Summary

In recent years, Canada has consistently faced cyber attacks targeting critical infrastructure, businesses, and individuals. As personal and security data become increasingly digitalized, cybercrime has grown more sophisticated and organized. Considering that 85% of Canada's critical infrastructure belongs to private entities and local governments, it is crucial to strengthen defensive measures. Through various case studies, we will examine the severity of ransomware attacks and the subsequent security measures implemented by the Canadian government.

1. Ransomware attack cases

(1) Ransomware Attack on SickKids Hospital

On December 18, 2022, Canada's SickKids hospital fell victim to an attack by the LockBit ransomware group, disrupting operations for two weeks. The attackers licensed their malicious code through Ransomware-as-a-Service (RaaS), infiltrating the victim's network, stealing data, and encrypting devices. As a consequence of the attack, internal systems such as the website and phone lines were encrypted. While medical equipment and services continued to function normally, delays occurred in receiving lab and imaging results, leading to extended wait times for patients.

(2) Ransomware Attack on the Ontario Liquor Control Board (LCBO)

Between January 5 and 10, 2023, the Ontario Liquor Control Board (LCBO) website was compromised by a web skimming attack. An unidentified attacker inserted malicious code designed to acquire customer information during the payment process. The attackers used an inline script disguised as a legitimate Google Analytics tag to infiltrate the website, injecting JavaScript-based malware into the website's codebase to steal customer and credit card information during transactions. This web skimming attack led to the disruption of the online ordering system and the exposure of customer names, addresses, email addresses, LCBO.com account passwords, credit card information, and employee data.

(3) Ransomware Attack on the Toronto Transit Commission (TTC)

At the end of 2021, the Toronto Transit Commission (TTC) fell victim to a ransomware attack via email. A single email was sent to an employee, pretended to be from a trusted third-party, but it contained a malicious link. When the employee clicked on the link, it allowed attackers to infiltrate TTC's systems. As a result, sensitive data belonging to thousands of current and former employees was stolen, including personal information such as criminal records, immigration details, financial status, and social security numbers, all encrypted by malware.

This type of cyber attack, involving malicious links in emails, aligns with ITU-T international standards outlined in [7.1.3 Malware in uniform resource locator].

(4) Ransomware Attack on the city of Hamilton, Ontario

In February, a ransomware attack hit parts of the IT systems in Hamilton, Ontario, disrupting various electronic systems including phone lines and transit apps. This incident caused inconvenience to over 570,000 residents of Hamilton. According to officials, a significant portion of the servers was encrypted, forcing essential city services to operate manually for a period.

2. canada's Response to Cyber Attacks

Ransomware attacks can result in temporary or permanent data loss, affecting relationships with customers, employees, stakeholders, and business partners, leading to economic losses. To respond these attacks, the Canadian government has implemented various legal and regulatory measures to counter increasingly sophisticated cybersecurity threats.

the Government of Canada

On June 14, 2022, the Government of Canada introduced Bill C-26, An Act Respecting Cyber Security.

The legislation aims to protect Canada's telecommunications systems and prohibit the use of products and services from certain high-risk telecommunications suppliers under the Telecommunications Act. Specifically targeting Huawei and ZTE technologies in 5G infrastructure, the law also mandates the removal of related 4G equipment by 2027. Additionally, the Critical Cyber Systems Protection Act (CCSPA) requires designated operators to establish cybersecurity programs and keep records of cybersecurity controls.

National Cybercrime Coordination Unit (NC3)

Established under the Royal Canadian Mounted Police (RCMP), the National Cybercrime Coordination Unit (NC3) is tasked with preventing and responding to cybercrime. NC3 collaborates with international partners, utilizing digital forensics and cyber analysis technologies to gather evidence related to cybercrimes and coordinate investigative measures.

Canadian Centre for Cyber Security

The Canadian Centre for Cyber Security has published a comprehensive set of guidelines (ITSAP.00.130) aimed at helping businesses protect their research environments and intellectual property from cyber attackers.

They recommend using CIRA security systems, which manage domain names and registries, and employing multi-factor authentication (MFA) processes, which involve using two or more different authentication factors to verify identities, to protect systems and networks from malware. Additionally, the guidelines provide information on implementing access controls and data backups to help Canadian citizens prevent cyber attacks.

3. Conclusion

In today’s society, the use of the internet has become more active than ever for various reasons, including e-commerce, keeping in contact with friends and family, and organizing facility reservations. Consequently, cybersecurity threats are also on the rise, with a noticeable increase in crimes targeting institutions such as the public sector, causing significant inconvenience in our daily lives.

Recent ransomware attack cases have shown that a substantial portion of Canada's public services can be brought down, leading to decreased productivity and economic losses. Furthermore, sensitive data such as citizens' personal information has been leaked, causing severe harm not only to organizations but also to individuals. To counter email attacks, it is essential to proactively understand attack types and countermeasures against malicious malware by staying informed about email security standards. By assessing adherence to mail security standards and developing effective countermeasures, we can protect information assets and ensure the stable operation of public services, thereby safeguarding the safety and well-being of everyone.

International email security standards provide a significant resource for building effective responses countering email attacks. For detailed information on international standards, please refer to the related posts below.

** Related Posts

For more detailed information and the original content, you can refer to the provided links.

Mail Inspector Platform (mailinspector2.blogspot.com)

Public Sector in Toronto, Canada Faces Cybersecurity Crisis Amid Surge in Ransomware Attacks (mailinspector2.blogspot.com)

<[Ransomware] Ransomware Demanding 'Ransom' - Risks and Survival Strategies>

[Ransomware] Ransomware Demanding 'Ransom' - Risks and Survival Strategies (mailinspector2.blogspot.com)

<[Malware] Risks and Response Strategies>

[Malware] Risks and Response Strategies (mailinspector2.blogspot.com)

4. References

https://mcmillan.ca/insights/publications/lessons-learned-from-the-ttcs-ransomware-attack/

https://www.hamilton.ca/cyberincident