Canada Releases Latest National Cyber Threat Assessment

Published: 03 November 2022

CSEC CanadaCanada’s Communications Security Establishment is responsible for managing foreign signals intelligence and is the country’s authority for cybersecurity and information assurance. (Photo: Eshko Timiou, Wikimedia, License)

By Henry Pope

The state-sponsored cyber programs of China, Russia, Iran, and North Korea are the greatest strategic threats to Canadian online security, the Canadian Centre for Cyber Security claims in its latest National Cyber Threat Assessment.

These programs have heavily invested in misinformation and disinformation tactics to further their geopolitical interests, says the document that highlights the most predominant cyber threats to Canadian national security and the most common ones that online users are likely to come across.

“State-sponsored cyber threat activity against Canada is a constant, ongoing threat that is often a subset of larger, global campaigns undertaken by these specific states,” a spokesperson from the Communications Security Establishment (CSE)—Canada’s cryptologic agency—told OCCRP.

Cyber threat actors possess the means to target critical infrastructure and steal information through espionage, either in case of future hostilities, or as a form of power projection and intimidation.

Canada can even be threatened in cases where its citizens, infrastructure, and economy are not even the principal targets; the country’s association with international alliances such as NATO and the G7 make it vulnerable to state-sponsored cyber attacks, the report said, as does Canada’s integration with its Five Eyes intelligence partners.

Despite these vulnerabilities, the CSE told OCCRP that “we assess that state-sponsored cyber threat actors will very likely refrain from intentionally disrupting or destroying Canadian critical infrastructure in the absence of direct hostilities.”

Cybercriminals well-versed in ransomware and spyware are also given significant coverage, given the growing cryptocurrency industry and “cybercrime ecosystem” that can now siphon billions out of its victims every year.

The Cyber Centre’s assessment classified ransomware as “almost certainly the most disruptive form of cybercrime facing Canadians” and that it has now evolved into “a persistent threat to Canadian organizations.”

Essentially, hostile actors seize the victim’s data, encrypt it, then demand payment, lest it be permanently deleted or—should the data be particularly sensitive in ature—leaked to online cybercrime marketplaces or sold to the highest bidder.

Ransomware attacks can further restrict access to essential services and, by extension, threaten people’s very health and physical safety, as was the case last year when ransomware attacks in hospitals across Newfoundland and Labrador locked staff out of vital patient care systems.

Other online criminal tactics, such as phishing, i.e. the theft of a person’s private information that grants the perpetrator access to the victim’s finances or identity, are also heavily prevalent in Canada’s cyberspace, the report found.

Spyware programs have also become sophisticated enough where they can provide the perpetrator access to an individual’s personal device without any input whatsoever from the victim.

NSO Group’s infamous Pegasus spyware, for instance, has drawn international condemnation for its role in depriving journalists, activists, and political opposition figures worldwide of their right to privacy, often at the hands of their own governments.

Altogether, over 150,000 documented cases of fraud have occurred in Canada since January 2021 alone, acts which siphoned over CDN$600 million (US$440.8 million) out of the country’s economy, according to the Canadian Anti-Fraud Centre.

Ultimately, it is not advised to pay attackers after they have stolen and encrypted an individual’s data. Scammers frequently “return to the well” when they have identified a mark who will pay up, or in the majority of cases they will simply refuse to completely restore the victim’s information.

“So long as ransomware remains profitable, we will almost certainly continue to see cybercriminals deploying it,” the report said.

Amongst the final major points outlined in the assessment was the transformation of digital assets into a now commonplace commodity; cryptocurrencies and other not yet fully regulated finances “are both targets and tools for cyber threat actors to enable malicious cyber threat activity,” the report said.

Since bitcoin’s emergence in 2008, the number of cryptocurrencies available has exploded, with over 10,000 different variations currently being traded. The market cap for the industry peaked at almost $3 trillion before dipping to just under $1 trillion in mid-2022.

This has created vast opportunities for criminals to profit off of cybercrime and to launder their ill-gotten gains. Cryptocurrency theft alone peaked in 2021 to almost $3.2 billion.

Being such a lucrative criminal enterprise, law enforcement in Canada must now properly invest in its own capabilities to track, recover and otherwise impede criminals' access to digital currencies whilst engaged in their illegal endeavors, the report said.

Although it was assessed that cryptocurrency money laundering “will almost certainly continue to facilitate the growth of cybercrime and other illicit activities,” it is nevertheless an area in which Canadian authorities are currently lagging behind.

Ultimately, the report surmised, as people become more integrated with the internet, vulnerabilities and threats from cybercrime will continue to multiply.

The Canadian government, therefore, has named the country’s cyber security a priority and recently proposed the allocation of CDN$875.2 million ($643.3 million) to bolster the CSE’s ability to deter, defend, and prevent cyber-attacks.

These investments would “help address the rapidly evolving cyber landscape” and aim to protect Canada’s critical infrastructure, government systems, and national security, a CSE spokesperson told OCCRP.