Foreign intelligence agencies and state-sponsored cybercriminals are engaged in a massive campaign aimed at stealing Canada’s COVID-19 vaccine testing information, securing advance warnings on Canada’s public health and border measures, and spreading coronavirus conspiracy theories, a new report says.
The report from Canada’s cyber defence agency, the Communications Security Establishment, builds on its previous COVID-19 alerts, which warned that cybercriminals have “spoofed” many Government of Canada webpages in attempts to scam citizens. The new report outlines the stunning scale of these spoofing and phishing attacks, and new strategic directions.
The cyber defence agency is “aware of over 120,000 newly registered COVID-19 themed domains, a large proportion of which was considered malicious or related to fraudulent activity,” the April 27 report says.
Over 1,500 of these fake Government of Canada COVID-19 pages were taken down by the agency, spokesman Ryan Foreman told Global News.
“State intelligence collection requirements have shifted in response to COVID-19”
Foreman said that during May, the agency believes COVID-19 scams declined but there is a growing threat from espionage targeting Canada’s medical research and supply chains, and potentially grave consequences.
“Ransomware attacks against health-care providers, research facilities, and medical manufacturers will have negative consequences on patient care and hinder the development and production of Canadian medical research and domestic supply chains,” the report says.
“Authoritarian” states are named as threat actors in the report, but specific governments are not identified.
The agency has previously stated “it is almost certain that actors likely associated with the People’s Republic of China (PRC) Ministry of State Security (MSS)” were responsible for similar cyberattacks against Canada and its allies, in order to gain “access to multiple client systems and large amounts of sensitive data, leading to loss of proprietary information, disruption to business operations, financial loss.”
The report assesses that foreign spies are targeting Canadian pandemic-related supply chains partly because of the nation’s world-leading “health and biotechnology.”
“Many of Canada’s companies and research universities are leading the world’s efforts to rapidly manufacture highly efficient COVID-19 testing kits and develop a COVID-19 vaccine,” the report says. “State-sponsored cyber threat actors are increasingly targeting the health sector, including government health agencies, almost certainly to obtain intellectual property and other sensitive data pertaining to COVID-19 medical research.”
In a “notable example,” the report says “in mid-April 2020, a Canadian biopharmaceutical company was compromised by a foreign cyber threat actor, almost certainly attempting to steal its intellectual property.”
In another example, “in early-April 2020, individuals associated with a Canadian university engaged in COVID-19 research and a Canadian provincial government health agency were targeted by COVID-19-themed phishing attacks attempting to deliver ransomware.”
But Canada is just one of many worldwide targets.
In another example, “WHO attributed two phishing campaigns targeting its staff to two separate state-sponsored cyber threat actors,” the report says.
The report adds that while Canada and other governments scrambled to respond to the coronavirus this year, unidentified intelligence agencies have been seeking advance warnings on confidential “public health responses (e.g., travel restrictions) under consideration by foreign states.”
Cybercriminals connected to “affected governments” are also likely to be “targeting the health sector to supplement official intelligence collection efforts,” the report says.
Individuals and work from home targeted
Meanwhile, as many Canadians work outside more secure office spaces, a rising threat is “cyber threat actors are increasingly attempting to identify and exploit the devices of individuals working at home, particularly targeting those who are employed in areas of strategic interest.”
Specific online platforms and meeting tools such as Zoom have been targeted for “vulnerabilities that would enable cyber espionage,” according to the report.
“Zoom faced challenges to their reputation after security researchers scrutinized the platform,” the report says. “For example, the University of Toronto’s Citizen Lab reported that user communications, including encryption keys, may be routed through Zoom’s servers in China even when all participants are located outside of China.”
The report adds that “it is very likely that authoritarian governments will use COVID-19 as a justification to procure and deploy surveillance technologies against their own citizens and expatriates residing in Canada or Canadians living abroad.”
Also, foreign agencies have been involved in “the purposeful dissemination of inaccuracies regarding the origins, spread, or mitigation of COVID-19,” which “can only work to undermine the efforts of Canadian and global public health responses,” the report says.
Global News has previously reported that a Canadian social media analytics firm judged that Russian propaganda linked to a Canadian website was disseminated by People’s Republic of China diplomats.
While Canada’s cyber defense agency doesn’t name any country specifically, its report says that “a publicly available European External Action Service report stated that they continued to observe ‘a convergence of disinformation narratives’ among several states. One of these disinformation narratives portrays the origins of the virus as a U.S. biological weapon.”View link »