Cyber-Attack on Global Affairs Canada
Cyber-criminals have attacked the federal government entity responsible for Canada’s diplomatic and global relations.
Global Affairs Canada was hit on Wednesday – one day before the Canadian Centre for Cyber Security issued a cyber-threat bulletin urging critical infrastructure operators to strengthen their defenses against known Russian-based cyber-threat activity.
“The Canadian Centre for Cyber Security encourages the Canadian cybersecurity community – especially critical infrastructure network defenders – to bolster their awareness of and protection against Russian state-sponsored cyber threats,” stated the bulletin.
Confirmation of the attack came on Monday via the Treasury Board of Canada, which said that “mitigation actions were taken” in response to the incident.
The digital assault left some diplomats without access to certain online services, according to news source The Star.
Canada’s federal government has not said who it believes is responsible for the attack.
In a statement to ABC News, the Treasury Board said: “We are constantly reviewing measures to protect Canadians and our critical infrastructure from electronic threats, hacking, and cyber espionage. We encourage all government and non-government partners to use cyber security best practices.”
The attack came as the United States Department of Homeland Security warned that the US response to a possible Russian invasion of Ukraine could make the US a target of cyber-attacks by the Russian government and its proxies.
A DHS Intelligence and Analysis bulletin sent to law enforcement agencies around the country and viewed by ABC News said: “We assess that Russia would consider initiating a cyber-attack against the Homeland if it perceived a US or NATO response to a possible Russian invasion of Ukraine threatened its long-term national security.”
Commenting on the bulletin, Tim Erlin, VP of strategy as Tripwire said: “The cybersecurity industry has gotten used to tossing around the idea of ‘nation-state’ adversaries, but I think we’ve yet to see cyber-attacks used in concert with a full-fledged military campaign.
“DHS’s warning sets that expectation that something has changed in the threat profile and that organizations should be prepared for a change in the types of attacks they see.”
Erlin warned that simply issuing an alert “doesn’t magically remove the obstacles that are preventing organizations from implementing solid security controls.”
Microsoft Fixes Security Flaw in Windows Screenshot Tools
Information disclosure vulnerability aCropalypse could enable malicious actors to recover sections of screenshots Read More
Three Variants of IcedID Malware Discovered
The new variants hint that considerable effort is going into the future of IcedID and its codebase Read More
New MacStealer Targets Catalina, Newer MacOS Versions
The malware can extract information from documents, browser cookies and login information Read More
Can zero trust be saved?
Graham Cluley Security News is sponsored this week by the folks at Kolide. Thanks to the great team there for...
Part of Twitter source code leaked on GitHub
Part of Twitter’s source code has been leaked and posted on GitHub by an unknown user. GitHub took down the...
Hacks at Pwn2Own Vancouver 2023
An impressive array of hacks were demonstrated at the first day of the Pwn2Own conference in Vancouver: On the first...