CSE calls on Canadian organizations and critical infrastructure providers to strengthen defences on third anniversary of Russia’s invasion of Ukraine

The Communications Security Establishment Canada (CSE) and its Canadian Centre for Cyber Security Cyber securityThe protection of digital information, as well as the integrity of the infrastructure housing and transmitting digital information. More specifically, cyber security includes the body of technologies, processes, practices and response and mitigation measures designed to protect networks, computers, programs and data from attack, damage or unauthorized access so as to ensure confidentiality, integrity and availability. (Cyber Centre) are urging Canadian organizations to remain vigilant and strengthen their protection against malicious cyber threats as the three-year mark of Russia’s full-scale invasion of Ukraine approaches.

In the past three years, the Cyber Centre has observed pro-Russia cyber actors targeting organizations in countries, including Canada, that have provided support to Ukraine. This activity has included cyber campaigns targeting critical infrastructure Critical infrastructureProcesses, systems, facilities, technologies, networks, assets, and services essential to the health, safety, security, or economic well-being of Canadians and the effective functioning of government. Critical infrastructure can be stand-alone or interconnected and interdependent within and across provinces, territories, and national borders. Disruptions of critical infrastructure could result in catastrophic loss of life, adverse economic effects, and significant harm to public confidence. and distributed denial-of-service (DDoS DDOSSee Distributed denial-of-service attack. ) attacks on government and business websites.

The Cyber Centre recommends that operators of Internet-connected operational technology (OT) devices be aware of potential threats and remain cautious, as these systems are easily discoverable and vulnerable to cyber threats. Russian state cyber actors may use low-complexity brute force techniques, such as Mitre Att&ck’s T1110, to exploit exposed OT devices. Operators should implement appropriate measures to defend against these types of threat.

Critical infrastructure operators and Canadian organizations should also prepare for potential disruptions and website defacements, as well as be aware of threats from cyber actors aligned with Russian interests. The Cyber Centre has previously reported the rise of ideologically driven, pro-Russia non-state cyber groups conducting malicious activity against perceived enemies. These groups are less sophisticated than state-sponsored actors but act autonomously, leading to unpredictability and a higher tolerance for risk.

Recommended actions

• Adopt the Cyber Centre’s Cross-Sector Cyber Security Readiness Goals
• Review and implement the Cyber Centre’s guidance on:
  • website defacement
  • distributed denial-of-service attacks
• Consult the Cyber Centre’s top 10 security actions to protect Internet-connected networks and information paying specific attention to the following topics:
  • Consolidate, monitor and defend Internet gateways
  • Segment and separate information
  • Isolate web-facing applications
• Read the joint guidance on:
  • principles of operational technology cyber security
  • defending operational technology operations against ongoing pro-Russia hacktivist activity
• Consult the Cyber Centre’s security considerations for industrial control systems, paying specific attention to the following topics:
  • Isolate the system
  • Manage access and privileges
• Take note of the Cyber Centre’s alert on distributed denial-of-service campaigns targeting multiple Canadian sectors
• Review perimeter network systems to determine if any suspicious activity have occurred
• Report any cyber incidents to the Cyber Centre

The Cyber Centre continues to share valuable cyber threat Cyber threatA threat actor, using the internet, who takes advantage of a known vulnerability in a product for the purposes of exploiting a network and the information the network carries. information throughout the year with Canadian critical infrastructure and government partners via protected channels. We also actively monitor the cyber threat environment in Canada and globally. We encourage any Canadian organizations who believe they may have been targeted by cyber threat activity to contact the Cyber Centre by email at contact@cyber.gc.ca or by phone 1-833-CYBER-88.