Cyber Security During COVID-19
Date: October 6th, 2020
Classification: Unclassified
Branch/Agency: NCSB/PSC
Proposed Response:
- The Government of Canada recognizes that more than ever, secure and reliable connectivity is a necessity for our daily lives and our collective safety and security, underpinning the delivery of things such as health care, financial transactions, safe transportation, and emergency communications.
- Unfortunately, we have seen that malicious actors, such as cyber criminals and state actors, are attempting to take advantage of the new environment created by COVID-19 to exploit particular sectors such as health.
- The Government of Canada is continuously monitoring the situation and actively working to detect, deter, disrupt, and prosecute cyber criminals and other malicious actors.
- Since the onset of the COVID-19 crisis, the Government of Canada has continued to engage with Provinces, Territories, Municipalities, and industry in order to protect Canada’s critical infrastructure and the systems that underpin essential services.
- The Government of Canada continues to share advice and guidance for organizations to increase cyber security and prevent compromises, including while employees are working from home or gradually returning to the office.
- For example, the RCMP, through the Canadian Anti-Fraud Centre and the National Cybercrime Coordination Unit, collects information on cybercrime, including online frauds and scams related to COVID-19 and shares that information with law enforcement agencies, private industry, and Canadians.
- The Communications Security Establishment and the Canadian Security Intelligence Service also issued a joint statement in May on the heightened cyber security threats to Canadian businesses, research entities, and different levels of government during the pandemic.
- The Canadian Centre for Cyber Security works to protect and defend the country’s valuable cyber assets. They work side-by-side with the private and public sectors to solve Canada’s most complex cyber issues.
- There is a concerted effort by the Government to identify and take action on potentially malicious or fraudulent websites related to COVID-19.
- Additionally, the Government of Canada has supported the Canadian Internet Registration Authority in the development of the Canadian Shield initiative, a free and secure Domain Name Systems service that prevents individuals from connecting to malicious websites that might infect their device, or steal their personal information.
- Recently, Canada acted with its Five Eyes partners to help uncover and address malicious cyber activity through a joint advisory.
- Budget 2018 demonstrated our commitment to ensuring security and prosperity in the digital age with substantial investments in cyber security totaling more than $507 million over five years. In addition, Budget 2019 demonstrated further commitment to the Strategy, investing an additional $145 million over five years to strengthen the cyber security of Canadian critical infrastructure in the finance, telecommunications, energy and transport sector.
Cyber Security During COVID-19
Background:
Attacks on the computer systems that underpin critical infrastructure are a constant concern for businesses, individuals, and governments in Canada. The current COVID-19 pandemic makes these concerns even more important.
Threat Environment
The COVID-19 pandemic has underlined the importance of establishing and maintaining effective cyber security practices. Adversaries, both criminal and state, are continuing to use the current situation to exploit, access, and/or extract information to further their agendas and objectives. This tactic is not new as similar galvanizing events, such as elections and terror attacks, have been exploited by malicious actors hoping to capitalize on a target’s susceptibility.
Many countries have noted that malicious actors, including cyber criminals and state actors, are capitalizing on the increased reliance on technology for social interaction and work by exploiting technical vulnerabilities and launching additional phishing campaigns and scams.
Most recently, there have been media reports that a leaked dataset from the Chinese company Shenzhen Zhenhua Data Technology (aka Zhenhua Data) unveiled the company’s mass collection of personal information drawn from social media channels and criminal records, which is used to generate profiles on influential individuals abroad. Allegedly, over 16,000 entries within the Zhenhua database included Canadians. These include files on mayors, MPs, senior civil servants, and relatives of people in power. Media reports also signal links between Zhenhua Data and the Chinese military and intelligence agencies, including the Chinese Ministry of State Security (MSS).
Targets of Concern
Malicious actors may be more likely to target the health and government sectors due to their increased vulnerability during the pandemic. On March 20, 2020, the Canadian Centre for Cyber Security (the Cyber Centre) released a Cyber Alert entitled Cyber Threats to Canadian Health Organizations, emphasizing the elevated risk faced by the sector.
Commonly, ransomware is used to target these sectors as there is an increased likelihood that affected organizations will pay the ransom to avoid lengthy shut downs of their critical systems and resultant impact on citizens. Cases of corporate fraud or intrusion may also become more common as employees continue to work from home, accessing corporate data from personal computers, without antivirus software, and on insecure home networks.
Government of Canada Response
Government of Canada organizations are managing this risk. Federal government interventions to protect their computer systems take many forms, including helping to inform potential targets of attacks and helping computer security professionals adopt best practices to prevent and react to such attacks in order to minimize the impact on essential operations. The federal government also continues to work with provincial and territorial governments, associations, academia and industry to advance cyber security policy that can be adapted to these issues.
The Cyber Centre is working with the private sector to remove fraudulent sites. Thousands of domains containing the keyword COVID-19 have been registered, and it is likely that many of these domains will be used for malicious purposes such as the distribution of malware or to facilitate on-line spoofing of health organizations and Government of Canada domains.
