problem for me,’ but the reality is, it is a problem for everyone.’
The Russian government has already launched attacks both on the ground in Ukraine and in the online space. Those attacks, according to experts, have been relentless. Microsoft described Russia’s recent cyberattacks against Ukraine as raising ‘serious concerns under the Geneva Convention.’ Russia has also been blamed for major new disruptive malware in Ukraine, prompting a warning from the Canadian Centre for Cyber Security.
While recent Russian attacks have primarily targeted Ukrainians, Microsoft said, you’re likely using some of the same software — meaning your computer is at risk of being exploited.
Here’s what you need to know to stay cybersecure amid a growing Russian threat.
What does a Russian cyberattack look like?
The Russian government has sophisticated capabilities in the cyber warfare space, according to experts, and it’s already deployed some of its online troops.
‘Just as Russia has great military might, they certainly have the same capability in terms of cyber warfare,’ Loschmann said.
Russia’s cyber warfare infrastructure is large and varied. The U.S. government’s Congressional Research Service published an analysis of Russian cyber units earlier this month, which described ‘sophisticated cyber capabilities’ in Russia to conduct everything from ‘disinformation’ and ‘propaganda,’ to ‘espionage’ and ‘destructive cyberattacks.’
These nefarious operations take a number of forms, including hacking into systems abroad, targeting operational technology networks with destructive malware, or accessing accounts through passwords leaked on the dark web.
Another example of this warfare is a new, disruptive virus known as HermeticWiper. The malicious software penetrates a system and then proceeds to wipe all the data that belongs to a government agency or a company, making it unrecoverable.
HermeticWiper is a new, severe consequence that can arise from a simple cyber-safety mistake, according to Terry Cutler, who is an ethical hacker and the CEO of the data defense service firm Cyology.
Before, he explained, ransomware would generally contaminate your computer, scramble your data, and the bad actor would release it when you give in to their request — generally by paying them money. However, this new virus ‘destroys the data’ so you ‘can’t retrieve it anymore.’
‘I foresee a lot of that happening, where people just click on a link…they’re not supposed to, and their data is gone,’ Cutler said.
This could be a big issue if all the data is wiped from an important institution like a bank, according to Cutler, especially if important data that gets wiped isn’t backed up anywhere. The worst-case-scenarios of these cyberattacks could result in disruption to major elements of our society, Cutler warned.
‘A lot of people think, Well, who’s going to want to hack my computer? But they don’t realize that when the banks get hit, they can’t get access to their money,’ he said.
‘Maybe the power grid gets shut down or the water treatment plants get contaminated. Those are all things that happen in cyberspace. It can affect us in the real world, because everything now is interconnected.’
But a cyberattack doesn’t have to be that severe to have an impact. Something that could affect the lives of individual Ukrainians, or individual Canadians, is what Loschmann called ‘patriotic motivated hackers.’
‘These attacks are more or less indiscriminate, and the attackers might just choose a victim of opportunity. And that might be you as an individual, or that might be you as a very small business owner, really just looking to find any target or any victim that’s out there,’ Loschmann said.
Often these hackers will try to ‘discredit or embarrass’ their victims through methods like defacing websites or disrupting the victims’ ability to conduct business or live their lives as they normally would.
One of the more disconcerting elements of Russia’s cyber attack capabilities, Loschmann added, may have already been accomplished — accessing systems but then lying dormant.
‘Consider that Russia is one of the most sophisticated and capable cyber threat actors in the world,’ he said.
‘You have to avoid…there is potential to be overly dramatic here, but it’s important to think about what options might already be at the disposal of the Russian government and with the ever increasing sanctions, what might provoke them to trigger some of them?’
How can you beef up your cyber defenses?
With the threat of Russian cyberattacks looming, experts say it’s as good of a time as ever to ensure your online presence is secured.
Some of the things you can do are quite basic. Give yourself a strong password, and enable two-factor authentication, so you get a code sent to your phone before logging into a device or account.
‘Let’s take an example: I had a great day at work, 2022, exclamation point. Pretty simple phrase. All you do is remove the spacing, capitalize each word, and that password alone will take ten years to crack,” Cutler said.
Passwords can be guessed, Cutler explained, especially with the help of online quizzes that ask you identifying information, such as the name of your childhood pet, or your favorite color. They also can be leaked on the dark web, where hackers can find them and access any of your accounts that use the same password.
It’s also smart to keep your systems updated, he added, so any security vulnerabilities are patched, and to avoid clicking links in emails without carefully verifying that it’s actually from someone you know.
As for the Canadian government’s role in all of this, the Communications Security Establishment (CSE) confirmed to Global News that it ‘has been tracking cyber threat activity associated with the current crisis (in Ukraine).’
And while the CSE’s Cyber Centre said it ‘is not aware of any current specific threats to Canadian organizations in relation to events in and around Ukraine,’ there has been a ‘historical pattern of cyber attacks on Ukraine having international consequences.’
While the scale of those potential consequences could be ‘daunting,’ according to Loschmann, it’s important not to lose perspective of the fact that cyberattacks will likely focus on businesses.
‘That said, individuals or groups of patriotic hackers may seek to instill chaos against any victim they can find online. So do the basics at home, take cyber security seriously and remain vigilant, and remember you still have a role in cyber security at your place of work as well,’ he said.
Being vigilant, ‘Will make a difference.’
Oddly, as we were writing this article, we received an email from Malwarebytes. In it they wrote, “Following the invasion of Ukraine, the cybersecurity community is watching diligently for any increase in cyberattacks or a change in their nature.
As we’ve seen with previous global crises, cybercriminals will often use these times of fear and uncertainty to advance their goals. There is also a danger that cyberattacks conducted as part of the conflict will affect people and organizations outside the region.
To our valued customers around the world, we urge you to take steps to ensure you’re protected; to use caution when browsing online and interacting with email, and understand the potential cybersecurity impacts of Russia’s invasion of Ukraine. For additional information on how to protect your data and privacy, we recommend this guidance.
On a final note, Adaptive was recently approached by a business owner – with offices in Northern New Brunswick and Newfoundland – who was inquiring about our cyber security plans. He’d had a diagnostic review from BDC – which is similar to our approach – and they said one of the biggest items they needed to focus on is Cyber Security.
The take-away from this example is two-fold: 1) if you feel that Adaptive is pushing their own agenda (the importance of cyber security for ALL businesses), then have an independent assessment about your business. 2) There are very few cyber security experts in this region. Don’t wait until it’s too late to secure Adaptive as your cyber security partner.
At Adaptive Office Solutions, cyber security is our specialty. When you know your technology is being looked after, you can forget about struggling with IT issues and concentrate on running your business. By making an upfront investment in your cybersecurity, you can lower your costs through systems that are running at their prime; creating greater efficiency and preventing data loss and costly downtime.
To schedule your Cyber Security Risk Review, call the Adaptive Office Solution service hotline at 506-624-9480 or email us at email@example.com