Politics

Criminal hackers 'very likely' to pose threat to national security, economy in near term: report

Organized cybercrime groups are likely to pose a threat to the nation's security and economy over the next two years, and ransomware attacks now constitute the most disruptive form of cyberattack facing Canada, a new report warns.

Ransomware now most disruptive form of cyberattack facing Canadians

Fingers on a keyboard are pictured in front of a glowing screen.
A new report from the Canadian Centre for Cyber Security is warning that cybercrime will pose a threat to national security and the economy in the near term. (Kacper Pempel/Reuters)

Organized cybercrime groups are likely to pose a threat to the nation's security and economy over the next two years, and ransomware attacks now constitute the most disruptive form of cyberattack facing Canada, a new report warns.

The report from the Canadian Centre for Cyber Security (CCCS), released Monday, warns that Russia and, to a lesser extent, Iran are acting as safe havens for cybercriminals hitting Western targets.

During a media briefing on the report Monday, government officials said criminal hackers are targeting education, energy, utility and health-care facilities that are critical to the economy.

The report said that fraud and online scams remain the most common forms of cybercrime. Canadians reported more than 70,000 instances of fraud last year, linked to more than $530 million allegedly stolen from companies and individuals.

Officials said only about 10 per cent of victims report such attacks and that $530 million figure could be an underestimate.

The report says ransomware attacks — which involve hackers threatening to publish sensitive data or block access to it unless a ransom is paid — are targeting organizations and industries with no discernable pattern.

The sectors most affected were manufacturing — which saw 18 per cent of attacks in 2022 — and business and professional services, which saw 14 per cent of attacks.

Other areas of the economy that suffered significant ransomware attacks in 2022 were the health care and pharmaceutical sector (7 per cent of total attacks), information technology and the retail sector (8 per cent each) and the non-governmental organization and education sectors (7 per cent of all incidents).

Hospitals targeted

The report says cyberattacks undermined hospitals' efforts to care for patients, leading to longer hospital stays, delayed tests and procedures, complications from medical procedures and even increased death rates in some cases.

In October 2021, for example, the health care system in Newfoundland and Labrador was hit with a ransomware attack that caused an IT outage affecting 10 per cent of patients in the province and costing the system $16 million. 

Separately, the Canada Revenue Agency told CBC News that a hack against the file-sharing platform MOVEit earlier this year did involve CRA-related files, but most of the information was either publicly available or password-encrypted. 

"Thanks to these additional safeguards being in place, the CRA has no reason to believe that any CRA information has been compromised," the CRA said. 

The MOVEit platform is used internationally by public and private sector organizations to share personal information related to fields such as health care, finance and government services.

Russia and ransomware

The report says that ransomware victims who obey hackers' demands have no guarantee that their systems will be restored. 

"One survey of Canadian businesses found that only 42 per cent of organizations who paid the ransom had their data completely restored," the report said.

"Some ransomware operators retain backdoor access to victim networks following ransom payment."

The report also says that in some cases, false evidence is planted to convince victims that their sensitive personal data has been deleted from the attacker's computers.

The CCCS says that "Russian intelligence services and law enforcement almost certainly maintain relationships with cybercriminals and allow them to operate with near impunity."

A government official said intelligence and security sources indicate that many cybercriminal groups operate in Russia and are permitted to carry out those activities so long as they do not target Russian interests.

The report says the relationship between cybercriminal groups in Iran is less clear, with groups targeting institutions and individuals in the United States, Israel and some of the Gulf States.

Watch: How to know if you've been hacked — and what you can do to protect yourself:

How to know if you've been hacked — and what you can do to protect yourself

1 year ago
Duration 1:26
Data breaches, hacks and ransomware attacks seem to be in the news more often. But cybersecurity experts say there are helpful steps you can take to protect yourself in the wake of a data breach, and to prepare for the next time it happens.

ABOUT THE AUTHOR

Peter Zimonjic

Senior writer

Peter Zimonjic is a senior writer for CBC News. He has worked as a reporter and columnist in London, England, for the Telegraph, Times and Daily Mail, and in Canada for the Ottawa Citizen, Torstar and Sun Media. He is the author of Into The Darkness: An Account of 7/7, published by Random House.

With files from the CBC's Brennan MacDonald