Unknown cybercriminals targeted Canada’s foreign ministry Global Affairs Canada (GAC), in a cyberattack. The incidents affected certain critical services and disrupted some online services temporarily.
“Critical services for Canadians through @GAC_Corporate are currently functioning. Some access to the Internet and internet-based services are not available as part of the mitigation measures, and work is underway to restore them. There is no indication that other departments have been impacted by this incident. There are systems and tools in place to monitor, detect, and investigate potential threats, and to take active measures to address and neutralize them when they occur,” said a statement from Canada’s Treasury Board
Investigation is Ongoing
While the officials did not mention the attackers behind the security incident, the security officials stated that a probe had been initiated to find the details.
“This investigation is ongoing. We are unable to comment further on any specific details for operational reasons. Our cyber defense and incident response teams work 24/7 to identify compromises and potential alert victims within the GC and Canadian critical infrastructure. The incident response team offers advice and support to contain the threat and mitigate any potential harm,” the statement added.
Canada’s Cybersecurity Guidance
The cyberattack news comes immediately after the Canadian Centre for Cybersecurity warned critical infrastructure operators to raise awareness and take mitigations against known Russian state-sponsored hackers.
The Cyber Centre urged Canadian critical infrastructure network defenders to:
- Be prepared to isolate critical infrastructure components and services from the internet and corporate/internal networks if those components would be considered attractive to a hostile threat actor to disrupt. When using industrial control systems or operational technology, perform manual controls to ensure that critical functions remain operable if the organization’s network is unavailable or untrusted.
- Increase organizational vigilance. Monitor your networks, focusing on the TTPs reported in the CISA advisory. Ensure that cybersecurity/IT personnel are focused on identifying and quickly assessing any unexpected or unusual network behavior. Enable logging to better investigate issues or events.
- Enhance your security posture: Patch your systems with a focus on the vulnerabilities in the CISA advisory to enable logging and backup. Deploy network and endpoint monitoring (such as anti-virus software), and implement multifactor authentication where appropriate.
- Have a cyber incident response plan, a continuity of operations, and a communications plan, and be prepared to use them.
- Inform the Cyber Centre of suspicious or malicious cyber activity.