Extreme Level of Cyber-Security Risk

"Given the extreme risk level associated with this vulnerability and the widespread usage of Outlook in the Government of Canada [GC], I am directing GC Chief Information Officers and Heads of IT to prioritize patching of this vulnerability within two days."

"Critical zero-day vulnerability [discovered Outlook Microsoft's email program could give hackers the opportunity to access and exfiltrate sensitive government data, requiring urgent address]." 

"This vulnerability has been exploited by nation-state actors targeting international government institutions to covertly obtain the password hash of targeted users in the past."

"I encourage you to make this a priority within your organization [Departments]."

Shirley Ivan, Chief Information Security and Technology Officer, Canada

 

"We're now in a year plus one in the Ukrainian conflict, and it has been seen in many Telegram channels that Russian-backed cyber criminal gangs will be enhancing, if not promulgating, such attacks against all types of governments that have been helping out Ukraine war efforts."

"The Cyber Centre has access to all the data. So, they knew in advance, and I don't know why they took their time to publish an advisory so late in the game."

"They should have been at the forefront of bringing on this alert one week ahead of Microsoft."

Steve Waterhouse, cybersecurity expert

The new Outlook vulnerability allows hackers to potentially extract an individual’s email account login information simply by sending a 'specially crafted email with a malicious payload.' Photo by Unsplash

Russian-backed hackers have been taking advantage of Microsoft Outlook's newly identified cybersecurity vulnerability. Microsoft itself only days ago confirmed a "critical" zero-day vulnerability in their Outlook email product, its flagship email program. The issue was detected while it was already live and potentially exploitable, interpreted as "zero days" for the organization to find a solution, since "zero-day" designates the vulnerability as a real and current threat.

 

The new Outlook vulnerability gives hackers the opportunity potentially to extract an individual's email account login information through the simple medium of sending a "specially crafted email with a malicious payload", one that does not depend on it being opened to be effective, notes the Canadian Centre for Cyber Security. "Sophisticated actors", confirmed the Cyber Centre in an advisory, had already exploited the vulnerability with success. 

 

Ms. Ivan stated that the Cyber Centre would be committing to placing further measures to "mitigate the threat" of password data being lifted by hackers via the Outlook vulnerability, along with addressing the "long-standing risk of exfiltration" of government data. First detected by Ukraine's Computer Emergency Response Team (CERT) in conjunction with Microsoft researchers in February, Microsoft confirmed its existence a full month later. 

The vulnerability is notoriously exploited by Russian-backed hackers, used against Ukrainian adversaries forming part of their full-scale invasion. Pro-Russia channels on social media have been promoting the use of that Outlook vulnerability against Ukrainian allies, such as Canada, explained cybersecurity expert Steve Waterhouse. The urgency spelled out in Ms. Ivan's memo to federal government department heads reveals the critical nature of the security issue.

According to Mr. Waterhouse, it seemed "weird" that no one in government moved earlier, particularly the Cyber Centre which should have been aware of the issue when Ukraine first signalled it in late February. He described it as a "cover-your-ass approach", that the Cyber Centre waited until Microsoft published its alert. It was on February 24, a full year after the Russian invasion of Ukraine that the Cyber Centre published its advisory warning all Canadians to be aware and "prepared for potential malicious cyber activity following the one-year mark of Russia's war on Ukraine".

  

"The Cyber Centre would like to specifically warn Canadian organizations and critical lnfrastructure operators to be prepared for the possible disruption, defacement, and attempted exploitation of Canadian network assets by cyber threat actors aligned with Russian interests."
Canadian Centre for Cyber Security Advisory