Cyber threat bulletin: Cyber Centre reminds Canadian critical infrastructure operators to raise awareness and take mitigations against known Russian-backed cyber threat activity

The Canadian Centre for Cyber Security, part of the Communications Security Establishment, is reminding the Canadian cybersecurity community—especially critical infrastructure network defenders—to bolster their awareness of and protection against Russian state-sponsored cyber threats. Last month the Cyber Centre joined our partners in the US and the UK in recommending proactive network monitoring and mitigations.

As geopolitical tensions continue to rise, Canada’s Cyber Centre is following the cyber threat environment in Canada and globally, including cyber threat activity directed at critical infrastructure network operators, their operational and information technology (OT/IT). In addition to the advice below, we strongly encourage enhanced vigilance to detect and manage the impact of increasingly sophisticated spearphishing campaigns. The Cyber Centre continues to share real-time threat information with Canadian organizations, both through public alerts, and through protected channels to ensure organizations can take action to help defend themselves.

The Cyber Centre urges Canadians organizations to take note of the following information:

  • Be prepared to isolate critical infrastructure components and services from the internet and corporate/internal networks if those components would be considered attractive to a hostile threat actor to disrupt. When using industrial control systems or operational technology, conduct a test of manual controls to ensure that critical functions remain operable if the organization’s network is unavailable or untrusted.
  • Increase organizational vigilance. Monitor your networks with a focus on the TTPs reported in the CISA advisory (link available in English only). Ensure that cybersecurity/IT personnel are focused on identifying and quickly assessing any unexpected or unusual network behavior. Enable logging in order to better investigate issues or events.
  • Enhance your security posture: Patch your systems with a focus on the vulnerabilities in the CISA advisory (link available in English only) enable logging and backup. Deploy network and endpoint monitoring (such as anti-virus software), and implement multifactor authentication where appropriate. Create and test offline backups.
  • Have a cyber incident response plan, a continuity of operations and a communications plan and be prepared to use them.
  • Inform the Cyber Centre of suspicious or malicious cyber activity.

Please refer to the following on-line resources for more information and for useful advice and guidance:

Threat detection and mitigation:

Threat assessment:

Planning:


You can find more helpful advice and guidance within the information and guidance section of our website or by subscribing to our social media feeds.

Please contact us for additional advice and guidance or to report an incident.

Email: contact@cyber.gc.ca
Toll Free: 1-833-CYBER-88 (1-833-292-3788)

Report a problem on this page
Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, please contact us.

Date modified: