Criminal hackers 'very likely' to pose threat to national security, economy in near term: report

News By Daniel Michan Published on August 30, 2023

According to a report released by the Canadian Centre for Cyber Security (CCCS) organized cybercrime groups are expected to pose significant threats to national security and the economy in the next two years. The report highlights that ransomware attacks have emerged as the most disruptive form of cyberattack faced by Canada.

During a media briefing on Monday, government officials emphasized that criminal hackers specifically target sectors such as education, energy, utilities and healthcare facilities which play vital roles in the economy.

The report also highlighted fraud and online scams as the prevalent types of cybercrime. Last year alone Canadians reported over 70,000 instances of fraud amounting to an estimated $530 million allegedly stolen from companies and individuals. However, officials noted that these figures could be higher since around 10 percent of victims report such attacks.

Furthermore, ransomware attacks have been observed to target organizations and industries without a pattern. Manufacturing experienced 18 percent of these attacks in 2022, while business and professional services were targeted in 14 percent of cases.

The report further warns about Russia serving as a haven for cybercriminals targeting Western countries. Iran was also with less prominence in this regard.

In 2022 ransomware attacks had an impact on various sectors of the economy. The healthcare and pharmaceutical industries, information technology, and retail sectors each experienced 8% of the total attacks. The government organizations and education sectors accounted for 7% of all incidents.

Hospitals became targets for these cyberattacks leading to detrimental consequences for patient care. The report highlights that these attacks resulted in longer hospital stays, delayed medical tests and complications arising from medical interventions, and unfortunately even higher death rates in some cases.

To illustrate the severity of attacks, let's consider an incident in October 2021 in Newfoundland and Labrador's healthcare system. It fell victim to an attack causing an IT outage that affected approximately 10% of patients within the province. This incident alone incurred a cost of $16 million to the system.

Separately the Canada Revenue Agency (CRA) confirmed being hacked as part of the MOVEit breach—a file-sharing platform—earlier this year. CRA confirmed that while some CRA-related files were involved in this breach, most data was publicly available or password-encrypted.

Fortunately, due to security measures implemented by CRA during this incident, they have no reason to believe that any confidential CRA information has been compromised. It is worth mentioning that MOVEit is widely used internationally by both private sector organizations involved in fields such, as healthcare, finance and government services.

The report mentions that when victims comply with hackers' demands there is no guarantee that their systems will be fully restored.

According to the report, 42 percent of Canadian businesses who paid the ransom had their data completely recovered.

Furthermore, it states that some ransomware operators maintain access to victim networks after receiving the ransom payment.

In some cases, false evidence is planted to make victims believe that their sensitive personal data has been deleted from the attacker's computers.

The report highlights that Russian intelligence services and law enforcement likely have connections with cybercriminals, permitting them to operate without consequences.

A government official said intelligence and security sources indicate that many cybercriminal groups operate in Russia and are permitted to carry out those activities so long as they do not target Russian interests.

As for groups in Iran, their relationship is less clear. Some of these groups target institutions and individuals in the United States, Israel and certain Gulf States.