{"id":613296,"date":"2024-03-18T21:42:01","date_gmt":"2024-03-18T18:42:01","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/why-canada-has-so-many-cyberattacks-and-why-were-all-at-risk\/"},"modified":"2024-03-18T21:42:01","modified_gmt":"2024-03-18T18:42:01","slug":"why-canada-has-so-many-cyberattacks-and-why-were-all-at-risk","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/why-canada-has-so-many-cyberattacks-and-why-were-all-at-risk\/","title":{"rendered":"#Why Canada has so many cyberattacks\u2014and why we’re all at risk"},"content":{"rendered":"
\n
\"\"<\/p>\n

(Photo illustration by Maclean\u2019s<\/em>, photo courtesy of iStock)<\/p>\n<\/div>\n

Over the last few months, there has been a slew of high-profile cyberattacks against big Canadian retailers, critical infrastructure systems and, most recently, the <\/span>City of Hamilton<\/span><\/a>. Not even the Toronto Zoo is safe from the wide reach of the online underbelly. And as the world goes digital and more crime plays out in cyberspace, the threat is only going to increase over the next two years, says Sami Khouri, the head of the Canadian Centre for Cyber Security and author of a new report that details a rise in both financially and geopolitically motivated attacks. And yes, as with everything else, AI is making it even scarier.\u00a0<\/span><\/p>\n

It feels like a week doesn\u2019t go by without news<\/a> of a new high-profile cyberattack: the Toronto Zoo, the LCBO, SickKids, Sobeys, Indigo, the RCMP\u2026 the list goes on. What\u2019s driving this wave?\u00a0<\/b><\/p>\n

The bottom line is that cybercriminals have found a way to make money through ransomware attacks. When the world first became digital, cybertechnology<\/a> was a tool of states\u2014another way for countries to spy on each other. But then these tools started to leak and fall into the hands of criminals, which is when we saw the beginning of ransomware attacks for financial gain. Initially, a criminal would break into a computer system, lock it and demand payment to unlock it. That has become less effective over the years as more businesses have backed up their data. Instead, most criminals today steal information from a company and then demand payment to give that information back. We are also just living more and more in the digital world, which increases our threat surface and gives more opportunities for bad actors to exploit. During the pandemic, so many businesses raced to go digital. Security may not have been their top concern in that rush.\u00a0<\/span><\/p>\n

Say I\u2019m a large department store. What kind of information do I have that can be stolen?\u00a0<\/b><\/p>\n

Most often, stolen information is just tombstone data: name, address, birth date, social<\/a> insurance number. If the business or institution that gets hit is not willing to pay the ransom, the information gets posted on the dark web as something other criminals might be able to leverage. Everything has a price attached to it: 50 cents per credit card number, two dollars per passport number. This kind of personal information is used to fuel scams\u2014usually phishing schemes that have become an everyday occurrence.\u00a0<\/span><\/p>\n

SIGN UP TO READ THE BEST OF MACLEAN\u2019S:
Get our top stories sent directly to your inbox twice a week<\/strong><\/em><\/p>\n<\/blockquote>\n

Of course, institutions get hit hard too. The average cost of reported ransom payments in Canada is around $300,000, but there is also the cost associated with having to take your entire system offline to prevent any spreading. Getting it back up and running can be very costly, both in terms of hiring technical experts and having your business offline for days or weeks on end. And if you are a business with clients, there is going to be a cost in terms of relationships and rebuilding trust.\u00a0<\/span><\/p>\n

I guess the hacker stereotype of the basement-dwelling internet nerd is no longer accurate?\u00a0<\/b><\/p>\n

There are still hackers who live that life. They are the ones who develop the breaching tools, only now they are selling them to more sophisticated criminal enterprises like Lock Gate and Black Cat\u2014cybergangs that operate on an actual business model called RaaS, or Ransomware as a Service. These groups rent out their ransomware tools to other criminals and take a cut from ransoms paid by victims. These days, you don\u2019t need to know coding to launch a cyberattack, you just need to know how to navigate the dark web and other people will do it for you.\u00a0<\/span><\/p>\n

If it\u2019s all about money, why target public organizations and not a big bank?\u00a0<\/b><\/p>\n

We don\u2019t talk publicly about specific incidents but general<\/a>ly, these are targets of opportunity. It\u2019s not somebody on the dark web saying, <\/span>I\u2019m going to go after such-and-such organization<\/span><\/i>, but they might have found a weak spot in the organization\u2019s computer system that they are able to breach. Or somebody within the organization clicked on a phishing email, a scam email that tricks employees to share information, which allows a criminal to catapult their way inside the network without breaching the outside defences.\u00a0<\/span><\/p>\n

I\u2019m thinking of those scenes in <\/b>Mission: Impossible<\/i><\/b> where Tom Cruise is trying not to set off any of the laser trip<\/a> wires. Now it\u2019s all just clicks?<\/b><\/p>\n

