The agency that defends Canada’s IT networks is warning firms here — particularly banks, airlines, telcos, and others in the critical infrastructure sectors — to bolster their awareness of and protection against Russian state-sponsored cyber threats.
The Canadian Centre for Cyber Security issued the cyber threat bulletin Thursday following similar alerts issued by its U.S. and U.K. counterparts. The warnings come a week after a Russian-based threat actor allegedly attacked computer systems in Ukraine. Russia has amassed an army on Ukraine’s border.
The Canadian Cyber Centre “is aware of foreign cyber threat activities, including by Russian-backed actors, to target Canadian critical infrastructure network operators, their operational and information technology,” the bulletin says in part.
Microsoft said this week it detected fake ransomware notes on some Ukrainian systems that masked data-wiping malware from an unknown threat actor.
“At present and based on Microsoft visibility, our investigation teams have identified the malware on dozens of impacted systems and that number could grow as our investigation continues,” its report says. “These systems span multiple government, non-profit, and information technology organizations, all based in Ukraine. We do not know the current stage of this attacker’s operational cycle or how many other victim organizations may exist in Ukraine or other geographic locations. However, it is unlikely these impacted systems represent the full scope of impact as other organizations are reporting.”
The Cyber Centre urges Canadian critical infrastructure network defenders to:
- Be prepared to isolate critical infrastructure components and services from the internet and corporate/internal networks if those components would be considered attractive to a hostile threat actor to disrupt. When using industrial control systems or operational technology, conduct a test of manual controls to ensure that critical functions remain operable if the organization’s network is unavailable or untrusted.
- Increase organizational vigilance. Monitor your networks with a focus on the TTPs reported in the CISA advisory (link available in English only). Ensure that cybersecurity/IT personnel are focused on identifying and quickly assessing any unexpected or unusual network behavior. Enable logging in order to better investigate issues or events.
- Enhance your security posture: Patch your systems with a focus on the vulnerabilities in the CISA advisory (link available in English only), enable logging and backup. Deploy network and endpoint monitoring (such as anti-virus software), and implement multifactor authentication where appropriate. Create and test offline backups.
- Have a cyber incident response plan, a continuity of operations and a communications plan and be prepared to use them.
- Inform the Cyber Centre of suspicious or malicious cyber activity.
On Friday’s Cyber Security Today Week in Review podcast, host Howard Solomon will talk to former U.S.cyber diplomat Christopher Painter about the situation in Ukraine, the history of nation-state cyberattacks and cybercrime. The podcast will be available at 3 p.m. Eastern.