Hackers increasingly target Canada key infrastructure: Spy agency | Cybersecurity News

Agency reports 235 ransomware attacks on Canadian targets this year, half of which were key infrastructure providers.

Global ransomware attacks increased by 151 percent in the first half of 2021 compared with 2020, Canada’s signals intelligence agency has reported, as hackers become increasingly brazen.

Key Canadian infrastructure has regularly been targeted in ransomware attacks in which hackers essentially hold computer information hostage until they are paid, the Communications Security Establishment (CSE) said in a report published on Monday.

The agency said it knew of 235 ransomware incidents against Canadian targets from January 1 to November 16 of this year. More than half were critical infrastructure providers, including hospitals.

“Ransomware operators will likely become increasingly aggressive in their targeting, including against critical infrastructure,” said the report issued by the Canadian Centre for Cyber Security, a unit of CSE.

The average total cost of recovery from a ransomware incident more than doubled to $1.8m globally in 2021, the Reuters news agency reported.

CSE reiterated that actors from Russia, China and Iran posed a serious threat to the cyber-infrastructure of countries such as Canada.

“Russian intelligence services and law enforcement almost certainly maintain relationships with cybercriminals, either through association or recruitment, and allow them to operate with near impunity as long as they focus their attacks against targets located outside Russia,” CSE said.

SolarWinds hack anniversary

The Canadian government report came as a US cybersecurity firm warned that attacks by elite Russian state hackers have barely eased up since last year’s massive SolarWinds cyber-espionage campaign targeting US government entities, including the Justice Department, and companies.

On the anniversary of the public disclosure of the SolarWinds intrusions, US cybersecurity firm Mandiant said hackers associated with Russia’s SVR foreign intelligence agency continued to steal data “relevant to Russian interests”.

The hacking campaign was named SolarWinds after the US software company whose product was exploited in the first-stage infection of…


Hackers target biomanufacturing facilities using the Tardigrade malware

Biomanufacturing facilities in the US are being actively targeted by an unknown hacking group leveraging a new malware strain.

In a new threat advisory, the Bioeconomy Information Sharing and Analysis Center (BIO-ISAC) revealed that the first attack believed to be launched using this new malware dubbed “Tardigrade” occurred in the spring of this year. At that time, Tardigrade was used in a cyberattack on a large biomanufacturing facility though a second facility was hit using the same malware just last month.


FBI email servers were hacked to target a security researcher

The FBI appears to have been used as a pawn in a fight between hackers and security researchers. According to Bleeping Computer, the FBI has confirmed intruders compromised its email servers early today (November 13th) to send fake messages claiming recipients had fallen prone to data breaches. The emails tried to pin the non-existent attacks on Vinny Troia, the leader of dark web security firms NightLion and Shadowbyte.

The non-profit intelligence organization Spamhaus quickly shed light on the bogus messages. The attackers used legitimate FBI systems to conduct the attack, using email addresses scraped from a database for the American Registry for Internet Numbers (ARIN), among other sources. Over 100,000 addresses received the fake emails in at least two waves.

The FBI described the hack as an “ongoing situation” and didn’t initially have more details to share. It asked email recipients to report messages like these to the bureau’s Internet Crime Complaint Center or the Cybersecurity and Infrastructure Security Agency. Troia told Bleeping Computer he believed the perpetrators might be linked to “Pompomourin,” a persona that has attacked the researcher in the past.

Feuds between hackers and the security community aren’t new. In March, attackers exploiting Microsoft Exchange servers tried to implicate security journalist Brian Krebs using a rogue domain. However, it’s rare that they use real domains from a government agency like the FBI as part of their campaign. While that may be more effective than usual (the FBI was swamped with calls from anxious IT administrators), it might also prompt a particularly swift response — law enforcement won’t take kindly to being a victim.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.


Hackers Target Newfoundland’s Health Care System

For many months now, the residents of Newfoundland and Labrador have had to put up with canceled or delayed medical procedures and appointments. For a long time — like people in the rest of Canada, and around the world — their predicament was due to the pandemic.

But lately, the trouble has come from a new source — a catastrophic cyberattack. The system ground to a halt on Oct. 30. On Friday, the province’s four health authorities were predicting that treatment delays and disruptions would begin easing on Monday, although they would persist in some emergency departments and not all elective surgeries and chemotherapy treatments would return to normal.

And this week, the province revealed that the attack was worse than previously reported. On Friday, John Hogan, the provincial justice minister, said that employee information at three local health authorities had been stolen. Two days earlier, officials said that personal information of patients and health care workers, some of it health-related, had been “accessed” during the attack.

It was, in short, a cyberattack that theoretically affected everyone in the province.

But good luck finding out what happened or what’s going on to remedy it. The government of Premier Andrew Furey, who is also an orthopedic surgeon, won’t even describe the variety of the cyberattack.

“Our advice from world-class experts is to say nothing,” John Haggie, Newfoundland’s health minister, told a news conference on Wednesday. Nor will the government reveal who those experts are that the province brought in to solve its problem.

The Canadian Broadcasting Corporation, without revealing its source, reported that the shutdown was the latest in a string of ransomware attacks that have hit other health-related institutions, corporations and governments during the pandemic. Such attacks developed about a decade or so ago. The attacks, which appear to often come out of Russia, simply involve seizing control of data on vulnerable computer systems, encrypting it and then threatening to destroy it unless a ransom is paid, usually in bitcoin.

Three hospitals in Ontario were victims of such attacks in October 2019. They have disrupted individuals’…