Hackers increasingly target key infrastructure in Canada: spy agency | Cyber ​​Security News

The agency reports 235 ransomware attacks against Canadian targets this year, half of which were key infrastructure providers.

Global ransomware attacks increased 151% in the first half of 2021 compared to 2020, the Canadian Signals Intelligence Agency reported, as hackers grow increasingly brazen.

Key Canadian infrastructure has regularly been the target of ransomware attacks in which hackers essentially hold computer information hostage until paid, the Communications Security Center (CSE) said in a report released on Monday.

The agency said it was aware of 235 ransomware incidents against Canadian targets from January 1 to November 16 of this year. More than half were providers of critical infrastructure, including hospitals.

“Ransomware operators are likely to become increasingly aggressive in their targeting, including against critical infrastructure,” said the report released by the Canadian Center for Cyber ​​Security, a unit of the CSE.

The average total cost of recovery from a ransomware incident more than doubled to $ 1.8 million worldwide in 2021, Reuters news agency reported.

The CSE reiterated that actors in Russia, China and Iran pose a serious threat to the cyber infrastructure of countries like Canada.

“Russian intelligence and law enforcement almost certainly have a relationship with cybercriminals, whether by association or recruitment, and allow them to operate with impunity as long as they focus their attacks on targets. located outside of Russia, ”said the CSE.

SolarWinds Hack Anniversary

The Canadian government report came as a U.S. cybersecurity firm warned that attacks by Russian elite hackers have barely abated since SolarWinds’ massive cyberespionage campaign last year targeting U.S. government entities. , including the Department of Justice, and business.

On the anniversary of SolarWinds’ public disclosure of intrusions, US cybersecurity firm Mandiant said hackers associated with Russian foreign intelligence agency SVR continue to steal data “relevant to Russian interests. “.

The hacking campaign was named SolarWinds after the American software company whose product was exploited in the first infection stage of this effort. Moscow has repeatedly denied any responsibility for the hacking.

While the number of US agencies and government companies hacked by SVR was lower this year than last year, when around 100 organizations were violated, it is difficult to assess the damage, Charles said. Carmakal, Technical Director of Mandiant.

Carmakal said that “not everyone is disclosing the incident[s] because they don’t always have to legally disclose it ”, complicating the damage assessment process. But the overall effect is quite severe. “Companies that get hacked also lose information,” he said.

Mandiant did not identify individual targets or describe what specific information could have been stolen, but said unspecified “diplomatic entities” that received malicious phishing emails were among the targets.

The administration of US President Joe Biden imposed sanctions last April in response to the SolarWinds hack, including against six Russian companies that support the country’s cyber efforts.