We’re less than four weeks into the New Year, and already our neighbor to the north has reported that the Canadian government department for foreign and consular relations, Global Affairs Canada, was hit by a cyberattack. Critical services remained accessible, but as of Tuesday, some online services remained unavailable.
According to reports, the incident was detected last Wednesday, a day before Canada’s intelligence agency told network operators of critical infrastructure to boost their defenses against possible Russian state-sponsored threats.
“There is no indication that any other government departments have been impacted,” the Treasury Board of Canada Secretariat (TBS), Shared Services Canada, and Communications Security Establishment said in a joint statement.
GAC is the Canadian government department responsible for providing the country’s diplomatic and consular relations, international trade, and leading international development and humanitarian assistance programs.
Ottawa has not disclosed who it believes was behind the attack, but the warnings of Russian attacks come as Canada has taken a very strong line against Moscow’s build-up of military forces on the Ukrainian border.
“As highlighted by recent events, the ability to disrupt digital channels has become a strategic weapon in today’s geopolitical environment,” said Chris Olson, CEO of The Media Trust, a digital security, trust and safety provider.
“Shutting off or redirecting websites/mobile apps harms not only consumers looking to access those services but also revenue and communication channels for business and government entities,” Olson told ClearanceJobs via an email. “Avoiding this scenario requires continuous monitoring of client-side experience to detect anomalous activity (domains, vendors) before it propagates and causes extensive damage. Establishing and maintaining digital trust and safety is a priority in 2022.”
A New Threat Vector
Cyberattacks aren’t new, but regular attacks against government entities could be seen as part of the new normal.
“As individuals, we are aware of the personal threats posed by cyberattacks directed against us. As members of businesses and organizations, we know that enterprise data, which is the lifeblood of the corporation, is always a tempting target for hackers,” warned data security expert Trevor Morgan, product manager at comforte AG.
Government agencies could make for easy targets as the networks are often older than those in the private sector and many workers haven’t been as well trained in the cybersecurity arts.
“And yet, as citizens we should be most cognizant of the brazen attempts by threat actors to steal state secrets or disrupt governmental operations,” Morgan told ClearanceJobs. “We depend on government to provide us with a basic level of security against all threats to our lives and livelihoods, so we have to be concerned that threat actors—whether acting independently or state-sponsored—are directing their efforts against the entities which have the most ample resources to defend against cyberattacks.”
Government Targets
It is unclear how the hackers obtained access to the GAC network, but often it isn’t brute force but rather part of an elaborate social engineering campaign.
Just last week it was reported that in the second half of 2021, cybersecurity researchers at INKY began detecting phishing emails that had impersonated the United States Department of Labor (DoL). The campaign reportedly grew to hundreds of instances.
This included phishing emails that appeared to be from a senior DoL employee, which invited recipients to submit bids for “ongoing government projects.”
The emails provided a link to sites that mirrored the real DoL website. As INKY reported, the phishers went so far as to copy the HTML and CSS from the real site. In this case, the hackers didn’t try to use the phishing effort to gain control of the victim’s networks, but used a variety of methods to secure harvest of other information.
Better Due Diligence
In the wake of these and other attacks, government employees and contractors will need to remain ever vigilant, and look at every email with suspicion. At the same time, networks will need to be hardened against all forms of cyberattacks.
“As Canada’s own intelligence agencies have recommended just prior to the attack, organizations need to upgrade their security capabilities in lieu of potential Russian attacks. Outside of even nation state threats, threat actor groups continue to evolve their campaigns,” Saryu Nayyar, CEO and founder of cyber research firm Gurucul, said via an email.
“However, despite existing investments in perimeter and defensive solutions, endpoint, XDR, and SIEM, threat actors are still evading these tools successfully,” said Nayyar. “With stolen credentials and phishing attacks being used to get inside networks easily, upgraded solutions that offer behavioral based threat detection along with adaptable machine learning (ML), not rule-based, and true artificial intelligence models found in a small set of next generation SIEMs are critical to stop these multi-staged attack campaigns.”
Even greater efforts to protect the data on government networks should be employed, as cyberattacks be directed so easily – and with little recourse.
“The recent attack against Canada’s GAC should underscore the need for data-centric security such as tokenization or format-preserving encryption to be applied to sensitive data wherever it resides in order to render that data incomprehensible and thus worthless for exploitation if bad actors get a hold of it,” said Morgan. “Preventing attacks and breaches is not 100% fool-proof, so we can only hope that governmental agencies in the US, Canada, and elsewhere across the globe have instituted the mitigating measures of data-centric security applied directly to data in case that sensitive information falls into the wrong hands.”