Since Russia's unjustified and illegal invasion of Ukraine began over one year ago, and especially in recent weeks, we have seen a notable rise in cyber threat activity by Russian-aligned actors targeting Ukraine's partners.
Canada is no exception. These activities are a direct response to our steadfast support to the people and Government of Ukraine - and they will not deter Canada's support for Ukraine.
This malicious cyber activity is frequently directed at critical infrastructure networks, and technology used to run vital sectors. Threat actors have also used strategically-timed Distributed Denial of Service attacks (DDoS) against government and business web sites.
To help organizations mitigate the impact of DDoS attacks, the Communications Security Establishment (CSE) and its Canadian Centre for Cyber Security (Cyber Centre) released a Cyber Flash to partners within the Government of Canada and critical Canadian sectors on April 12. This Cyber Flash was released to share known facts about this ongoing campaign. We continue to monitor, reassess and respond to this campaign, and may release further products at a later time if warranted.
CSE works every day to defend government systems from threats. On any given day, CSE's defensive systems can block anywhere from 3 to 5 billion malicious actions targeting government networks. These defensive actions are a result of CSE's dynamic cyber defence capabilities which remain ready to defend government systems and protect against future attacks.
In addition, Canadian organizations and critical infrastructure operators - who operate the systems on which we depend every day - must be prepared to protect against known cyber threats.
Previously the Cyber Centre has warned Canadian organizations to be prepared for cyber threat actors to try to disrupt, deface, and exploit Canadian network assets. If you run the critical systems that power our communities, offer internet access to Canadians, provide health care, or generally operate any of the services Canadians can't do without, you must protect your systems. Monitor your networks. Apply mitigations.
I urge Canadian critical infrastructure organizations to review the Cyber Centre's Cyber Threat Bulletin: Cyber Threats to Operational Technology and follow this advice:
- Isolate CI components and services from the internet when under imminent threat, such as a ransomware incident or denial of service attack
- Use secure administrative workstations to separate sensitive tasks and manage administrative privileges and accounts
- Implement network security zones to control and restrict both access and data communication flows to certain components and users
- Test manual controls to ensure critical functions can operate if your network is unavailable
- Identify, separate, and monitor your information technology (IT) and operational technology (OT) networks
- Test OT, including industrial control systems (ICS), as part of your incident response plan to ensure critical functions can operate during an outage or cyber incident
- Protect your organization against denial-of-service attacks
The Cyber Centre shares valuable cyber threat information with Canadian critical infrastructure and government partners through protected channels. This vital information includes indicators of compromise (IoCs), threat mitigation advice, and confidential alerts about new forms of malware, and other tactics, techniques, and procedures used to target victims. It's the kind of information you can use to protect your organization.
In addition to the advice above for critical sectors, the Cyber Centre urges Canadian organizations to take note of the following cyber security guidance:
- Joint cyber security advisory on Russian state-sponsored and criminal cyber threats to critical infrastructure
- The Cyber Centre's Top 10 IT security actions to protect internet connected networks and information including to Consolidate, monitor, and defend Internet gateways; Isolate web-facing applications; segment and separate information; protect information at the enterprise level; and implement application allow lists
- The Cyber Centre's Top 10 IT security actions
- Joint Cyber Security Advisory Technical approaches to uncovering and remediating malicious activity
- Review perimeter network systems to determine if any suspicious activity has occurred
- Review and implement preventative actions outlined within the Cyber Centre's guidance on protecting your organization against denial of service attacks
- Report any cyber incidents to the Cyber Centre
You are the first line of defence in keeping your organizations, and Canadians, safe from cyber threats.
Together we will help keep Canada safe