天辰注册

Cyber defence agency found over 1,500 ‘malicious’ fake Canadian government COVID-19 websites

作者:admin 2020-06-02

Canada’s cyber defence agency has identified over 1,500 websites falsely parading as Government of Canada COVID-19 pages that are in fact designed to scam Canadians.

In a new report on COVID-19-related cyber threat activity, the Canadian Centre for Cyber Security (CCCS) says healthcare and medical research facilities, Canadians employed in “areas of strategic interest” working from home, and financial institutions are under increasing threat from cyber threat actors.

“Cyber threat actors of varying motivations and sophistication have taken advantage of the COVID-19 pandemic in recent months as a thematic lure or subterfuge for their malicious activities, such as cyberespionage and cybercrime,” the CCCS writes in a report based on both classified and unclassified sources.

Of particular interest to cybercriminals, and particularly state-sponsored ones, is Canada’s healthcare and medical research sector.

In some cases, the cyber threat actors use software such as ransomware to extort money out of healthcare organizations such as medical clinics and hospitals.

If employees and organizations aren’t attentive to potential cyber security issues, the impacts could be major, CCCS warns.

“Ransomware attacks against healthcare providers, research facilities, and medical manufacturers will have negative consequences on patient care and hinder the development and production of Canadian medical research and domestic supply chains,” reads the report.

In other cases, foreign intelligence services are targeting research facilities in the hopes of stealing intellectual property related to the COVID-19 virus and potential treatments.

“State intelligence collection requirements have shifted in response to COVID-19. We judge it is almost certain that cyber espionage directed at Canada will continue to attempt to steal Canadian intellectual property relating to COVID-19 medical research, as well as classified information regarding Government of Canada responses,” the centre warns.

Increased state-sponsored or state-tolerated cybercrime will very likely continue to pose a significant risk

Canadians are also increasingly at risk of being scammed, defrauded, spied upon or exploited as a technological vulnerability by cyber criminals.

According to spokesman Ryan Foreman, the cyber defence agency says its launched procedures to have over 1,500 “malicious imitations” of federal government websites related to COVID-19 taken down. Most of these websites were related to the Canada Revenue Agency or the Canada Emergency Response Benefit.

And that only seems to be the tip of the iceberg.

“CCCS was aware of over 120,000 newly registered COVID-19 themed domains, a large proportion of which was considered malicious or related to fraudulent activity. One notable SMS phishing campaign claimed to notify the victims of awaiting a Canadian Emergency Response Benefit (CERB) deposit with a link where they could access their benefits, but only once they divulged personal financial details,” the report details.

Thankfully, Foreman added that CCCS has seen a “notable drop” in the number of attempts to impersonate the federal government online over the last couple weeks.

But employees currently working from home have now become an increasingly appealing target to cyber criminals of all stripes.

“Cyber threat actors are increasingly attempting to identify and exploit the devices of individuals working at home, particularly targeting those who are employed in areas of strategic interest,” the CCCS notes.

A screenshot from the legitimate Government of Canada website. Most of the scam websites were related to the Canada Revenue Agency or the Canada Emergency Response Benefit. canada.ca

Among the main vulnerabilities cyber criminals are trying to exploit, the centre notes popular VPN services (such as Pulse Secure), cloud-based applications (such as Citrix), “poorly secured” Microsoft Remote Desktop Protocol (a tool used to support remote working) and video-conferencing tools like Zoom.

Canadian banks are also an increasingly attractive target for foreign state-sponsored cybercriminals as the COVID-19 pandemic tears through the global economy, warns the report.

“We judge that increased state-sponsored or state-tolerated cybercrime will very likely continue to pose a significant risk to Canadian financial institutions,” writes CCCS.

The reason: countries whose economies were already in poor shape before the pandemic, particularly because of international sanctions, will “very likely” turn to state-sponsored cybercrime in order to steal funds.

The report also highlights that it is “very likely” that “authoritarian” governments use the pandemic as a cover to deploy spying technology against expatriates living in Canada or Canadians living abroad. The report does not identify any such country by name.

We do not assess Canada or Canadians to be a high-priority target of COVID-19-related influence campaigns

“In the past, telecommunications surveillance products—such as those of surveillance technology company NSO Group—have been marketed to authoritarian governments, who have used them to covertly target Canadians in Canada,” reads the April 27 document.

One silver lining highlighted by CCCS is that Canadians have not been overtly targeted by foreign or local disinformation campaigns involving COVID-19.

“We do not assess Canada or Canadians to be a high-priority target of COVID-19-related influence campaigns,” the report’s authors write.

The cyber defence agency also warns that as COVID-19 social distancing efforts begin paying off and infection rates start dropping, cybercriminals will start turning their attention to new coronavirus-related scams.

“As social distancing efforts begin to “plank the curve” and the wider public grows increasingly anxious for a return to normalcy, we expect that cybercriminals will likely begin crafting phishing lures which play on an increased appetite for information around COVID-19 vaccine development and production,” the report says.

• Email: cnardi@postmedia.com | Twitter: ChrisGNardi

目前有 0 条留言

发表留言

◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。