Canada’s cybersecurity agency warns of online threats that exploit COVID-19 fears

OTTAWA — A federal agency that monitors brewing online threats warns of fraudsters dangling COVID-19-related content to fool victims into clicking on malicious links and attachments.

Online tricksters know people are anxious about the future and are less likely to act prudently when they see emails, text messages or advertisements related to the pandemic, the Canadian Centre for Cyber Security said in a report Wednesday.

The report, the centre’s latest look at the cyberthreat landscape, says while criminal activity is the most likely danger, the state-sponsored programs of China, Russia, Iran, and North Korea pose the greatest strategic threats to Canada.

COVID-19 lures often attempt to imitate the branding and style of legitimate institutions, such as international organizations and public health agencies, the centre said.

It noted that cyberthreat actors can produce convincing copies of government websites and official correspondence. 

One text-message phishing campaign claimed to provide access to a Canada Emergency Response Benefit payment, but only after the target handed over personal financial details. 

Another campaign impersonated the Public Health Agency of Canada’s chief public health officer to deliver malware through a fake COVID-19 update that appeared official and legitimate, the report says.

“We’re all hyper-connected now,” centre head Scott Jones told a news conference. “It’s important to take a breath, to say, hey, do I know this person?”

The COVID-19 pandemic has illustrated the extent to which the Canadian economy relies on digital infrastructure, the report says.

“With a sudden increase in the number of Canadians working from home, the protection and security of cyber and telecommunications infrastructure, hardware and software, and the supply chains that support them, is critical to national security and economic prosperity.”

Shifts in March 2020 due to the pandemic quickly changed the online environment, as more Canadians began to work, shop and socialize remotely, the report notes.

“We foresee this trend continuing, bringing more facets of Canadian economic, social and political life online and exposing them to cyberthreats, which have also been evolving to take advantage of the growing importance of the internet and related technologies.”

Canada, Britain and the United States denounced Russian hackers in July for trying to steal research on COVID-19 vaccines from organizations in all three countries and around the world.

State-backed players are expected to continue trying to pilfer intellectual property related to managing COVID-19 to support their domestic public health responses or to profit from its illegal reproduction by their own firms, the new report warned.

While online foreign-influence activities tend to increase around elections, these ongoing campaigns have broadened since 2018, expanding to react to current events, shifting their content strategies around trending news stories and popular political issues, the centre said.

“For instance, we have observed recent campaigns focus their content around COVID-19 and government responses to the pandemic,” the report noted.

“Disinformation campaigns have also sought to discredit and criticize Canadian politicians to damage their reputations.”

State-sponsored actors are also very likely attempting to develop capabilities to meddle with Canadian critical infrastructure, such as the electricity supply, to further their goals, the report said.

“We judge that it is very unlikely, however, that cyberthreat actors will intentionally seek to disrupt Canadian critical infrastructure and cause major damage or loss of life in the absence of international hostilities.”

Nevertheless, they might target Canadian organizations to collect information, position themselves for future activities or simply intimidate.

In addition, ransomware attacks directed against Canada, in which swindlers hold data or computer systems hostage in exchange for payment, will almost certainly continue to target large enterprises and critical infrastructure providers, the report said.

During the COVID-19 pandemic, many health-sector organizations have experienced ransomware attacks, including hospitals and health-care centres in the Czech Republic, the U.S., Spain, and Germany, it noted.

“Health-sector organizations are popular ransomware targets because they have significant financial resources and network downtime can have life-threatening consequences for patients, increasing the likelihood that victims will pay the ransom.”

This report by The Canadian Press was first published Nov. 18, 2020.

Jim Bronskill, The Canadian Press