Lessons from the Biggest Canadian Cyber Breaches of 2023

Lessons from the Biggest Canadian Cyber Breaches of 2023

As we move deeper into the digital age, the cybersecurity landscape is evolving at an unprecedented pace, with threats becoming more sophisticated, targeted, and widespread. In Canada, 2023 marked a year of significant cyber incidents that sent shockwaves through various sectors, from healthcare and finance to transportation and retail. These breaches not only highlighted vulnerabilities in our digital infrastructure but also underscored the immense financial and operational toll that cyberattacks can inflict on organizations of all sizes.

Understanding the impact of these cyberattacks is crucial for several reasons. First, by examining the events of the past year, we can identify emerging patterns and tactics used by cybercriminals, allowing us to better anticipate and defend against future threats. Second, a retrospective look provides valuable lessons about the importance of robust cybersecurity measures and the dire consequences of neglecting them. Lastly, revisiting these incidents serves as a stark reminder that no industry is immune to cyber threats and that proactive, comprehensive security strategies are essential for safeguarding our digital assets.

In this article, we explore the most significant cyberattacks that shook Canada in 2023. From the high-profile breaches that compromised sensitive data to the disruptive denial-of-service attacks that paralyzed critical infrastructure, these incidents offer a sobering glimpse into the challenges we face in securing our digital world. By understanding the scope and impact of these attacks, we can better prepare ourselves to protect against the ever-present threat of cybercrime in the year ahead.

A Collection of Massive Canadian Cyberattacks

In excerpts from an article by Packetlabs, they wrote, “The amount of security breaches in Canada rises from year to year, with a staggering 85% of Canadian organizations having been impacted by cybercriminals in the past year alone. As the average cost of a data breach for Canadian organizations across all sectors now sits at $5.4 million, both businesses and the Canadian government are renewing measures to strengthen cybersecurity.

With the average Canadian organization spending 11.1% of its IT budget on cybersecurity, it’s no wonder why the government continues to issue legislation and amendments to current security-related regulations to better regulate how organizations protect sensitive data.

That leads us to the main event: your guide to the biggest cyberattacks in Canada in 2023. Let’s get started:

#1: The Distributed Denial of Service Campaign Targeting Multiple Canadian Sectors

In September 2023, the Cyber Centre was made aware of reports of numerous distributed denial of service (DDoS ) campaigns targeting multiple levels within the financial sector, the transportation sector, and the government of Canada.

These attacks are thought to have been politically motivated. Open-source reporting links some of this activity to Russian state-sponsored cyber threat actors whose tactics, techniques, and procedures have been extensively documented. This reporting indicates that the actors leverage denial of service tools to harass organizations.

How is this achieved? Well, through a collection of systems operating as a botnet that degrades a targeted web server’s ability to provide services. On-premises solutions can manage this malicious activity; however, assistance from third-party DDoS solutions should be considered to prevent significant and focused malicious activity. Websites will, generally speaking, return to regular operation once the actors have stopped the malicious activity.

#2: MOVEit File Transfer Utility and its Impact on Firms EY and Beneva

In 2023, accounting giant Ernest & Young and Quebec-based insurance company Beneva had to release statements to clients stating that their data was copied when the MOVEit servers of each respective organization were hacked.

In Beneva’s case, it was reported that less than 1% of its 3.5 million Canadian customer base was affected, resulting in the data of approximately 30,000 people being compromised.

In Beneva’s case, a spokesperson stated that all customers affected by the leak received a free 24-month subscription to credit monitoring and identity theft protection services in order to help mitigate the fallout.

For EY, however, the fallout was not as quickly contained: 62 clients of the “big four” accounting firm appeared on the Clop ransomware group’s data leak site. The ransomware group’s supply chain attack on the frequently-used MOVEit file transfer software leaked an estimated three terabytes of critical information about EY’s clients, including, but not limited to, financial reports and accounting documents in client folders, passport scans, risk, and asset management documents, contracts and agreements, credit agreements, audit reports, account balances, and more.