Additionally, the Government supported the Canadian Internet Registration Authority in the development of their Canadian Shield initiative, which was launched in late April. Canadian Shield is a free protected Domain Name Systems (DNS) service that prevents individuals from connecting to malicious websites that might infect their device, or steal their personal information.
In order to protect Canada’s critical infrastructure, the Cyber Centre has continued to engage with provinces, territories, municipalities, and industry since the onset of the COVID-19 crisis. The Cyber Centre continues to share advice and guidance with organizations to increase cyber security and prevent successful compromises. Likewise, Public Safety’s Regional Resilience Assessment Program’s (RRAP) Cyber Assessments Team has various assessment tools to provide expert advice and guidance to critical infrastructure owners and operators on how to improve their cybersecurity and cyber resilience posture. This work has been performed in close collaboration with CSE, which uses the reports to better understand sectorial gaps and optimally target programs and resources.
To combat the increase in scams/phishing referencing COVID-19 benefits, the Cyber Centre is working with other federal departments, including the Royal Canadian Mounted Police (RCMP) and Canadian Radio-television and Telecommunications Commission (CRTC), to detect, deter and disrupt cyber incidents. The Canadian Anti-Fraud Centre is also tracking incidences of cybercrimes linked to fraudulent COVID‐19 themed activities. Ransomware incidents are an area of increasing concern, and one in which co-ordination between Five Eyes partners is essential. The RCMP is investigating those responsible and enforcement/disruption action has been taken.
The Canadian Anti-Fraud Centre (CAFC) is also tracking incidences of cybercrimes linked to fraudulent COVID‐19 themed activities. Since March 2020, the CAFC has received over 4000 reports of COVID-19 related cyber threats and frauds, which includes a reported $5.6M in total reported losses by victims. The reported cyber threats and scams take on various fraudulent activities, such as fake Canada Emergency Response Benefit (CERB) applications, spoofed government, healthcare or research information, or unsolicited calls, phishing emails and texts requesting urgent action or payment and/or offering fraudulent medical advice and fake cures. The RCMP National Cybercrime Coordination Unit (NC3) has also received reports of COVID-19 related online misinformation and phishing activities that are used to spread malware and access victim computers. The CAFC and NC3 continue to collaborate with Canadian and international law enforcement partners, federal departments and the private sector to mitigate and disrupt threats.
A significant increase has also been observed in the registration of fraudulent domain names (email addresses, website addresses) related to COVID-19. The NC3, through Europol’s European Cybercrime Centre, is participating in a law enforcement operation to identify and disrupt suspicious domains (e.g., websites, email addresses) linked to COVID-19 themed cyber threats and frauds. Since May 2020, the NC3 has received over 4,700 domains through this operation with a nexus to Canada. The NC3 analyzes these domains and coordinates activities to take down domains that are assessed as criminal in nature. This involves close collaboration with the Canadian Centre for Cyber Security, the Canadian Anti-Fraud Centre, the Canadian Radio-television and Telecommunications Commission, Health Canada (Enforcement Branch), Canada Border Services Agency, Competition Bureau Canada and the private sector (e.g., domain name registration companies).
Ransomware incidents are an area of increasing concern, and one in which co-ordination between Five Eyes partners is essential. The RCMP is investigating those responsible and enforcement/disruption action has been taken.
Additionally, the CRTC uses information submitted by Canadians to the Spam Reporting Centre to create a Consumer Advisory warning for Canadians to inform them about COVID-19 related scam calls, emails and text messages and how to report them.
Internationally, Canada has been a contributor to global efforts to mitigate the spread of malware by participating in a joint advisory that is the result of a collaborative research effort by the cybersecurity technical authorities of Australia, New Zealand, the United Kingdom, and the United States. The advisory highlights technical approaches to uncovering malicious activity and includes mitigation steps according to best practices.
Main Estimates
- $4.4M for the National Cyber Security Strategy (PS);
- $20.9M in funding for enhancements for Federal Cybercrime Enforcement (RCMP);
Supplementary Estimates B
The RCMP is anticipating to receive Treasury Board authority to increase its appropriations by $15.1M for the following new programs:
- $7.7M in vote 1 funding to implement and maintain the National Cybercrime Solution (NCS), which will provide the National Cybercrime Unit (NC3) with the required IM/IT functionality to receive, store, analyze and share cybercrime data through three main sub-systems;
- $6.8M in vote 5 funding to implement and maintain the National Cybercrime Solution (NCS), which will provide the National Cybercrime Unit (NC3) with the required IM/IT functionality to receive, store, analyze and share cybercrime data through three main sub-systems; and
- $0.6M for funding related to Employee Benefits Plan.
Contacts:
Responsible Manager: Gregory Bunghardt, A/Manager, National Cyber Security Directorate, 613-990-9608 / 613-558-8231(c)
Approved by: Dominic Rochon, Senior Assistant Deputy Minister, National and Cyber Security Branch, 613-990-4976
- Date modified: