Past successes prompt hackers to target southwestern Ontario communities, experts say


It’s like there’s “blood in the water”, says a London-based technology analyst.

Content of the article

It’s like there’s “blood in the water”, says a London-based technology analyst.

Advertisement 2

Content of the article

Like sharks sniffing out a meal, hackers around the world are targeting vulnerable computer systems in southwestern Ontario, Carmi Levy said Wednesday, a week after the region’s latest cyberattack in St. Marys, a town about 20 kilometers southwest of Stratford.

“Cybercriminals around the world … are focusing their efforts on geographies where previous attacks have succeeded,” Levy said. “When a weakness is discovered by a cybercriminal, they all tend to flock to that same space.”

A reported ransomware attack in St. Marys recently crippled computers in the city and forced a network shutdown to protect sensitive data.

Whether that stop was successful is still under investigation. The city has hired cybersecurity experts from Deloitte Canada to conduct a forensic audit and officials said this week they would await the results before releasing more information.

In the meantime, however, St. Marys has become one of many victims of what appears to be a developing hotspot for cybercriminals.

An attack on Stratford’s computer systems in 2019 led to the city paying a ransom of more than $75,000 in Bitcoin, a digital currency.

That same year, an attack in Woodstock ended up costing taxpayers more than $667,000, even though the city never paid a ransom. Instead, most of the cost came from hiring outside experts and paying staff overtime to help the city rebuild its computer networks.

Although not believed to be a ransomware attack, the personal information of more than 300 people, some of them highly sensitive, was compromised in a “cybersecurity incident” earlier this year that crippled the Elgin County website and email system for nearly a year. month.

Advertisement 3

Content of the article

Outside the Southwest, Midland city officials paid a ransom to recover data after hackers held their computer systems hostage for 48 hours in 2018. This attack came five months after an incident similar to Wasaga Beach, about 38 kilometers away.

These cyberattacks are unlikely to be coincidences, said Ann Cavoukian, one of Canada’s top privacy experts.

“The inference is that these small towns … aren’t putting the strength they need to put into securing the data they have,” said Cavoukian, former privacy commissioner of Ontario and now executive director. from the Global Privacy and Security By Design Centre. “It poses a big threat and it worries me that municipalities are not taking the necessary steps to secure their data.

“They don’t seem to understand the huge threat this poses if (computer systems aren’t) strongly secured, strongly encrypted.”

Cybersecurity issues are on the radar of the Association of Municipalities of Ontario, the not-for-profit organization that represents the province’s 444 municipal and regional governments.

Judy Dezell, director of AMO’s Enterprise Center, said in an email that the organization provides guidance on how municipalities should invest in IT infrastructure, including strong password policies. , data encryption, installing software updates and creating offsite data backups. This is important because “with fewer companies offering cyber insurance to municipalities, taxpayers will bear the costs of cyber attacks,” Dezell said.

Advertisement 4

Content of the article

Similar work is being done by the Canadian Center for Cyber ​​Security, a children’s agency of the Communications Security Establishment in Ottawa.

“City governments control a range of assets of interest to cyber threat actors, including financial and payment information systems, citizen, partner and vendor data, and voter services” , said spokesman Evan Koronewski. “Generally, the more assets an organization has connected to the Internet, the greater the cyber threat it faces. And more generally, the cybersecurity resources of a regional municipality are often more limited than a large organization.

The Canadian government does not recommend paying ransoms, Koronewski added, because there is no guarantee that a cybercriminal will comply and “any ransom payment feeds the ransomware model.”

Despite these efforts, Levy and Cavoukian said the frequency of reported cyberattacks in small Ontario municipalities is evidence that more needs to be done to protect personal information and taxpayer dollars in those communities.

“Because this is the universal problem affecting all municipalities, it is incumbent on them to come together and work provincially or even nationally…rather than trying to solve this problem on their own,” Levy said. “Cybersecurity is not something you want to fly solo on. You really need a comprehensive organization, a regional response.

“If it’s not a priority at this level, it has to be.”

[email protected]

Advertisement 1


Postmedia is committed to maintaining a lively yet civil discussion forum and encourages all readers to share their views on our articles. Comments can take up to an hour to be moderated before appearing on the site. We ask that you keep your comments relevant and respectful. We have enabled email notifications. You will now receive an email if you receive a reply to your comment, if there is an update to a comment thread you follow, or if a user follows you comments. Visit our Community Rules for more information and details on how to adjust your E-mail settings.


Comments are closed.