The Canadian Centre for Cyber Security, part of the Communications Security Establishment, is reminding the Canadian cybersecurity community—especially critical infrastructure network defenders—to bolster their awareness of and protection against Russian state-sponsored cyber threats. Last month the Cyber Centre joined our partners in the US and the UK in recommending proactive network monitoring and mitigations.
As geopolitical tensions continue to rise, Canada’s Cyber Centre is following the cyber threat environment in Canada and globally, including cyber threat activity directed at critical infrastructure network operators, their operational and information technology (OT/IT). In addition to the advice below, we strongly encourage enhanced vigilance to detect and manage the impact of increasingly sophisticated spearphishing campaigns. The Cyber Centre continues to share real-time threat information with Canadian organizations, both through public alerts, and through protected channels to ensure organizations can take action to help defend themselves.
The Cyber Centre urges Canadians organizations to take note of the following information:
- Be prepared to isolate critical infrastructure components and services from the internet and corporate/internal networks if those components would be considered attractive to a hostile threat actor to disrupt. When using industrial control systems or operational technology, conduct a test of manual controls to ensure that critical functions remain operable if the organization’s network is unavailable or untrusted.
- Increase organizational vigilance. Monitor your networks with a focus on the TTPs reported in the CISA advisory (link available in English only). Ensure that cybersecurity/IT personnel are focused on identifying and quickly assessing any unexpected or unusual network behavior. Enable logging in order to better investigate issues or events.
- Enhance your security posture: Patch your systems with a focus on the vulnerabilities in the CISA advisory (link available in English only) enable logging and backup. Deploy network and endpoint monitoring (such as anti-virus software), and implement multifactor authentication where appropriate. Create and test offline backups.
- Have a cyber incident response plan, a continuity of operations and a communications plan and be prepared to use them.
- Inform the Cyber Centre of suspicious or malicious cyber activity.
Please refer to the following on-line resources for more information and for useful advice and guidance:
Threat detection and mitigation:
- Destructive malware targeting Ukrainian organizations. Microsoft Threat Intelligence Center (MSTIC). January 15, 2022
- Joint Cybersecurity Advisory: Technical Approaches to Uncovering and Remediating Malicious Activity
- Secure your accounts and devices with multi-factor authentication (ITSAP.30.030)
- Security considerations for your website (ITSM.60.005)
- Security considerations for industrial control systems (ITSAP.00.050)
- Top 10 IT security actions to protect Internet connected networks and information (ITSM.10.089)
- Security Vulnerabilities and Patches Explained - IT Security Bulletin for the Government of Canada (ITSB-96)
- Don't Take the Bait: Recognize and Avoid Phishing Attacks
- National Cyber Threat Assessment 2020
- Cyber Threat Bulletin: The Cyber Threat to Operational Technology
- Cyber Threat Bulletin: The Cyber Threat to Canada's Electricity Sector