Canada’s national security and economic prosperity will be threatened by organized cybercrime over the next two years, as hackers from Russia and Iran increasingly attack critical infrastructure and high-value businesses, according to a report from federal authorities.
The report was released Monday by the Canadian Centre for Cyber Security – a part of the Communications Security Establishment, the country’s cyberintelligence agency – and was written with input from the RCMP. The centre says the report’s findings are based on classified and unclassified information available as of earlier this year.
Among the findings is that the most disruptive form of cybercrime now plaguing Canada is ransomware, a term for a type of malicious software that infiltrates organizations’ computer systems and holds their data hostage for large sums of money.
Many big Canadian companies have already been hit by ransomware and other malware this year, but these attacks are expected to become more common as hackers use innovative techniques to boost their illicit profits, the report warns.
“The cybercriminal groups we’re dealing with are human adversaries. They’re very adaptive and they will pivot to find where they can make the most money. These people don’t have a lot of morals,” Chris Lynam, director-general of the RCMP’s National Cybercrime Coordination Centre, told a news conference that accompanied the report’s release.
The report says hackers from Russia, and to a lesser extent Iran, are being given safe havens in those countries so they can operate with impunity against Western targets. They have been using ransomware to obscure the origins and intentions of their attacks, the report adds.
Our cyberspace invaders: Why nobody can seem to solve Canada’s massive hacking problem
Sami Khoury, the head of the Canadian Centre for Cyber Security, told reporters that his team has seen instances of state-sponsored activity and cybercrime overlapping. Often, state-backed actors will task cybercriminals with achieving strategic goals or carrying out intelligence operations, he said. In other cases, state-backed groups will engage in cybercrime themselves, in pursuit of personal profit, he added.
Mr. Khoury said Russia allows these attacks to originate within its borders so long as the targets are outside the Commonwealth of Independent States, which is made up of Russia, Belarus, Moldova, Armenia, Azerbaijan, Kyrgyzstan, Kazakhstan, Tajikistan and Uzbekistan.
The relationship between cybercriminal groups and intelligence agencies in Iran is not as clear as it is in Russia, the report says. Groups in Iran have attacked people and institutions in the United States, Israel and some of the Gulf states, but the report says these hackers may have been motivated by money, rather than geopolitical concerns.
Iran and Russia have denied that their governments support or carry out hacking operations in other countries.
Cyberattacks in Canada have struck nearly every sector, but their most disruptive impact has been on essential services and goods, the report says. For example, some hospitals that were victims of cybercrime told officials the incidents disrupted their ability to care for patients, leading to longer stays, delayed tests or procedures and, in some cases, increased death rates.
In 2022, there were 70,878 known incidents of online fraud in Canada, with more than $530-million stolen, the report says.
But the true number is likely much higher, because between 90 per cent and 95 per cent of organizations targeted by these attacks do not inform the authorities, according to Mr. Lynam, who is also director-general of the Canadian Anti-Fraud Centre, an organization run jointly by the RCMP, the Ontario Provincial Police and the Competition Bureau. The actual amount of money stolen last year is “easily” $5-billion or more, he estimated.
He urged small businesses to report online security breaches to authorities. “One report from a small town in Canada could be the missing piece to an international puzzle,” he said.
Mr. Khoury said even basic cybersecurity measures can help prevent some attacks. While big companies are likely to have these measures in place, he said, small and medium-sized businesses should also invest in their defences.
But the report cautions that one form of defence, cyberinsurance policies, may “have implications for the prevalence of ransomware in Canada.”
Asked what those implications are, Mr. Khoury said his organization encourages Canadian businesses to “protect themselves as much as possible and not wait for an incident to activate an insurance policy.”
“But we have to look at what fuels that ransomware business,” he said. “And what fuels it is money. Cybercriminals are motivated by profit. So, anything that contributes to that ecosystem by injecting money into it is something that we have to take seriously.”