Criminal hackers 'very likely' to pose threat to national security, economy in near term: report

Organized cybercrime groups are likely to pose a threat to the nation'ssecurity and economy over the next two years, and ransomware attacks now constitute the most disruptive form of cyberattack facing Canada, a new report warns.

The reportfrom the Canadian Centre for Cyber Security (CCCS), released Monday, warns thatRussia and, to a lesser extent, Iran are acting as safe havens for cybercriminals hittingWestern targets.

During a media briefing on the report Monday, government officials saidcriminal hackers are targeting education, energy, utility and health-care facilities that are critical to the economy.

The report said that fraud and online scams remain the most common forms of cybercrime. Canadians reported morethan 70,000 instances of fraud last year, linked tomore than $530 million allegedly stolen from companies and individuals.

Officials saidonly about 10 per cent of victims reportsuchattacks andthat$530 million figure could be an underestimate.

The report says ransomware attacks which involvehackers threatening to publish sensitive data or block access to it unless a ransom is paid are targeting organizations and industries with no discernable pattern.

The sectors most affected were manufacturing which saw 18 per cent of attacks in 2022 and business and professional services, which saw 14 per cent of attacks.

Other areas of the economy that suffered significant ransomware attacks in 2022 were the health care and pharmaceutical sector(7 per cent of total attacks),information technology andthe retail sector (8 per cent each) and thenon-governmental organizationand education sectors (7 per cent of all incidents).

Hospitals targeted

The report says cyberattacksundermined hospitals' effortsto care for patients,leading to longer hospital stays, delayed tests and procedures, complications from medical procedures and even increased death rates in some cases.

In October 2021, for example, the health care system in Newfoundland and Labrador was hit with a ransomware attack that caused an IT outage affecting10 per cent of patients in the province and costing the system$16 million.

Separately, the Canada Revenue Agency told CBC News that a hack against the file-sharing platform MOVEit earlier this year did involve CRA-related files, but most of the information was either publicly available or password-encrypted.

"Thanks to these additional safeguards being in place, the CRA has no reason to believe that any CRA information has been compromised," the CRA said.

The MOVEitplatform is used internationally by public and private sector organizations to share personal information related to fields such as health care, finance and government services.

Russia and ransomware

The report says that ransomware victims who obey hackers'demands haveno guarantee that their systems will be restored.

"One survey of Canadian businesses found that only 42 per cent of organizations who paid the ransom had their data completely restored," the report said.

"Some ransomware operators retain backdoor access to victim networksfollowing ransom payment."

The report also says that in some cases, false evidence is planted to convincevictims thattheir sensitive personal data has been deleted from the attacker's computers.

The CCCS says that "Russian intelligence services and law enforcement almost certainly maintain relationships with cybercriminals and allow them to operate with near impunity."

A government official said intelligence and security sourcesindicate that manycybercriminal groups operate in Russia and are permitted to carry out those activities so long as they do not target Russian interests.

The report says the relationship between cybercriminal groups in Iran is less clear, with groups targeting institutions and individuals in the United States, Israel and some of the Gulf States.

Watch:How to know if you've been hacked and what you can do to protect yourself:

How to know if you've been hacked and what you can do to protect yourself

1 year ago

Duration 1:26

Data breaches, hacks and ransomware attacks seem to be in the news more often. But cybersecurity experts say there are helpful steps you can take to protect yourself in the wake of a data breach, and to prepare for the next time it happens.