Less than a week after a cyberattack on the City of Saint John, New Brunswick’s capital confirmed hackers are targeting them, too.
The City of Fredericton said several attempts have been made to infect its computer system in the days that followed the incident in Saint John.
That’s because cyber-criminals try to replicate their successes, according to City of Fredericton Chief Information Officer Adam Bell.
Bell said the attackers also tend to put increasing focus on the immediate geographical neighbourhood of what they see as a successful attack.
He said Fredericton computer logs show a spike in attempts to hack into its system.
“We saw the exact same attack that was perpetrated on Saint John, attack our system probably three or four days later,” Bell said. “And not once — our logs indicated probably 25 or 30 attempts.”
Saint John officials announced Sunday it was investigating what is called a “significant cyber attack.” Mayor Don Darling later confirmed the city’s computer network was targeted with ransomware.
Bell said Fredericton’s network remains intact so far, but he said the logs also show the number of “phishing” attempts has increased dramatically.
“Phishing” messages are emails that appear to be from legitimate sources asking the user to click a link. Those links often allow viruses to enter and spread throughout a computer network.
In Bathurst, N.B., city officials said they have not noticed any increased activity on their network, but they are watching for it.
“We’re definitely reviewing practices,” said Dustin Lavigne, Bathurst’s manager of information technology. “Reviewing the different layers of security we have in place, how we go about things, looking to see if there’s anything we can improve because, of course, there’s always things we can improve.”
Many organizations proactively hire companies to hack into their systems and identify holes in security before a breach occurs.
Richard Rogerson, managing partner of self-proclaimed “ethical hackers” Packetlabs, believes municipalities avoid precautionary spending because they don’t have the money.
He said services like his cost $25,000-$50,000, but recovering from a cyberattack can cost many times more.
“I think there needs to be some provincial oversight to make sure that there is a minimum level of standards across the board,” Rogerson said about preventative spending on cybersecurity checks. “So we’re not looking at this and saying, ‘You know what, we can’t afford 25 (thousand dollars), let’s pay a million dollars when we get breached.’ Because I don’t think that’s the right decision either.”
Saint John’s high-priority systems like water, wastewater and transit are still functional, but the city’s website and online payments remain down.
Officials have not revealed the ransom request, but Rogerson believes it could be in the neighbourhood of $150,000.