Impacted victims included Air Canada, Altus, Amdocs, Constellation Software, EY-Continental Transition, Laurentian Bank of Canada, LendLease, Sierra Wireless, SSC Fraud Risk Assessment, St. Mary’s General Hospital Surgical Services Review, Staples Canada, Sun Life Assurance of Canada, and United Parcel Service Canada Ltd, making it worthy of the title of one of the biggest cyberattacks in Canada in 2023.

#3: Midnight Blizzard Executed Mass Social Engineering Via Microsoft Teams

Microsoft Threat Intelligence published an advisory in August, providing the details of targeted social engineering activity by the hacker group Midnight Blizzard (also known as NOBELIUM), which was conducted via Microsoft Teams.

Using previously compromised Microsoft 365 tenants renamed to appear as tech support entities, Midnight Blizzard stole credentials by sending messages over Teams to engage with users and bypass the platform’s built-in multi-factor authentication (MFA) prompts.

While this campaign impacted less than 40 organizations globally, it did include targets within Canada. These organizations were advised to do the following to circumvent future related attacks:

  • Review the Microsoft advisory and look for indicators of compromise to determine if related activity has occurred.
  • Establish Employee Awareness Training surrounding phishing and implement procedures for what to do if a phishing attempt is received by an employee or key stakeholder.
  • Implement phishing-resistant MFA like FIDO2 security keys, Windows Hello, and Certificate-Based Authentication.
  • Enforce the management of administrative privilege
  • Fortify their business continuity planning

#4: Vulnerabilities Impacting HTTP/2 – Rapid Reset Played a Role in the Biggest Cyberattacks in Canada in 2023

Industry research orbiting a vulnerability impacting HTTP/2, a version of the HTTP protocol most commonly used for web servers, was released in 2023.

Reportedly, Vulnerability CVE-2023-44487 utilizes a flaw in HTTP/2 that, in turn, results in an overload of a targeted web server with malformed requests.

The result? A denial of service. Open source has reported that this vulnerability has been exploited in the wild. The original alert was published in an attempt to raise awareness of CVE-2023-44487, highlight the potential impact on organizations, and provide recommendations for Canadian organizations that may be targeted by related malicious activity.

It was advised that organizations review and implement the Cyber Centre’s Top 10 IT Security Actions with an emphasis on consolidating and monitoring Internet gateways and isolating web-facing apps.

#5: Indigo Lost $50M, in Large Part Because of Their Recovery Time Post-Cyberattack

Indigo lost a staggering $50 million in its last fiscal year, largely due to its highly publicized cyber breach.

The TSX-listed company posted financial results mid-2023 for their most recent quarter and full financial year up to April 1st, revealing that the book retailer posted revenue of $1.058 billion last year: a decline of $4.6 million, or 0.4%, from the year before.

In terms of merchandise sales, the number grew by $4.6 million (0.5%) to $1.015 billion, compared with $1.010 billion in the prior year.

This is all largely due to their infamous cyberattack in February when Indigo was hit by a massive cyberattack that rendered its stores unable to process debit or credit card transactions for several days. This resulted in their online sales being wiped out for nearly an entire month.

Cyberattacks like the one on Indigo reiterate the importance of investing in cybersecurity preemptively versus after a breach has occurred; this is particularly true for cyber insurance, which 48% of SMBs only purchase after a breach.

#6: Air Canada Employee Data Was Leaked in Security Breach

Popular transportation company Air Canada confirmed this year that it had experienced a security breach. This breach permitted an unauthorized threat actor group limited access to the “personal information of some employees and certain records.”

The company’s statement contained only limited information on the extent of the breach or when it occurred, but did stress that no customer information had been compromised in the incident. Representatives from Air Canada also reported that it quickly initiated measures to mitigate the breach’s impact, stating it has contacted the parties affected by the data leak and the relevant authorities.

Alongside this breach, the Canada Border Services Agency (CBSA) confirmed that a distributed denial of service (DDoS) attack caused connectivity issues that impacted check-in kiosks and electronic gates at numerous airports nationwide.

