IoT Cybercrime Hotspot In Canada

Cyber criminals are shifting their attention from traditional computers to internet-connected devices in Canadian homes, says the government's cyber security agency.

In its threat assessment for 2018, the newly created Canadian Centre for Cyber Security says devices connected to the internet, such as a growing number of "televisions, home appliances, thermostats and cars", have become attractive targets.

"Manufacturers have rushed to connect more types of devices to the internet, often prioritising ease of use over security," the centre wrote in its report, made public Thursday 6th Dec.

"We regularly observe cyber threat actors exploiting security flaws in devices resulting in either disruption to device functionality or using devices as platforms to launch other malicious cyber activities."

Cybercriminals used thousands of devices connected to the internet, from baby monitors to air quality monitors and surveillance cameras, to launch a botnet attack in October 2016, the centre said.

"The botnet conducted a powerful Distributed Denial of Service (attack) that disrupted a major website domain manager, temporarily disabling some of the world's most popular e-commerce, entertainment and social media sites for millions of users."

Enterprising cybercriminals have even infected devices connected to the internet with malware to mine cryptocurrency, with the owner of the device often being oblivious to what is going on.

While cybercrime isn't new, the centre predicts cyber-attacks on Canadians are going to rise in number.

"Stealing personal and financial information is lucrative for cybercriminals and is very likely to increase."

The centre said it sees cyber-criminals becoming more organized and developing business-like processes.

Selling Stolen Information

"Cybercrime is now so prevalent and sophisticated that it sustains illegal online marketplaces," the centre wrote. "These cyber-crime marketplaces offer illicit goods, stolen information and malware. Some cybercrime marketplaces even offer customer support and rating functions."

Speaking to reporters as the centre's first report was made public, Scott Jones, head of the centre, said his organisation isn't trying to scare Canadians away from new technology. Instead, he said, the report is meant to help Canadians and Canadian companies avoid becoming victims of cyber criminals and state-controlled hackers.

With the next federal election set for 2019, the centre is also expecting other countries to use the web, botnets and troll farms to try to influence the opinions of Canadians and exploit political divisions or controversies.

"Although major web platforms are making efforts to curb the negative effects of manipulative information sharing, the opinions of Canadians will remain an attractive target for cyber threat actors seeking to influence Canada's democratic processes."

The centre cited a CBC News report that found Russia's Internet Research Agency used its trolls to comment on Canadian issues like the January 2017 Quebec City mosque shooting and asylum seekers crossing the border in the summer of 2017.

Jones said the centre plans to publish an update this spring on cyber threats to Canadian elections.

The centre said Canadian businesses will continue to be attractive targets for cybercrime — and their executives as well.

"Whaling occurs when an executive with authority to issue large payments receives a message appearing to come from a relevant department or employee, urging them to direct funds to an account controlled by a cyber threat actor."

Corporate espionage remains a threat, particularly for businesses in strategic sectors of the economy or those that have attractive intellectual property or commercially sensitive information. Companies with large databases are targeted by cyber crooks who try to extort businesses by revealing confidential client information.

Paying Cyber Ransom

"Some businesses decide that paying a ransom is cheaper than the costs associated with ignoring a cyber ransom. Yet cyber threat actors can decide to delete, modify or release information even if a payment is made."

The increased availability of cyber tools and the increasing interconnection of devices has also made it easier to launch attacks on Canada's critical infrastructure, the centre said.

"State-sponsored cyber threat actors have conducted cyber espionage against critical infrastructure networks in Canada and allied nations. In Canada, these threat actors have conducted reconnaissance and intelligence-gathering in the energy, aerospace and defence sectors."

Speaking with reporters, agency officials said those state-sponsored actors may have gathered enough information to disrupt critical infrastructure networks.
However, they said they believe other countries don't appear to be poised to do anything with that information, at least not yet.

"At this time, we assess it is very unlikely that state-sponsored cyber threat actors would intentionally seek to disrupt Canadian critical infrastructure and cause major damage in the absence of international hostilities," the centre said in its report.

While the centre was willing to talk about cyber security threats to Canada, Jones was tight-lipped when it came to questions about Chinese telecom giant Huawei and fears expressed by experts that it could take advantage of new 5G networks to spy on Canadians.

While Jones said government has given it a mandate to study security risks posed by the company and a deadline to report, Jones refused repeatedly to say when that report is due.

Jones also was reluctant to say whether the arrest of Huawei's chief financial officer Meng Wanzhou in Vancouver Saturday on behalf of the United States could prompt China to retaliate with cyber-attacks, or whether the centre has seen any increase in cyber-attacks since her arrest.

"We always have to be resilient, no matter what the possible trigger could be. So we increase our resilience against any form of malicious cyber activity that we could be facing as a nation."

CBC News:

You Might Also Read:

Security Flaws In Smart City Technology

« US Senator Calls For New Cyber Doctrine
Banks Lose Tens Of Millions Of Dollars In Hollywood-style Hacks »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Uniken

Uniken

Uniken REL-ID is a safe, simple, and scalable security platform that tightly integrates your identity, authentication, and channel security.

VMRay

VMRay

VMRay delivers advanced threat analysis and detection that combines a unique agentless hypervisor-based network sandbox with a real-time reputation engine.

Database Cyber Security Guard

Database Cyber Security Guard

Database Cyber Security Guard (aka Don't Be Breached) informs Security Professionals and DBAs of Zero Day, Ransomware and Data Breach attacks within milli-seconds

Harel Mallac Technologies

Harel Mallac Technologies

Harel Mallac Technologies is a Mauritian organisation that has developed a strong network of ICT specialists with nodes across the African continent.

Farsight Security

Farsight Security

Farsight Security provides the world’s largest real-time actionable threat intelligence on how the Internet is changing.

Center for Cyber & Homeland Security (CCHS)

Center for Cyber & Homeland Security (CCHS)

The Center for Cyber and Homeland Security at Auburn University is a nonpartisan think tank that works to develop innovative strategies to address current and future threats to the United States.

Hassans International Law Firm

Hassans International Law Firm

Hassans is the largest law firm in Gibraltar, providing a full range of legal services across corporate and commercial law including Data Protection and GDPR compliance.

MorganFranklin Consulting

MorganFranklin Consulting

MorganFranklin Consulting is a management advisory firm that works with businesses and government to address complex and transformational technology and business objectives including cybersecurity.

Northdoor

Northdoor

Northdoor provides a comprehensive set of services around information security and works with leading global technology vendors to deploy and manage cyber security solutions.

FluidOne

FluidOne

FluidOne are an award-winning Connected Cloud Solutions provider. We design tailored solutions to help customers and partners digitally transform their IT and communications.

North Green Security

North Green Security

North Green Security is a UK-based cyber security training and consultancy company.

GO Business

GO Business

GO Business are a specialised B2B team within GO that caters to the communication needs of the local business community in Malta.

DigitalXForce

DigitalXForce

DigitalXForce is the Digital Trust Platform for the New Era – SaaS based solution that provides Automated, Continuous, Real Time Security & Privacy Risk Management.

Vantyr

Vantyr

Vantyr's core mission is to safeguard the business-led adoption of SaaS applications by automating the lifecycle management and security of non-human identities.

Academia the Technology Group

Academia the Technology Group

Academia specialise in the supply of software, IT hardware, training and service solutions to the public sectors, business and pro media markets.

CIS Secure

CIS Secure

CIS Secure is an innovator, integrator and expert advisor supporting the broadest portfolio of powerful, mission-specific C5ISR communications and cybersecurity solutions.