Cyber hackers set sights on critical infrastructure providers – report

Of the 235 recorded ransomware attacks against Canadian companies this year, more than half were targeted at critical infrastructure providers such as energy, healthcare, and manufacturing firms, the country’s digital cybersecurity agency has revealed.

A new report published by the Communication Security Establishment’s (CSE) Canadian Centre for Cyber Security, however, noted that the number could just be a small portion of the overall figure as “most ransomware events remain unreported.” The agency also warned that, once targeted, ransomware victims were often attacked multiple times.

“The COVID-19 pandemic has made organizations like hospitals, governments, and universities more mindful of the risks tied to losing access to their networks and often feeling resigned to pay ransoms,” the report said. “Cybercriminals have taken advantage of this situation by significantly increasing the value of their ransom demands.”

Read more: Ransomware attacks on healthcare facilities continue to wreak havoc

Globally, the number of ransomware attacks shot up by 151% in the first half of 2021 compared to the same period last year, according to the report. The agency added that the average ransom payment appeared to have stabilized at around US$200,000 (about CA$255,000), but the cost of recovery has exploded, rising to $2.3 million this year from just $970,722 in 2020.

“We assess that ransom payments are likely reaching a market equilibrium, where cybercriminals are becoming better at tailoring their demands to what their victims are most likely to pay given the growth of recovery cost and the risk of reputational damage from public data leaks,” the report said. “For large enterprises and critical infrastructure providers, many sophisticated ransomware groups are still demanding increasingly exorbitant amounts, with 2021 seeing the largest ransom payment ever at CA$48.4 million.”

Read more: How much are data breaches costing Canadian businesses?

The cyber agency added that some of the threat actors act so effectively because they have the backing of foreign states.

“We assess that Russian intelligence services and law enforcement almost certainly maintain relationships with cybercriminals, either through association or recruitment, and allow them to operate with near impunity – as long as they focus their attacks against targets located outside Russia and the former Soviet Union,” the agency said in the report.

The agency also predicted how ransomware operations would evolve in 2022 and what organizations can do to mitigate the risks:

• Ransomware will continue to pose a threat to the national security and economic prosperity of Canada and its allies in 2022 as it remains a profitable activity for cybercriminals. Mitigating the increasing risks will require concerted national efforts to improve cyber security and adopt best practices to harden critical systems, as well as coordinated international actions to undermine criminal infrastructure and tactics.
   
• Ransomware operators will likely become increasingly aggressive in their targeting, including against critical infrastructure. The collective response to the ransomware epidemic includes limiting the degree to which cybercriminals can rely on safe-haven jurisdictions, such as Russia, that protect them from consequences.
   
• Cybercriminals will almost certainly continue to rely on digital currencies to facilitate ransomware operations. International efforts to counter ransomware also come in the form of greater scrutiny and regulation of cryptocurrency exchanges that fail to report suspicious transactions, with a particular focus on mixing services that obfuscate criminal transactions with local traffic.

Read more: Ransomware demands in H1 2021 increased nearly threefold – Coalition

“As Canada and the international community pursue efforts to disrupt the incentive structures that make it attractive and possible for cybercriminals to mount ransomware attacks and for their victims to pay up, the ransomware threat will very likely continue to grow and evolve in ways that have significant impacts on organizations and the critical infrastructure of Canada and its international partners,” the agency said. “While ransomware attacks will almost certainly continue to increase in scale, frequency and sophistication, the vast majority can be prevented by implementing basic cyber security measures.”