Right. By clicking you can allow a malicious actor to bypass all of your organization\u2019s defences and once they\u2019re in, they can communicate with people on the outside.\u00a0<\/span><\/p>\n

Speaking of movies<\/a>, paying ransom is often presented as an ethical dilemma, but you say it\u2019s more of a business decision.\u00a0<\/b><\/p>\n

In Canada there is no law against paying ransom. The government doesn\u2019t recommend it, but yes, it\u2019s a calculation. Any business considering it has to factor in two things: first, you\u2019re dealing with a criminal and there is no guarantee that they will hold up their end of the bargain. In some quarters there is honour among thieves, but at the end of the day you just don\u2019t know. We\u2019ve heard cases of double jeopardy where they\u2019ll ask for the ransom to unlock the system\u2014just to delete your information again. Second, if word gets out that you paid ransom, maybe another group unrelated to the first one is going to target you.\u00a0<\/span><\/p>\n

For businesses that do decide to pay, I\u2019m assuming they\u2019re not putting unmarked bills into a suitcase\u2014<\/b><\/p>\n

That\u2019s right. Ransoms are generally paid through a cryptocurrency exchange, so you\u2019re paying in Bitcoin laundered with other sources of Bitcoin, making it difficult for authorities to trace the payment back to the cybercriminal.<\/span><\/p>\n

Are there professionals who specialize in handling these sorts of situations?<\/b><\/p>\n

They\u2019re called breach coaches\u2014professionals who will hold your hand through a ransom negotiation, but ideally we want organizations to invest in cybersecurity to avoid these situations in the first place. If an incident does happ<\/a>en, our organization has published a ransomware playbook that contains lots of guidance about protecting yourself. We encourage anyone who has been the victim of an attack to report it so that we can assist. Our services are totally confidential. We know that cybercrime is often under-reported, perhaps because of shame or because the victims are too busy managing the immediate situation. In 2023, we had 305 ransomware reports from both individuals and businesses. The actual figure would be five or 10 times higher.\u00a0<\/span><\/p>\n

What is the biggest cybersecurity mistake you see businesses making?\u00a0<\/b><\/p>\n

We hear people say, <\/span>I\u2019m a small or medium business, why would anyone come after us<\/span><\/i>, but that\u2019s not the point. It doesn\u2019t matter if you\u2019re the zoo or a bank or a small business\u2014if cybercriminals find a weak spot, they will exploit it. Almost always these weak spots are based on a failure to update. Whether it\u2019s an iPhone or a corporate server, the update notifications you receive aren\u2019t just about increasing functionality, they\u2019re about closing vulnerabilities.\u00a0<\/span><\/p>\n

So running an old OS is like leaving your keys in your glove compartment?<\/b><\/p>\n

Exactly. That\u2019s why I am always saying patch, patch, patch.\u00a0<\/span><\/p>\n

We are also seeing cyberattacks against critical infrastructure and government. Last year in the energy sector, this month, the RCMP. Is the motivation for attacks against public institutions different?\u00a0<\/b><\/p>\n

That really depends. Ransomware attacks can hit critical infrastructure and governments, but in cases of nation-state driven attacks, the motivation is generally strategic, either to steal some kind of valuable information\u2014maybe Russia or China wants information about Canada\u2019s oil reserve, for example\u2014or to destabilize. Russia shut down electricity in Ukraine two Christmases in a row in 2014 and 2015. You can imagine if that was to happen in Canada, the impact would be devastating.\u00a0<\/span><\/p>\n

How serious is that threat?\u00a0<\/b><\/p>\n

In December we released a national cyberthreat assessment where we called out Russia, China and Iran\u2014countries that have shown capability to hack into our infrastructure and remain dormant with the hope of doing something one day down the road. Last year, as part of a joint operation with U.S. intelligence, we caught China hiding in critical infrastructure networks, and we can assume they weren\u2019t hiding to get money.\u00a0<\/span><\/p>\n

You mentioned phishing emails as a growing problem. What is your best advice on how to avoid them?\u00a0<\/b><\/p>\n

Everyone has to be very critical of the emails they receive. Phishing is more sophisticated now. Before, you\u2019d just look out for weird sentences and grammar mistakes to know something was fake, but now cybercriminals are using ChatGPT to craft emails that are indistinguishable from the real thing. And it\u2019s moving from the written word to also voice and video. They can go on YouTube and hear my voice in an interview I\u2019ve done and now they can have my voice saying anything they want.\u00a0<\/span><\/p>\n

You\u2019re talking about deepfakes. Was Taylor Swift a hot topic around the office back in January?\u00a0<\/b><\/p>\n

Deepfakes were definitely a topic of conversation\u2014and still are, particularly from the point of view of electoral security. More and more we\u2019re seeing cyberthreat actors use AI to generate misinformation whether it\u2019s fake phone calls or videos. Over half the world will vote in the next year, so this could be hugely consequential.\u00a0<\/span><\/p>\n<\/div>\n