Russian hackers are targeting Canada's infrastructure - federal agency warning

The Canadian Centre for Cyber Security (Cyber Centre) has issued a warning to the cybersecurity community that Russian state-sponsored hackers may start targeting them.

In a bulletin post on the agency’s website, the Cyber Centre “is aware of foreign cyber threat activities, including by Russian-backed actors, to target Canadian critical infrastructure network operators, their operational and information technology.” It issued the warnings following similar other advisories made by its cybersecurity counterparts in the US and UK.

The Cyber Centre has advised that infrastructure network defenders should take the following actions:

• Be prepared to isolate critical infrastructure components and services from the internet and corporate/internal networks if those components would be considered attractive to a hostile threat actor to disrupt. When using industrial control systems or operational technology, conduct a test of manual controls to ensure that critical functions remain operable if the organization’s network is unavailable or untrusted.
• Increase organizational vigilance. Monitor your networks with a focus on the TTPs reported in the CISA advisory (link available in English only). Ensure that cybersecurity/IT personnel are focused on identifying and quickly assessing any unexpected or unusual network behaviour. Enable logging to better investigate issues or events.
• Enhance your security posture: Patch your systems with a focus on the vulnerabilities in the CISA advisory (link available in English only) enable logging and backup. Deploy network and endpoint monitoring (such as anti-virus software), and implement multifactor authentication where appropriate. Create and test offline backups.
• Have a cyber incident response plan, a continuity of operations and a communications plan and be prepared to use them.

In addition to the above, the Cyber Centre has advised that network administrators should inform the agency of any suspicious or malicious cyber activity.

The Cyber Centre’s bulletin come after Foreign Affairs Minister Melanie Joly said that Russia would be on the receiving end of sanctions from Canada and its allies if it continues aggressive action against Ukraine, the Canadian Press reported.

“The recently launched diplomatic process offers Russia two options: they can choose meaningful dialogue, or severe consequences,” the minister said. “We of course appreciate the EU’s collaboration on many deterrence measures, including economic ones. Canada will be ready to take additional measures, particularly with respect to the financial sector.”