Canada’s cyber spy agency is warning organizations, including power companies and banks, to shore up their defences against Russia-based cyber threat activity as the Western world responds to Moscow’s invasion of Ukraine.
In a statement Thursday, the Communications Security Establishment said that “in light of Russia’s ongoing, unjustified military offensive in Ukraine,” it “strongly encourages all Canadian organizations to take immediate action and bolster their online cyber defences.”
FOR THE PAST two weeks, observers of North Korea’s strange and tightly restricted corner of the internet began to notice that the country seemed to be dealing with some serious connectivity problems. On several different days, practically all of its websites—the notoriously isolated nation only has a few dozen—intermittently dropped offline en masse, from the booking site for its Air Koryo airline to Naenara, a page that serves as the official portal for dictator Kim Jong-un’s government. At least one of the central routers that allow access to the country’s networks appeared at one point to be paralyzed, crippling the Hermit Kingdom’s digital connections to the outside world.
Canada’s cyberspy agency is warning of Moscow-backed cyberattacks on Canadian critical infrastructure as Western countries prepare economic sanctions in the growing expectation that Russia will invade Ukraine.
The Canadian Centre for Cyber Security joined its counterparts in the United States and United Kingdom on Thursday in urging Canadian companies, such as electrical utilities and energy firms, to watch out for cyberattacks from Russia.
I bet the Russians will be pissed to find the ChiComs got there first.
The nightmare of America under cyberattack is happening now and it is not going to stop anytime soon. Foreign adversaries and criminal gangsters alike are hammering all aspects of society from hospitals to schools to government offices.
In December alone, a ransomware attack on human resources software disrupted operations for some hospitals operated by Ascension Healthcare, the timekeeping system of New York City’s Metropolitan Transit Authority, and the government of Prince George’s County in Maryland, among others.
The fact that log4j is such a ubiquitous piece of software is what makes this such a big deal. Imagine if a common type of lock used by millions of people to keep their doors shut was suddenly discovered to be ineffective. Switching a single lock for a new one is easy, but finding all the millions of buildings that have that defective lock would take time and an immense amount of work.
Many of the people on the FBI’s cyber most wanted list are Russian. While some allegedly work for the government earning a normal salary, others are accused of making a fortune from ransomware attacks and online theft. If they left Russia they’d be arrested – but at home they appear to be given free rein.
“We’re wasting our time,” I thought, as I watched a cat licking the carcass of a discarded takeaway chicken.
Surely there would no longer be any trace of an alleged multi-millionaire cyber-criminal on this dilapidated estate in a run-down town 700km (400 miles) east of Moscow.
Chinese state-sponsored hacking is at record levels, western experts say, accusing Beijing of engaging in a form of low-level warfare that is escalating despite US, British and other political efforts to bring it to a halt.
There are accusations too that the clandestine activity, which has a focus on stealing intellectual property, has become more overt and more reckless, although Beijing consistently denies sponsoring hacking and accuses critics of hypocrisy.
Jamie Collier, a consultant with Mandiant, a cybersecurity firm whose work is often cited by intelligence agencies, said the level of hacking emerging from China in 2021 was “a more kind of severe threat than we previously anticipated”.
Hackers breached computer network at key US port but did not disrupt operations
Suspected foreign government-backed hackers last month breached a computer network at one of the largest ports on the US Gulf Coast, but early detection of the incident meant the intruders weren’t in a position to disrupt shipping operations, according to a Coast Guard analysis of the incident obtained by CNN and a public statement from a senior US cybersecurity official.
The incident at the Port of Houston is an example of the interest that foreign spies have in surveilling key US maritime ports, and it comes as US officials are trying to fortify critical infrastructure from such intrusions.
Discussing Russian hacking capabilities in a video discussion for the Heritage Foundation recently, Prof. Scott Jasper of the Naval Postgraduate School recalled a hack in 2018 in which the attackers succeeded in penetrating electrical power companies in the U.S., as they did in Ukraine
“We had evidence from CISA (Cybersecurity and Infrastructure Security Agency) that Russian actors had penetrated up to 20 to 24 utilities by compromising vendors that had trusted relationships,” Jasper said. “They had taken control to the point where they could have thrown switches. They did this in Ukraine and flipped the switches of substations. So, this is a real threat.”
