In the wake of Russia’s invasion of Ukraine, Canada has seen a considerable rise in cyber threats by “Russian-aligned actors” targeting Ukraine’s partners.
According to a statement by the Minister of National Defence, Anita Anand, much of this cyber activity is directed at critical infrastructure networks and technology used to run vital sectors. They have sometimes used strategically-timed Distributed Denial of Service attacks (DDoS) against government and business websites.
To combat these attacks, on April 12, the Communications Security Establishment (CSE) and its Canadian Centre for Cyber Security (Cyber Centre) released a Cyber Flash to government agencies, partners and important Canadian sectors.
“This Cyber Flash was released to share known facts about this ongoing campaign. We continue to monitor, reassess and respond to this campaign, and may release further products at a later time if warranted,” read the Minister’s statement.
Protecting Canada’s Cyber Infrastructure
On any given day, CSE’s defensive systems block anywhere from three to five billion malicious actions targeting government networks, according to the Minister.
“These defensive actions are a result of CSE’s dynamic cyber defence capabilities, which remain ready to defend government systems and protect against future attacks,” said Anand.
The minister urged Canadian organizations and those operating critical infrastructure should be prepared to counter cyber threats.
“If you run the critical systems that power our communities, offer internet access to Canadians, provide health care, or generally operate any of the services Canadians can’t do without, you must protect your systems. Monitor your networks. Apply mitigations.”
The Minister laid down a list of actions Canadian businesses and agencies should follow to protect their organizations. This advice includes:
- Review the Cyber Centre’s Cyber Threat Bulletin: Cyber Threats to Operational Technology;
- Isolate CI components and services from the internet when under an attack such as a ransomware incident or denial of service attack;
- Use secure administrative workstations to conduct sensitive tasks and manage administrative privileges and accounts;
- Implement network security zones to control and restrict access and data communication flows to certain users;
- Test manual controls to ensure that option is available in the case of an attack;
- Identify and monitor your information technology and operational technology networks;
- Test operational technology networks, such as the industrial control systems, as part of the incident response plan to ensure critical functions would be available in the case of an attack;
- Protect against denial-of-service attacks.
Any incidents of cyber security threats should be reported to the Cyber Centre.
“The Cyber Centre shares valuable cyber threat information with Canadian critical infrastructure and government partners through protected channels. This vital information includes indicators of compromise (IoCs), threat mitigation advice, and confidential alerts about new forms of malware, and other tactics, techniques, and procedures used to target victims. It’s the kind of information you can use to protect your organization.”
There are a number of other resources available to Canadian organizations to seek more information about cyber threats. These resources are available on the Cyber Centre’s website here.