At this time, a pro-Russia hacking group claimed responsibility for several attacks targeting Canadian government organizations, including both the CBSA and the Canadian Air Transport Security Authority.

#7: Southwestern Ontario Hospitals Had to Rebuild Networks in the Wake of Cyberattacks

Five hospitals in southwestern Ontario were impacted by a sophisticated cyberattack in October and had to rebuild their networks from scratch.

“Through our investigation, we know that all our clinical and non-clinical systems were impacted as they are reliant on a safe secure network,” read a statement released by the hospitals’ IT provider, TransForm, and distributed by Windsor Regional Hospital, Hotel-Dieu Grace Healthcare, Erie Shores HealthCare, Bluewater Health, and Chatham-Kent Health Alliance. The statement went on to say that experts had advised TransForm that rebuilding all networks was the safest course of action moving forward.

The update also specified which systems were impacted and which records doctors may not be able to access. These systems included, but were not limited to: patient records and history; patient medication lists; pre-admission work-ups; and reports from other professionals involved in patients’ care.

This coincides with healthcare being one of the most targeted industries for cyberattacks for five years in a row, with unauthorized access in hospitals being up 162% since 2019.

#8: Cyberattacks Targeted Both Military and Parliament Websites in One of the Biggest Cyberattacks in Canada in 2023

A hacker group in India claimed ownership of a series of military and parliament-targeted cyberattacks. Still, Canada’s signals intelligence agency reported that the “nuisance” attacks likely did not put private information at risk. The attacks were aimed at government-controlled institutions but not the core infrastructure from which federal departments and agencies operate.

In September, the month the attack occurred, the Canadian Armed Forces stated that its website became unavailable to mobile users but was fixed within a few hours. It says their site is separate from other government sites, such as the one used by the Department of Defence and internal military networks, meaning the delay had no long-term ramifications.

Meanwhile, various House of Commons website pages continued to load slowly or incompletely due to an ongoing DDoS attack. “House of Commons systems responded as planned to protect our network and IT infrastructure. However, some websites may be unresponsive for a short period,” spokesperson Amelie Crosson said in a written statement that week.

#9: Suncor Energy Hit By Cyberattack, Impacting Petro-Canada Gas Stations Country-Wide

Calgary-based Suncor Energy was the latest oil company to report experiencing a cybersecurity incident in 2023.

The attack was first revealed when social media users reported an inability to use credit or debit cards at the company’s chain of Petro-Canada gas stations and difficulties accessing the company’s car wash services.

Canada hasn’t had a large-scale, successful cyberattack on a domestic oil and gas company. However, cybersecurity experts have warned for years that this country’s energy industry is an attractive target for cybercriminals. That includes financially motivated cybercriminals, such as ransomware attackers, and state-sponsored hackers seeking to create geopolitical mayhem.

Section summary

In 2023 and beyond, no industry is safe from cyber breaches. Proactive cybersecurity has never been more vital. Over the past five years, there has been a significant increase in attacks on public infrastructure, healthcare systems, and educational institutions.

Cybercriminals have not only become more sophisticated; they have also become more coordinated in their attacks on the system. Now more than ever before, organizations around the world must take proactive steps to secure their digital infrastructure to prevent, mitigate, and remediate both successful and attempted breaches.”

The Importance of Vigilance: Key Takeaways from 2023’s Cyberattacks

The cyberattacks that plagued Canadian organizations in 2023 serve as a critical wake-up call for businesses across all sectors. As digital threats grow in both number and sophistication, it is evident that the consequences of being unprepared can be devastating. From crippling financial losses, as seen in Indigo’s $50 million revenue hit, to the exposure of sensitive employee data at Air Canada, the fallout from these breaches underscores a universal truth: cybersecurity is not just a technical issue but a business imperative.

For businesses looking to safeguard themselves against similar incidents, the first step is to conduct a comprehensive cybersecurity assessment. This initial evaluation is crucial for identifying existing vulnerabilities within an organization’s infrastructure, ranging from outdated software and weak access controls to poorly configured networks. By understanding where your defenses are weakest, you can prioritize areas for improvement and allocate resources effectively.

