Cybercrime is still the number one cyber threat to Canadians, according to the latest edition of the government’s national cyber threat report.
In addition, the state-sponsored cyber programs of China, Russia, Iran, and North Korea continue to pose the greatest strategic cyber threat to the country, says the report. “Critical infrastructure is still a prime target for both cybercriminals and state-sponsored actors alike.”
The 40-page report covering 2023-2024 says:
- Ransomware is a persistent threat to Canadian organizations. Cybercrime continues to be the cyber threat activity most likely to affect Canadians and Canadian organizations. Due to its impact on an organization’s ability to function, ransomware is almost certainly the most disruptive form of cybercrime facing Canadians. Cybercriminals deploying ransomware have evolved in a growing and sophisticated cybercrime ecosystem and will continue to adapt to maximize profits.
- Critical infrastructure is increasingly at risk from cyber threat activity. Cybercriminals exploit critical infrastructure because downtime can be harmful to industrial processes and the customers they serve. State-sponsored actors target critical infrastructure to collect information through espionage, to pre-position in case of future hostilities, and as a form of power projection and intimidation. However, we assess that state-sponsored cyber threat actors will very likely refrain from intentionally disrupting or destroying Canadian critical infrastructure in the absence of direct hostilities.
- State-sponsored cyber threat activity is impacting Canadians. We assess that the state-sponsored cyber programs of China, Russia, Iran, and North Korea pose the greatest strategic cyber threats to Canada. State-sponsored cyber threat activity against Canada is a constant, ongoing threat that is often a subset of larger, global campaigns undertaken by these states. State actors can target diaspora populations and activists in Canada, Canadian organizations and their intellectual property for espionage, and even Canadian individuals and organizations for financial gain.
- Cyber threat actors are attempting to influence Canadians, degrading trust in online spaces. We have observed cyber threat actors’ use of misinformation, disinformation, and malinformation (MDM) evolve over the past two years. Machine-learning enabled technologies are making fake content easier to manufacture and harder to detect. Further, nation-states are increasingly willing and able to use MDM to advance their geopolitical interests. We assess that Canadians’ exposure to MDM will almost certainly increase over the next two years.
- Disruptive technologies bring new opportunities and new threats. Digital assets, such as cryptocurrencies and decentralized finance, are both targets and tools for cyber threat actors to enable malicious cyber threat activity. Machine learning has become commonplace in consumer services and data analysis, but cyber threat actors can deceive and exploit this technology. Quantum computing has the potential to threaten our current systems of maintaining trust and confidentiality online. Encrypted information stolen by threat actors today can be held and decrypted when quantum computers become available.
In a speech about the report to the Canadian Club in Ottawa today, CSE chief Caroline Xavier noted that the most common type of cybercrime facing Canadians is online fraud; ransomware is highlighted because it can have the most impact on services Canadians rely on. For example, she cited the temporary closure of Toronto’s Humber River Hospital last year.
“You may be tempted to stop reading halfway through, disconnect all your devices and throw them in the nearest dumpster,” Sami Khoury, the head of the Centre, wrote in the report’s introduction. “Or perhaps, more realistically, to shrug your shoulders in resignation and carry on exactly as before. My hope is that instead, you will see this report as a call to action.”
In an interview, Khoury said individuals, businesses, and governments have roles to play in making Canada more resilient to cyber attacks. “Organizations need to invest in layered security,” he said. “There is no silver bullet — it’s not like by doing one thing you are going to make cyber criminals go away. You just need to make it more difficult, and continue to raise the difficulty bar, so at some point they give up and go elsewhere — and hopefully that elsewhere is outside of Canada.”
He urged businesses to look at the Cyber Centre and take advantage of its online advice and resources. The Centre can also offer tailored advice, he added.
The report notes that Russia’s invasion of Ukraine in February gave the world a new understanding of how cyber activity is used to support wartime operations. “Russian-sponsored malicious cyber activity against Ukraine has disrupted or attempted to disrupt organizations in government, finance, and energy, often coinciding with conventional military operations. These attacks have expanded beyond Ukraine to implicate European critical infrastructure as well. For example, Russia’s attack on a European satellite Internet provider that resulted in a significant outage in several European countries.”
The report also warns that over the next two years it is very likely that the divergence between an open and transparent Internet and an Internet based on state sovereignty will continue to grow. This comes as the United Nations has started negotiations on possibly creating an international cybercrime treaty.
“Russia and China have invested in their own Internet infrastructure and, alongside other states, are advocating for information and communications technology standards,” the report notes. “These would allow more state-led control of the Internet in their respective countries.” This year, it points out, China introduced a new international organization, evolving from the World Internet Conference, dedicated to Internet governance and comprised of members from 20 countries.
“While Internet governance may appear abstract and quite removed from daily life, we judge that competing technological ecosystems and disparate information environments inhibit the free flow of information, build distrust, and make it more difficult to combat misinformation and disinformation,” the report says.
(More to come)