Canada is reviewing its cyber defences to make sure it’s secured against potential cyberattacks from an increasingly aggressive Russia. Experts say you should do the same at home.
While cyberattacks are already pummelling Ukraine, they could affect the average Canadian in a number of ways, too. They could hit your pocketbook, permanently wipe important files or sentimental photos from your electronics. In severe instances, they could disrupt critical infrastructure we rely on.
“You are a potential cybersecurity risk. The threat does apply to you.” said Andrew Loschmann, co-founder and COO of cybersecurity company Field Effect.
“This is something that a lot of people will dismiss and figure, ‘it’s not a problem for me,’ but the reality is, it is a problem for everyone.”
Russia has already launched attacks both on the ground in Ukraine and in the online space. Those attacks, according to experts, have been relentless. Microsoft described Russia’s recent cyberattacks against Ukraine as raising “serious concerns under the Geneva Convention.” Russia has also been blamed for major new disruptive malware in Ukraine, prompting a warning from the Canadian Centre for Cyber Security.
But while recent Russian attacks have primarily targeted Ukrainians, Microsoft said, you’re likely using some of the same software — meaning your computer is at risk of being exploited.
Here’s what you need to know to stay cybersecure amid a growing Russian threat.
What does a Russian cyberattack look like?
Russia has sophisticated capabilities in the cyber warfare space, according to experts, and it’s already deployed some of its online troops.
“Just as Russia has great military might, they certainly have the same capability in terms of cyber warfare,” Loschmann said.
Russia’s cyber warfare infrastructure is large and varied. The U.S. government’s Congressional Research Service published an analysis of Russian cyber units earlier this month, which described “sophisticated cyber capabilities” in Russia to conduct everything from “disinformation” and “propaganda,” to “espionage” and “destructive cyberattacks.”
Russia’s various security and intelligence agencies oversee the “numerous” cyber units. These units have murky motivations, the analysis found, as many Russian security agencies compete against one another and conduct similar operations on the same target.
These nefarious operations take a number of forms, including hacking into systems abroad, targeting operational technology networks with destructive malware, or accessing accounts through passwords leaked on the dark web.
Ukraine has been bearing the brunt of Russia’s cyberattacks in recent weeks.
“Several hours before the launch of missiles or movement of tanks on February 24, Microsoft’s Threat Intelligence Center (MSTIC) detected a new round of offensive and destructive cyberattacks directed against Ukraine’s digital infrastructure,” Microsoft President Brad Smith wrote in a blog post Monday.
There “have been recent cyber efforts in Ukraine to steal “a wide range of data,” including “health, insurance, and transportation-related personally identifiable information (PII), as well as other government data sets,” Smith wrote.
Another example of this warfare is a new, disruptive malware known as HermeticWiper, which has been targeting Ukrainian organizations. The malicious software penetrates a system and then proceeds to wipe all the data that belongs to a government agency or a company, making in unrecoverable.
HermeticWiper is a new, severe consequence that can arise from a simple cyber-safety mistake, according to Terry Cutler, who is an ethical hacker and the CEO of the data defence service firm Cyology.
Before, he explained, ransomware would generally contaminate your computer, scramble your data, and the bad actor would release it when you give in to their request — generally by paying them money. However, this new virus “destroys the data” so you “can’t retrieve it anymore.”
“I foresee a lot of that happening, where people just click on a link…they’re not supposed to, and their data is gone,” Cutler said.
This could be a big issue if all the data is wiped from an important institution like a bank, according to Cutler, especially if important data that gets wiped isn’t backed up anywhere. The worst-case-scenarios of these cyberattacks could result in disruption to major elements of our society, Cutler warned.
“A lot of people think, ‘well, who’s going to want to hack my computer?’ But they don’t realize that when the banks get hit, they can’t get access to their money,” he said.
“Maybe the power grid gets shut down or the water treatment plants get contaminated. Those are all things that happen in cyberspace. But it can affect us in the real world, because everything now is interconnected.”
But a cyberattack doesn’t have to be that severe to have an impact. Something that could affect the lives of individual Ukrainians, or individual Canadians, is what Loschmann called “patriotic motivated hackers.”
“These attacks are more or less indiscriminate, and the attackers might just choose a victim of opportunity. And so that might be you as an individual, or that might be you as a very small business owner, really just looking to find any target or any victim that’s out there,” Loschmann said.
Often these hackers will try to “discredit or embarrass” their victims through methods like defacing websites or disrupting the victims’ ability to conduct business or live their lives as they normally would.
One of the more disconcerting elements of Russia’s cyber attack capabilities, Loschmann added, may have already been accomplished — accessing systems but then lying dormant.
“Consider that Russia is one of the most sophisticated and capable cyber threat actors in the world,” he said.
“You have to avoid…the potential to be overly dramatic here, but it’s important to think about what options might already be at the disposal of the Russian government and with the ever increasing sanctions, what might provoke them to trigger some of them.”
How can you beef up your cyber defences?
With the threat of Russian cyberattacks looming, experts say it’s as good of a time as ever to ensure your online presence is secured.
Some of the things you can do are quite basic. Give yourself a strong password, and enable two-factor authentication so you get a code sent to your phone before logging into a device or account.
“Let’s take an example: I had a great day at work, 2022, exclamation point. Pretty simple phrase. All you do is remove the spacing, capitalize each word, and that password alone will take ten years to crack,” Cutler said.
Passwords can be guessed, Cutler explained, especially with the help of online quizzes that ask you identifying information, such as the name of your childhood pet, or your favourite colour. They also can be leaked on the dark web, where hackers can find them and access any of your accounts that use the same password.
It’s also smart to keep your systems updated, he added, so any security vulnerabilities are patched, and to avoid clicking links in emails without carefully verifying that it’s actually from someone you know — and isn’t an attempt to
As for the Canadian government’s role in all of this, the Communications Security Establishment (CSE) confirmed to Global News that it “has been tracking cyber threat activity associated with the current crisis (in Ukraine).”
“CSE has been sharing valuable cyber threat intelligence with key partners in Ukraine,” a CSE spokesperson said in a statement.
And while the CSE’s Cyber Centre said it “is not aware of any current specific threats to Canadian organizations in relation to events in and around Ukraine,” there has been an “historical pattern of cyber attacks on Ukraine having international consequences.”
While the scale of those potential consequences could be “daunting,” according to Loschmann, it’s important not to lose perspective of the fact that cyberattacks will likely focus on businesses.
“That said, individual or groups of patriotic hackers may seek to instill chaos against any victim they can find online. So do the basics at home, take cyber security seriously and remain vigilant, and remember you still have a role in cyber security at your place of work as well,” he said.
“It will make a difference.”