No Sooner Warned Than Struck : Russian Cyber Attacks

"Canada's Cyber Centre ... is aware of foreign cyber threat activities, including by Russian-backed actors, to target Canadian critical infrastructure network operators, their operational and information technology."

"[Attacks could arrive in a range of forms from a] widespread ransomware attack [to a] single, carefully focused [attempt to significantly impact core infrastructure]."

Cyber Centre Agency, Communications Security Establishment

 

"The depth of the information provided by the U.S. and the urgency used underlines the seriousness of this situation. These government bulletins do not come without sufficient research and justification."

"While we can speculate what exactly drove this alert, the more important message is that the entire world should be watching the heightened tensions surrounding Russia's intentions toward Ukraine and, especially, the recent publicly acknowledged cyberattacks."

"A cuberattack on any of Canada's critical support systems could cause crippling disruption to the population and the economy. For this reason, protecting critical infrastructure and the operational technology behind it is increasingly regarded as a mater of national security."

"Canada and our allies have experienced a general increase in cyberthreat activity throughout the last year, including ransomware attacks, supply chain attacks, and the exploitation of discovered vulnerabilities in commonly used software."

"Russian-linked groups have been among the drivers of this activity."

"Should Russia-backed cyber threat activity launch against Canada, we can expect to see anything from a widespread ransomware attack to a single, carefully focused but impactful attack on our infrastructure."

"It may take some time to work out what is going on (or what happened) as Russia has a long history of distracting opponents from its real intentions."

David Masson, director, Darktrace cyber-A1 defence company 

"Russian state-sponsored advanced persistent threat actors have used sophisticated cyber capabilities to target a variety of U.S. and International critical infrastructure organizations, including those in the Defense Industrial Base as well as the Healthcare and Public Health, Energy, Telecommunications, and Government Facilities Sectors."

U.S. Bulletin

Intelligence experts in recent years have been warning about the growing frequency of cyber attacks by foreign states. Photo by Sean Kilpatrick/The Canadian Press/File

Russia uses all manner of cold-war, 21st Century battlefields delivering messages to those countries that provoke Moscow's ire of their displeasure, through their ability to negotiate around cyberspace and threaten the infrastructure and social order of countries opposed to Russia's moves on the international scene. In 2007 Estonia, a former Soviet Union satellite, assaulted Moscow's sensibilities by removing a memorial to the Soviet Red Army to a loss prominent position, and paid for its audacity through a devastating series of major cyberattacks that shut down banks, media outlets and government offices.

 

Russian speakers rose up on the streets in protest at the statue's move - and cyber attackers followed behind   Getty Images

 In more recent years, after the 2014 start of an ethnic-Russian Ukrainian separatist group in the Donbas and Russia's military incursion, arming and fighting alongside the separatists against Ukraine, culminating in Russia's claiming of the Crimea Peninsula as Russian territory, the standoff between Ukraine and the separatists in Donetsk and Luhansk in eastern Ukraine while leading to active hostilities and violence also saw Ukraine suffering cyberattacks threatening its electrical system power grid in 2015. 

 

And in mid-January Kyiv experienced cyberattacks on government offices, with an eerily sinister message: : "Be afraid and expect the worst." This, in the buildup to a feared Russian invasion of Ukraine, reclaiming what Vladimir Putin insists is a historical connection between the two countries as one. And the 'one' who controls Ukraine would be Russia. Embodying Mr. Putin's other cherished aspiration, to appeal to the better sense of its neighbours to return to the good old days of the USSR, within Russia's loving embrace.

A threatening message appeared on Ukrainian government websites on 14 January, 2022

Detailed warnings arrived in Canada from the United States and United Kingdom cybersecurity sections of the imminence of Russian actors imposing hostile, threatening and damaging cyberattacks within Canada. Both the U.S. and the U.K. warned that their own cybersecurity communities are in a "heightened state of awareness, proactively searching out risks to their networks in response to threats from Russia", looming increasingly in the very near future.

Two years earlier Canada's CSE warned that state-sponsored threat actors like Russia were "very likely" trying to develop tools to allow them to disrupt critical infrastructure "such as the supply of electricity", concluding that the attackers were not likely to want to disrupt critical infrastructure in Canada to cause "major damage or loss of life". But for the major caveat "in the absence of international hostilities". Well, those international hostilities have eventuated with Russia's massing of a 100,000 troops on the Ukraine border and deliberate additional provocations enlisting Belarus and Kazakhstan bordering Ukraine, in its assault plans.

Belarusian peacekeepers leave a Russian military plane at an airfield in Kazakhstan, Saturday, Jan. 8, 2022. As Kazakhstan struggles to cope with a violent uprising this week, it has turned for help to a Russian-led security bloc, the Collective Security Treaty Organization.The Associated Press

"Critical services for Canadians through Global Affairs Canada (Department of Foreign Affairs) are currently functioning. Some access to internet and internet-based services are not currently available as part of the mitigation measures and work is underway to restore them."

"At this time, there is no indication that any other government departments have been impacted by this incident."

"The Government of Canada deals with ongoing and persistent cyber risks and threats every day. Cyber threats can result from system or application vulnerabilities, or from deliberate, persistent, targeted attacks by outside actors to gain access to information."

Treasury Board of Canada Secretariat

(RedPixel/stock.adobe.com)

So there it is. No sooner said than done. Cyberattacks against Canadian government departments are not new, they have been occurring with some regularity of recent times. And the suspects are usually China or Russia. This latest attack that occurred on the very day that Canada's cyberdefence agency warned of Russian-backed threats, was a significant attack, a cyber incident  causing disruption to a group of departmental systems. The Canadian Centre for Cyber Security, which had warned of such an attack's likelihood is now investigating what it had predicted.

Civilian participants in a Kyiv Territorial Defence unit train in a forest on January 22, 2022, in Kyiv, Ukraine. (Sean Gallup/Getty Images)