CSE urges the Canadian cyber security community to be vigilant on two-year mark of Russia’s full-scale invasion of Ukraine

The Communications Security Establishment (CSE) is urging Canadian organizations to be vigilant and to bolster their protection against malicious cyber threats around the two-year mark of Russia’s full-scale invasion of Ukraine.

CSE’s Canadian Centre for Cyber Security Cyber securityThe protection of digital information, as well as the integrity of the infrastructure housing and transmitting digital information. More specifically, cyber security includes the body of technologies, processes, practices and response and mitigation measures designed to protect networks, computers, programs and data from attack, damage or unauthorized access so as to ensure confidentiality, integrity and availability. (Cyber Centre) is specifically warning Canadian organizations and critical infrastructure Critical infrastructureProcesses, systems, facilities, technologies, networks, assets, and services essential to the health, safety, security, or economic well-being of Canadians and the effective functioning of government. Critical infrastructure can be stand-alone or interconnected and interdependent within and across provinces, territories, and national borders. Disruptions of critical infrastructure could result in catastrophic loss of life, adverse economic effects, and significant harm to public confidence. operators to be prepared for the possible disruption and defacement of websites by cyber threat Cyber threatA threat actor, using the internet, who takes advantage of a known vulnerability in a product for the purposes of exploiting a network and the information the network carries. actors aligned with Russian interests. Additionally, the Cyber Centre is urging critical infrastructure operators to be aware that Internet-connected operational technology (OT) devices are discoverable and a potential target of Russia-aligned cyber activity. Activity could include the use of low-sophistication brute force access techniques (for example, T1110 of Mitre Att&ck) to abuse valid or default accounts on exposed OT devices.

In the past two years, the Cyber Centre has observed cyber activity from a range of actors related to Russia’s invasion of Ukraine, including activity in Canada. This has included malicious cyber activity directed at critical infrastructure networks as well as strategically timed distributed denial-of-service attacks (DDoS DDOSSee Distributed denial-of-service attack. ) against government and business websites. We have also observed and reported on the proliferation of a new category of ideologically motivated, pro-Russia non-state cyber groups that conduct malicious activity against Russia’s perceived enemies. These state-aligned actors are usually less sophisticated than state-sponsored groups and operate without oversight, leading to unpredictable actions and a higher tolerance for risk.

Recommended actions

The Cyber Centre continues to share valuable cyber threat information throughout the year with Canadian critical infrastructure and government partners via protected channels. We also actively monitor the cyber threat environment in Canada and globally. We encourage any Canadian organizations who believe they may have been targeted by cyber threat activity to contact the Cyber Centre at contact@cyber.gc.ca or 1-833-CYBER-88.

Date modified: