Recent studies have shown that Canadian businesses are increasingly being targeted in cyberattacks. The onset of the pandemic and the sudden shift to remote work has given rise to new cybersecurity threats.
A first-quarter survey by US cybersecurity firm Proofpoint revealed that nearly two-thirds of companies globally, including 63% of Canadian-based businesses, have seen a rise in targeted cyberattacks since their employees started working from home.
Of the Canadian firms that participated in the study, more than half, or 51%, admitted that human error was their biggest vulnerability as most attacks involved some sort of interaction with people. Email fraud was also identified as one of the top points of attack.
“Last year, cybersecurity teams around the world were challenged to enhance their security posture in this new and changing landscape, literally overnight,” said Lucia Milică, global resident chief information security officer at Proofpoint. “This required a balancing act between supporting remote work and avoiding business interruption, while securing those environments. With the future of work becoming increasingly flexible, this challenge now extends into next year and beyond.”
Meanwhile, a separate survey by the Canadian Federation of Independent Business (CFIB) found that out of its 3,040 members, almost a quarter have experienced a cyberattack since March 2020, when the coronavirus outbreak forced many businesses to transition to remote work.
About 5% of the respondents said the attack against them was successful. According to the report, this figure is equivalent to more than 60,000 small and medium-sized businesses, if the most recent data from Statistics Canada was considered.
The study also found that businesses that pivoted to remote working, made changes to their online presence, or those in the construction or manufacturing sectors were twice as likely to fall prey to a successful attack.
Top cybersecurity threats in Canada
To help Canadians prepare against cybersecurity threats, Privacy Canada – an organization of online security experts advocating for data privacy among all Canadians – gathered data from the Department of Public Safety and Emergency Preparedness and leading information security researchers to identify the top cybersecurity risks businesses and individuals are facing.
Here are some of the most common cyber threats many Canadians are exposed to, according to the group.
“Of all the known cybersecurity risks, this is one of the easiest for talented hackers to deploy, and it can be one of the most damaging to local businesses and their reputation,” wrote Ludovic Rembert, head of research at Privacy Canada, in an article published on the group’s website.
He added that phishing attacks have become very effective as they take the form of fake emails, text messages, or dubious websites that “look like the real thing,” making it easier to trick people. Rembert also cited research from the International Association of Privacy Professionals (IAPP) showing that between 84% and 92% of data breaches resulted from negligence or human error, which revealed why phishing has become a popular attack vector for cyber criminals.
As its name suggests, ransomware is a form of cyberattack that demands a ransom. Often, a malicious software locks and encrypts a device, demanding that a ransom is paid for access to be restored.
A recent example of a ransomware attack was the one that happened to software firm Kaseya in July, which the company said impacted between 800 and 1,500 downstream businesses. The attack, which was perpetrated by Russia-based hacking group REvil, caused widespread downtime to companies in 17 countries, including Canada, the UK, Germany, South Africa, Mexico, Kenya, and Argentina.
3. Distributed-denial-of-service (DDoS) attacks
According to security software giant McAfee, a DDoS attack is a “method where cybercriminals flood a network with so much malicious traffic that it cannot operate or communicate as it normally would.”
In April 2018, IT World Canada reported that the Royal Canadian Mounted Police (RCMP) had successfully shut down what investigators said was the world’s biggest DDoS-for-hire website. The Toronto-based data centre was said to have more than 136,000 registered users who often targeted banks, government institutions, law enforcement units, and victims in the gaming industry. The police said that website’s popularity stemmed from its ability to offer DDoS-as-a-service, with fees as low as €15, or about $23.44, a month at that time.
4. Zero-day attacks
A zero-day attack happens when attackers exploit a software vulnerability before the vendor becomes aware of it. Rembert noted how cybercrime groups take pride in discovering new exploits that defeat security measures.
One example he provided is the unidentified computer virus that infected Ontario’s Health Sciences North (HSN) network in January 2019. According to CBC News, the cyberattack forced 21 hospitals to shut down their IT platforms to prevent the malware from spreading.
5. Botnet attacks
Cybersecurity services provider Security Intelligence defines a botnet attack as a large-scale cyberattack carried out by malware-infected devices, which are controlled remotely. The firm adds that such attacks turn compromised devices into “zombie bots” for a botnet controller.
“Unlike other malware that replicates itself within a single machine or system, botnets pose a greater threat because they let a threat actor perform a large number of actions at the same time,” the company wrote in its website. “Botnet attacks are akin to having a threat actor working within the network, as opposed to a piece of self-replicating malware.”
Last January, CBC News reported that cybercops from Europe, the US, and Canada derailed a botnet that had been used by cyber criminals to install ransomware, steal data, and engage in financial theft across the globe for years. This led to the arrest of a Canadian member of the group, which had targeted the healthcare sector, municipalities, law enforcement units, and school districts mostly in the US. Half a million dollars in cryptocurrency was also seized.
6. Man-in-the-middle attacks
A man-in-the-middle (MITM) attack is a type of eavesdropping attack, where hackers interrupt an existing conversation or data transfer, according to software company Veracode. The firm said this type of attack happens when hackers insert themselves in the “middle” of the transfer, pretending to be legitimate participants. This enables them to intercept information and data from the legitimate participants while also sending malicious links or other information in a way that might not be detected until it is too late.
According to Rembert, cryptojacking is a relatively new cyber risk that uses a “specialized kind of malware coded for the purpose of infecting a system and surreptitiously using its bandwidth, as well as its computing resources, to mine cryptocurrency.” He added that attacks involving cryptojacking are expected to increase in the future, along with the popularity of cryptocurrencies.
Rembert describes spam as a “global issue that continues to worsen,” adding that “spam emails and messages are not just nuisances [but can also] be weaponized for the purpose of distributing malware that steals personal information or recruits personal computing devices into botnets.”
In Canada, Rembert says the spam problem continues despite legislation that prohibits the distribution of commercial messages without previous solicitation.