The Communications Security Establishment (CSE) is urging Canadian organizations to be vigilant and to bolster their protection against malicious cyber threats around the two-year mark of Russia’s full-scale invasion of Ukraine.
CSE’s Canadian Centre for Cyber Security (Cyber Centre) is specifically warning Canadian organizations and critical infrastructure operators to be prepared for the possible disruption and defacement of websites by cyber threat actors aligned with Russian interests. Additionally, the Cyber Centre is urging critical infrastructure operators to be aware that Internet-connected operational technology (OT) devices are discoverable and a potential target of Russia-aligned cyber activity. Activity could include the use of low-sophistication brute force access techniques (for example, T1110 of Mitre Att&ck) to abuse valid or default accounts on exposed OT devices.
In the past two years, the Cyber Centre has observed cyber activity from a range of actors related to Russia’s invasion of Ukraine, including activity in Canada. This has included malicious cyber activity directed at critical infrastructure networks as well as strategically timed distributed denial-of-service attacks (DDoS) against government and business websites. We have also observed and reported on the proliferation of a new category of ideologically motivated, pro-Russia non-state cyber groups that conduct malicious activity against Russia’s perceived enemies. These state-aligned actors are usually less sophisticated than state-sponsored groups and operate without oversight, leading to unpredictable actions and a higher tolerance for risk.
Recommended actions
- Consult the Cyber Centre’s top 10 IT security actions to protect Internet-connected networks and information paying specific attention to the following topics:
- consolidate, monitor and defend Internet gateways
- isolate web-facing applications
- Consult the Cyber Centre’s security considerations for industrial control systems paying specific attention to the following topics:
- isolate the system
- manage access and privileges
- Review and implement the Cyber Centre’s guidance on:
- Take note of the Cyber Centre’s alert on distributed denial-of-service campaigns targeting multiple Canadian sectors
- Review perimeter network systems to determine if any suspicious activity has occurred
- Read the Cybersecurity and Infrastructure Security Agency’s guidance on mitigating distributed denial-of-service attacks
- Report any cyber incidents to the Cyber Centre
The Cyber Centre continues to share valuable cyber threat information throughout the year with Canadian critical infrastructure and government partners via protected channels. We also actively monitor the cyber threat environment in Canada and globally. We encourage any Canadian organizations who believe they may have been targeted by cyber threat activity to contact the Cyber Centre at contact@cyber.gc.ca or 1-833-CYBER-88.