Skip to content

Cybersecurity centre warns of evolving ransomware tactics, state-sponsored threats

The federal cybersecurity centre says criminals who hold data for ransom are expected to use new techniques — such as threatening a target’s partners or clients — to increase their chances of receiving payment.
30850452_web1_20221028111040-635bf8a4465d505ade23193fjpeg

The federal cybersecurity centre says criminals who hold data for ransom are expected to use new techniques — such as threatening a target’s partners or clients — to increase their chances of receiving payment.

In its threat forecast for 2023-24, the Canadian Centre for Cyber Security says cybercrime continues to be the online activity most likely to affect Canadians and their organizations.

The report released Friday says ransomware attacks, in which digital files are held hostage or encrypted until a fee is paid, are almost certainly the most disruptive form of cybercrime facing Canadians.

The centre says by threatening the business partners or clients of a victim, cybercriminals very likely anticipate that these organizations will increase pressure on the victim to pay the ransom.

The centre notes one cybercriminal group, which has targeted victims in Canada, is known to conduct denial-of-service attacks during payment negotiations, increasing the pressure.

The report also says the state-sponsored programs of China, Russia, Iran, and North Korea pose the greatest strategic cyberthreats to Canada.

“State actors can target diaspora populations and activists in Canada, Canadian organizations and their intellectual property for espionage, and even Canadian individuals and organizations for financial gain.”

Critical infrastructure facilities, such as power grids and water-treatment plants, are increasingly at risk from cyberthreat activity, the centre says.

“Cybercriminals exploit critical infrastructure because down time can be harmful to their industrial processes and the customers they serve,” the report says.

“State-sponsored actors target critical infrastructure to collect information through espionage, to preposition in case of future hostilities, and as a form of power projection and intimidation.”

However, the cyber centre believes those carrying out state-sponsored cyberthreats will likely refrain from intentionally disrupting or destroying Canadian critical infrastructure in the absence of direct conflict.

The centre, part of the Communications Security Establishment, Canada’s cyberspy agency, has seen cyberthreat actors’ use of misinformation, disinformation, and malinformation, which is based on reality but presented in a misleading way, evolve over the last two years.

“Machine-learning enabled technologies are making fake content easier to manufacture and harder to detect.”