Cybercrime often merges with cyberwarfare. The techniques of both are similar, even if their intentions are not. Yet, unlike their “real-world” counterparts, we cannot afford to treat the former as merely a law enforcement problem and the latter as a military problem. Today’s gnat is tomorrow’s nuclear-tipped missile.
In a recent article, former U.S. National Security Adviser John Bolton highlighted the cyberwarfare being waged on the West every day by Russia, China, Iran and North Korea. The assault is an accelerating proxy war, a coordinated terrorism campaign conducted by both hired criminals and military intelligence agencies, capable of great economic and societal damage. At the same time, even at lower intensity, it is a subtler attack on Western morale.
The Biden administration has revealed new details of Chinese cyberattacks on American critical infrastructure starting nearly a decade ago, amid an ongoing effort to expose what the U.S. and its allies say is the extent of China’s malicious cyber actions aimed at the U.S. and other foreign targets.
China-sponsored attackers targeted U.S. oil and gas companies from December 2011 to 2013 in order to develop the cyberattack capabilities needed to disrupt and damage U.S. pipeline operations, according to an alert issued Tuesday from FBI and the Cybersecurity and Infrastructure Security Agency. The federal government said it previously informed victims and others of the cyberattacks in 2012 but had not made public the full details until this week.
The UK and EU have accused China of carrying out a major cyber attack earlier this year.
The attack targeted Microsoft Exchange servers, affecting over a quarter of a million servers around the world.
The EU was the first to put out a statement saying the attack came from “the territory of China”, while the UK said Chinese state-backed actors were responsible. The US is expected to follow suit.
The countries have also said the Chinese Ministry of State Security was responsible for other espionage activity.
h/t DM
Energy Secretary Jennifer Granholm on Sunday warned in stark terms that the US power grid is vulnerable to attacks.
Asked By CNN’s Jake Tapper on “State of the Union” whether the nation’s adversaries have the capability of shutting it down, Granholm said: “Yeah, they do.”
“There are thousands of attacks on all aspects of the energy sector and the private sector generally,” she said, adding, “It’s happening all the time. This is why the private sector and the public sector have to work together.”
This is a security concern that’s always fascinated me especially since it is given so little attention. It’s only a matter of time before the grid gets hit.
If the pandemic has taught us anything, it’s that we cannot ignore the warning signs for future catastrophes.
In North Carolina, where I live, only about one-third of gas stations are currently reporting that they have any gas, and that’s after some improvement in availability. A ransomware attack shut down a key pipeline supplying these stations, an event that could, but likely won’t, serve as a wake-up call, before we experience a true catastrophe.
Prior to the pandemic, I wrote a lot about digital security, or the lack thereof. I once compared our security status quo to “building skyscraper favelas in code—in earthquake zones.” Not much has changed since then, but we are starting to hear more rumbles.
LONDON (AP) — Western countries risk losing control of technologies that are key to internet security and economic prosperity to nations like China and Russia if they don’t act to deal with the threat, one of the U.K.’s top spy chiefs warned Friday.
“Significant technology leadership is moving east” and causing a conflict of interests and values, Jeremy Fleming, director of government electronic surveillance agency GCHQ, said in a speech.
Singling out China as a particular threat, he said the country’s “size and technological weight means that it has the potential to control the global operating system.”
WASHINGTON—Chinese spies used code first developed by the U.S. National Security Agency to support their hacking operations, Israeli researchers said on Monday, another indication of how malicious software developed by governments can boomerang against their creators.
Tel Aviv-based Check Point Software Technologies issued a report noting that some features in a piece of China-linked malware it dubs “Jian” were so similar they could only have been stolen from some of the National Security Agency break-in tools leaked to the internet in 2017.
