Canada is 'severely vulnerable' to ransomware attacks on critical infrastructure, experts say

Canada is 'severely vulnerable' to ransomware attacks on critical infrastructure, experts say

According to a Canadian security expert, a prominent U.S. Canadian citizens and political leaders satisfied with the ransomware attack on the gasoline pipeline should be put on high alert against the threat of online attacks against critical infrastructure.

"I think we are seriously vulnerable, and this [attack] is a major canary in the coal mine," Christian Lupert, a professor at Queen's University and senior fellow in security and defense at the McDonald Loire Institute, said in an interview days . Ransomware attack on colonial pipeline company

When the company detected the attack on May 7, it shut down all pipeline operations and some IT systems to prevent the threat. Reporting shows that it is slowly opening the lines and is expected to be fully operational by the end of this week. However, the website hosting statements from the colonial media was offline on Tuesday morning after being available late on Monday.

It is not known whether the attack hit only the IT side of the company or the operational (OT) pipeline side simultaneously.

According to some reports, Colonial transports 45 percent of all fuel consumed on the east coast of America.

Lupreich said the attack "is a big game-changer because we always feel that we can protect our critical infrastructure fairly and the bad guys can move to other countries." "But [this attack] shows that the deterrents are not working."

He said that Canadians should not feel that the attack did not happen here. Canada's pipeline firms also have weak prospects in the colonial system.

The New York Times cited the names of US federal and private sector officials as saying that preliminary investigations showed poor safety practices on the colonial pipeline. Sources also said that the attack was aimed at the IT side of the company.

Bloomberg News reports that the attackers copied 100 GB of data from the colonials a day before the ransomware attack began. Citing anonymous sources, the story states that the attackers threatened that the data would be released unless paid for the Colonial Data Decryption Key.

Related Content:

Concern about Canada's critical infrastructure

Cyberspace is not a priority in Ottawa, Luprecht complained. He recently pointed to the proposed federal budget, which has some new resources to improve the cybersecurity of the nation's critical infrastructure.

"We need a public safety minister who makes this an operational priority for agencies," he said. "We need political leadership, we need to make sure that all government departments and the private sector know that they have a reliable partner in the federal government that is on the ball, where we don't just make some announcements here and there But make it a job 1 day-in and day-out priority.

"One of the areas where we are deeply vulnerable in a federal system is coordinating not only with the private sector but also with provincial governments, municipal governments. They all have critical infrastructure pieces. The political of the challenge At the level and cyber security is a threat to our prosperity, prosperity, democracy. It is not just a sham among other policy areas. It [cyber attack] is a potential threat to our country. "

Lupreich also said ransomware is "arguably the most dangerous cyber security threat today."

Twelve days ago, IT World Canada supported the RCMP from the Prime Minister's Office (PMO) in the U.S. Asked to comment on the Ransomware Task Force, which made several recommendations to governments to fight ransomware. One is that governments declare ransomware a threat to national security.

In response, the PMO referred the question to Public Safety Minister Bob Blair. After no reply for more than a week, an update was sought yesterday from Blair's office. Press Secretary Mary-Liz Shakti said that this question should go to the Communications Security Establishment (CSE), the Government Electronic Cyber ​​Security Agency, Department of Defense.

When asked for comment on the colonial attack, a spokesman for CSE said that the Canadian Cyber ​​Security Center (which is part of CSE) generally does not comment on cybersecurity incidents.

But, the spokesman said that they are "focusing every day on providing cybersecurity advice and guidance to Canadian and Canadian organizations, including key infrastructure partners, to better protect themselves."

"CSE and its cyber center continue to regularly monitor and continuously share threat information with Canadian organizations, government partners and industry stakeholders. Partners in critical infrastructure by sharing tailored advice and guidance, including specific cyber threat information. Working collaboratively with. As trends emerge, we have regular calls with industry stakeholders to help ensure they remain on top of developing threats. Examples For, these awareness efforts include an important and still active cyber threat bulletin on modern ransomware and its development. We have also issued cyber alerts on various ransomware threats, as well as how to prevent and recover JanSwareware, Has published on it. "

He also noted that the National Cyber ​​Threat Assessment 2020 states that cyber crime is a cyber threat affecting Canada and Canadian organizations. It also concludes that ransomware directed against Canada will continue to target almost all organizations.

On Monday, the FBI attributed the colonial pipeline attack to the Darkside ransomware gang. At the same time, US President Joe Biden said during a press conference that although there is no evidence that the Russian government was behind the attack, Darkside is located in Russia. Moscow "has some responsibility to deal with it," he said.

In response to that comment, Darkside recently issued a statement saying they were trying to stay out of politics.

“We are apolitical, we do not participate in geopolitics, we do not need to engage with a defined government and seek our other objectives. Our goal is to make money, not to create problems for the society. From today we begin moderation and examine each company that our partners want to encrypt to avoid social consequences in the future. "

Some analysts explain that the gang is ashamed of this attack - especially from a country with powerful cyber weapons.

Bleeping Computer reported that Darkside operates as a ransomware-as-a-service operation and suggested a colleague "chose the wrong target".

On the other hand, Christian Luprecht says that it could not be a coincidence that a Russian-based hacking group attacked the US pipeline, when Washington imposed sanctions on Moscow for being behind the SolarWinds Orion hack.

The New York Times and others reported that the Biden administration has recently been finishing touches on an executive order aimed at strengthening cybersecurity in federal agencies and contractors working on federal projects.

Among other things, it reportedly mandates the use of multiactor authentication for employees and allows federal agencies to adopt a zero-trust design for data and access. Fundamentally, the zero-trust approach means that everyone inside the corporate network must verify to access the asset.

Canada has an eye on critical infrastructure - including the energy, finance, transportation, health, government, manufacturing and food sectors - for more than a decade. This includes cybersecurity and critical energy infrastructure programs overseen by the Ministry of Natural Resources.

In 2018 the private sector received an additional $ 2.24 million over five years to help increase the security and flexibility of its systems. The first project to receive funding to help build a range of cyber security standards for the industrial Internet of Things in the power sector was in February 2020.

Malwarebytes CEO Marcin Kleczynski said, the attack on the colonial is "another example of a dangerous trend - a devastating cyber attack on American infrastructure." “This latest incident raises tensions between Russia and the US about cybercrime, whether they are approved by the Kremlin or not. According to the recent recommendation of the Ransomware Taskforce, ransomware should be considered as a national security threat. President Biden's upcoming executive order is meant to strengthen cyberdefense, address the rift in the nation's cyber defense systems, as well as stricter regulations on how we respond to one-time attacks, but personal and How both the public companies operate continuously defend against these attacks. It is time to do more than just talk or write orders - we must take action. "