OTTAWA – Canadian organizations are the victims of “thousands” of cyberattacks every single day, and that number is only going up, says Canada’s spy agency.
The eye-popping number, a glimpse by the Canadian national security agency into the number of cyberattacks targeting Canada on a daily basis, was revealed by Canadian Security Intelligence Service (CSIS) assistant director Cherie Henderson during testimony Monday at the federal national defence committee.
“Canada suffers of thousands of cyber threat attacks on a daily basis all across the country and numerous organizations are under that attack,” Henderson said in response to a question by Conservative MP Kerry-Lynne Findlay.
“It is an ever-increasing issue and it’s something that we all need to be alive to,” she added. “There has been much more cyber activity … and much more cyber actors.”
The federal government defines a cyberattack as an attempt to “interrupt, manipulate, destroy, or gain unauthorized access to a computer system, network, or device” through electronic means.
During her testimony, Henderson said Canada’s spy agency is witnessing an “unprecedented” amount of change in the cyber threat environment as technology evolves ever more rapidly. And that makes CSIS’s and the Communications Security Establishment’s (CSE), Canada’s cyber defence agency, jobs much more difficult.
Canada should beware of cyberattack escalation in Ukraine: analysts
Canada’s foreign affairs department targeted in ‘significant’ cyberattack
The threat environment “has become more complex, increasingly fluid, less predictable, and consequently, more challenging,” she said.
Numerous federal government reports on the cybersecurity landscape have listed state-sponsored cyber attackers as the greatest strategic threat to Canada right now, with the four biggest hostile states being China, Russia, North Korea and Iran.
Canada’s spy agencies have been particularly attentive to Russian-backed cyber threats since President Vladimir Putin decided to invade Ukraine last month and have repeatedly warned Canadian organizations to be on their guard from Russian state-sponsored hackers.
“It’s difficult to compare one against the other, but I would suggest that in the current context we have to be mindful of the geopolitical tensions … and the Russian cyber threat,” the head of CSE’s Canadian Centre for Cyber Security Sami Khoury told committee members.
“We also know that Russia covertly gathers political, economic, military information in Canada through targeted threat activities in support of their own interests,” Henderson later added. She described Russia as an “extremely capable threat actor” who is known to engage in disinformation campaigns to further its interests and hamper its opponents in the West.
But as of now, CSE has not found any direct Russian cyberthreat to Canada.
“Today we’re not aware of any specific threats to Canadian organization in relation to events in and around Ukraine,” Khoury said.
Both CSIS and CSE told the committee that they are seeing an uptick in both the number and the complexity of state-sponsored cyberattacks.
“These types of activities are not going away, and in fact, are currently on an upward trajectory. CSIS has observed persistent and sophisticated state sponsored threat activity for many years. And we continue to see a rise in the frequency and levels of sophistication of this threat activity,” Henderson said.
During his testimony, Khoury said cyber threat trends, namely those targeting Canada’s critical infrastructure and research sectors, are “quite worrisome.”
Declassified Canadian intelligence reports have increasingly warned of growing cyber threats against Canada’s energy sector, healthcare providers and eight other industries considered to be critical infrastructure.
In a report published in December, CSE said there had been 235 known ransomware attacks against Canadians in 2021, which more than half against critical infrastructure. And that was just the tip of the iceberg, considering that most incidents still go unreported.
“The COVID-19 pandemic has made organizations like hospitals, governments, and universities more mindful of the risks tied to losing access to their networks and often feeling resigned to pay ransoms. Cybercriminals have taken advantage of this situation by significantly increasing the value of their ransom demands,” CSE wrote.
The report also revealed that Russia is one of the most notorious supporter of cybercriminal groups and is behind many of the world’s most “sophisticated and prolific” ransomware variants.
“We assess that Russian intelligence services and law enforcement almost certainly maintain relationships with cybercriminals, either through association or recruitment, and allow them to operate with near impunity—as long as they focus their attacks against targets located outside Russia and the former Soviet Union,” reads the bulletin.
• Email: firstname.lastname@example.org | Twitter: ChrisGNardi