Building a Robust Cybersecurity Framework

Once an assessment has been completed, businesses should focus on fortifying their defenses through a multi-layered approach to cybersecurity. This includes:

  1. Implementing Advanced Threat Detection Tools: Modern cyberattacks often involve sophisticated techniques that can bypass traditional security measures. Utilizing advanced threat detection tools, such as intrusion detection systems (IDS) and security information and event management (SIEM) solutions, can help identify and mitigate threats in real time.
  2. Regular Software and System Updates: Cybercriminals frequently exploit known vulnerabilities in outdated software. Ensuring that all systems, applications, and devices are regularly updated with the latest security patches is a fundamental but often overlooked aspect of cybersecurity.
  3. Network Segmentation: Businesses can limit the spread of malware and other threats by dividing a network into smaller, isolated segments. This approach helps contain potential breaches and reduces the risk of a single compromised system leading to widespread damage.
  4. Encryption of Sensitive Data: Encrypting sensitive data both at rest and in transit is essential for protecting information from unauthorized access. Even if attackers manage to breach your defenses, encryption ensures that the data they steal remains unusable.
  5. Deploying Multi-Factor Authentication (MFA): MFA adds an extra layer of security by requiring users to verify their identity through multiple methods before gaining access to systems. This can significantly reduce the risk of unauthorized access, even if login credentials are compromised.

The Role of Employee Training in Cybersecurity

Technology alone cannot protect against cyber threats; the human element is equally important. The Midnight Blizzard attack demonstrates that social engineering tactics such as phishing can easily bypass technical defenses if employees are not adequately trained.

Ongoing cybersecurity training should be mandatory for all employees, emphasizing the importance of vigilance and best practices. Training should cover topics such as identifying phishing attempts, safe internet practices, and the proper handling of sensitive information. Regularly updated training programs ensure that employees remain aware of the latest threats and understand how to respond effectively.

Incident Response and Recovery Planning

No security measure is foolproof, and the ability to respond quickly and effectively to a breach is critical. Businesses should develop and maintain a comprehensive incident response plan that outlines the steps to be taken in the event of a cyberattack. This plan should include clear communication protocols, roles, responsibilities, and procedures for containing and mitigating the impact of a breach.

In addition to an incident response plan, businesses should regularly back up critical data and systems. This ensures that operations can be quickly restored in the event of data loss or corruption, minimizing downtime and financial impact.

Conclusion: The Path Forward for Canadian Businesses

The cybersecurity incidents that dominated headlines in 2023 highlight the ever-present threat that cybercrime poses to businesses of all sizes. As the digital landscape continues to evolve, so must our security approach. By starting with a thorough cybersecurity assessment, implementing robust security measures, and fostering a culture of awareness through ongoing employee training, Canadian businesses can better protect themselves against the threats of tomorrow.

Cybersecurity is not a one-time investment but an ongoing process that requires vigilance, adaptation, and a commitment to staying ahead of emerging threats. For those who take proactive steps today, the ability to withstand and recover from cyberattacks will be a key differentiator in the increasingly competitive and interconnected business world.

At Adaptive Office Solutions, cybersecurity is our specialty. We keep cybercrimes at bay by using analysis, forensics, and reverse engineering to prevent malware attempts and patch vulnerability issues. Investing in multilayered cybersecurity allows you to leverage our expertise to boost your defenses, mitigate risks, and protect your data with next-gen IT security solutions.

Every device connecting to the internet poses a cyber security threat, including that innocent-looking smartwatch you’re wearing. Adaptive’s wide range of experience and tools fills the gaps in your business’s IT infrastructure and dramatically increases the effectiveness of your cybersecurity posture.

To schedule a Cyber Security Risk Review, call the Adaptive Office Solutions’ hotline at 506-624-9480 or email us at helpdesk@adaptiveoffice.ca

Categories
Archives