Canada urges critical infrastructure firms to be ready for Russian-based cyber attacks

The agency that defends Canada’s IT networks is warning firms here — particularly banks, airlines, telcos, and others in the critical infrastructure sectors — to bolster their awareness of and protection against Russian state-sponsored cyber threats.

The Canadian Centre for Cyber Security issued the cyber threat bulletin Thursday following similar alerts issued by its U.S. and U.K. counterparts. The warnings come a week after a Russian-based threat actor allegedly attacked computer systems in Ukraine. Russia has amassed an army on Ukraine’s border.

The Canadian Cyber Centre “is aware of foreign cyber threat activities, including by Russian-backed actors, to target Canadian critical infrastructure network operators, their operational and information technology,” the bulletin says in part.

Microsoft said this week it detected fake ransomware notes on some Ukrainian systems that masked data-wiping malware from an unknown threat actor.

“At present and based on Microsoft visibility, our investigation teams have identified the malware on dozens of impacted systems and that number could grow as our investigation continues,” its report says. “These systems span multiple government, non-profit, and information technology organizations, all based in Ukraine. We do not know the current stage of this attacker’s operational cycle or how many other victim organizations may exist in Ukraine or other geographic locations. However, it is unlikely these impacted systems represent the full scope of impact as other organizations are reporting.”

The Cyber Centre urges Canadian critical infrastructure network defenders to:

  • Be prepared to isolate critical infrastructure components and services from the internet and corporate/internal networks if those components would be considered attractive to a hostile threat actor to disrupt. When using industrial control systems or operational technology, conduct a test of manual controls to ensure that critical functions remain operable if the organization’s network is unavailable or untrusted.
  • Increase organizational vigilance. Monitor your networks with a focus on the TTPs reported in the CISA advisory (link available in English only). Ensure that cybersecurity/IT personnel are focused on identifying and quickly assessing any unexpected or unusual network behavior. Enable logging in order to better investigate issues or events.
  • Enhance your security posture: Patch your systems with a focus on the vulnerabilities in the CISA advisory (link available in English only), enable logging and backup. Deploy network and endpoint monitoring (such as anti-virus software), and implement multifactor authentication where appropriate. Create and test offline backups.
  • Have a cyber incident response plan, a continuity of operations and a communications plan and be prepared to use them.
  • Inform the Cyber Centre of suspicious or malicious cyber activity.

 

On Friday’s Cyber Security Today Week in Review podcast, host Howard Solomon will talk to former U.S.cyber diplomat Christopher Painter about the situation in Ukraine, the history of nation-state cyberattacks and cybercrime. The podcast will be available at 3 p.m. Eastern.

 

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Related Tech News

CDN in your inbox

CDN delivers a critical analysis of the competitive landscape detailing both the challenges and opportunities facing solution providers. CDN's email newsletter details the most important news and commentary from the channel.