Reuters yesterday reported Canada’s foreign ministry hacked, services hit. The incident, which was originally detected last Wednesday, has left some internet and internet-based services currently unavailable. As on Monday night, Canadian cybersecurity officials were still working on restoring those internet services.
<p>As individuals, we are aware of the personal threats posed by cyberattacks directed against us. As members of businesses and organizations, we know that enterprise data, which is the lifeblood of the corporation, is always a tempting target for hackers. And yet, as citizens we should be most cognizant of the brazen attempts by threat actors to steal state secrets or disrupt governmental operations. We depend on government to provide us with a basic level of security against all threats to our lives and livelihoods, so we have to be concerned that threat actors—whether acting independently or state-sponsored—are directing their efforts against the entities which have the most ample resources to defend against cyberattacks.</p>
<p>The recent attack against Canada’s GAC should underscore the need for data-centric security such as tokenization or format-preserving encryption to be applied to sensitive data wherever it resides in order to render that data incomprehensible and thus worthless for exploitation if bad actors get ahold of it. Preventing attacks and breaches is not 100% fool-proof, so we can only hope that governmental agencies in the US, Canada, and elsewhere across the globe have instituted the mitigating measures of data-centric security applied directly to data in case that sensitive information falls into the wrong hands.</p>
<p>Based on Canada\’s Foreign Affairs Department confirmation that they were the victim of a cyber-attack, it will be more interesting to learn if the attack was the result of the Canadian\’s government\’s criticism of Russia\’s possible invasion of Ukraine. In any event, the attack is a reminder that any threat group, and in this case Russian actors, can launch an attack similar to the one against Canada\’s foreign affairs department, or any other government or organisation for that matter. Very often nation states will make noise in the shadows, but sometimes they create so much noise that it ends up making headlines.</p>
<p>This latest attack is a reminder to public and private sector organisations that every corporate Internet-connected device is vulnerable, be it through unknown or unpatched vulnerabilities in hardware and software. In the global cyber criminal ecosystem, initial brokers that offer initial access to networks are abundant and sell access to government agencies and private sector companies to the highest bidders. In the case of Canada\’s Foreign Affairs Department, access would fetch a higher fee than an unknown or smaller target.To reduce risk and improve its resiliency against cyber threats, every organisation should regularly test its infrastructure for weak points by conducting threat assessments and deploying appropriate incident response plans. In addition, follow security hygiene best practices that include timely patch management, offsite data backups and security awareness training. Organizations should also deploy multi-layer prevention capabilities on all enterprise endpoints across their networks. And implement extended detection and remediation solutions across their environments for visibility to end advanced attacks before hackers gain a footing in their network.</p>
<p>As Canada\’s own intelligence agencies have recommended just prior to the attack, organizations need to upgrade their security capabilities in lieu of potential Russian attacks. Outside of even nation state threats, threat actor groups continue to evolve their campaigns. However, despite existing investments in perimeter and defensive solutions, endpoint, XDR, and SIEM, threat actors are still evading these tools successfully. With stolen credentials and phishing attacks being used to get inside networks easily, upgraded solutions that offer behavioral based threat detection along with adaptable machine learning (ML), not rule-based, and true artificial intelligence models found in a small set of next generation SIEMs are critical to stop these multi-staged attack campaigns.</p>
<p>As highlighted by recent events, the ability to disrupt digital channels has become a strategic weapon in today\’s geopolitical environment. Shutting off or redirecting websites/mobile apps harms not only consumers looking to access those services but also revenue and communication channels for business and government entities. Avoiding this scenario requires continuous monitoring of client-side experience to detect anomalous activity (domains, vendors) before it propagates and causes extensive damage. Establishing and maintaining digital trust and safety is a priority in 2022.</p>