Académique Documents
Professionnel Documents
Culture Documents
CYBER THREAT
ASSESSMENT
Communications
Security Establishment
Centre de la sécurité
des télécommunications
2018
© Government of Canada
This document is the property of the Government of Canada. It shall not be
altered, distributed beyond its intended audience, p roduced, reproduced or
published, in whole or in any substantial part thereof, without the express
permission of CSE.
CANADIAN CENTRE FOR CYBER SECURITY – NATIONAL CYBER THREAT ASSESSMENT 2018
1
CANADIAN CENTRE FOR CYBER SECURITY – NATIONAL CYBER THREAT ASSESSMENT 2018
FOREWORD
T
he Canadian Centre for Cyber Security (Cyber Centre) is the Government of Canada’s authority on cyber security.
As part of the Communications Security Establishment (CSE), the Cyber Centre brings over 70 years of experience
protecting Canada’s most sensitive information and networks. In line with the June 2018 National Cyber Security
Strategy, the Cyber Centre was created to be a source of trusted, expert cyber security advice and guidance for government,
industry partners such as critical infrastructure owners and operators, and for the Canadian public.
This National Cyber Threat Assessment describes our view of the current cyber threat environment facing Canada and
Canadians. The intent of this assessment is to ensure that as cyber threat actors pursue new ways to use the Internet
and connected devices for malicious purposes, Canadians are well informed of the cyber threats facing our country. You
will note that we do not name those affected by cyber compromises. This is deliberate. In this assessment we focus on
analyzing cyber threat actors and their activities.
Canada is one of the most connected countries in the world. A safe and secure cyber space is important for Canada’s
security, stability, and prosperity. The interconnected nature of the threats highlighted in this assessment demonstrates
that effective cyber security requires collaboration. The Cyber Centre works closely with government, industry partners,
and the public to share our unique knowledge and experience to improve the cyber security of Canada and all Canadians.
We must all work together to make Canada safer online.
It is certain that Canadians will be affected by malicious online activity in the coming year, but by knowing the threats, we
hope that action can be taken to prevent, detect, and respond.
Although cyber threats to Canada and Canadians are serious, I am confident that by working together we can make our
country more resilient against cyber threats.
Scott Jones
Head, Canadian Centre for Cyber Security
www.cyber.gc.ca
2
CANADIAN CENTRE FOR CYBER SECURITY – NATIONAL CYBER THREAT ASSESSMENT 2018
EXECUTIVE SUMMARY
I
n our highly connected digital society, Canadians and Canadian organizations rely on the Internet for both personal and
professional activities. It is in this context that we assess cyber threats to Canadian individuals, businesses, and critical
infrastructure, including government.
Cyber threat activity against Canadians often has financial or privacy implications. Yet cyber threat activity against Canadian
businesses and critical infrastructure can have more far-reaching consequences, such as operational disruptions to the
financial sector, large-scale theft of personal information, and even potential damage to infrastructure.
KEY JUDGEMENTS
}} Cybercrime is the cyber threat most likely to }} State-sponsored cyber threat actors will continue
affect Canadians and Canadian businesses in to conduct cyber espionage against Canadian
2019. Cybercrime is evolving as cybercriminals businesses and critical infrastructure to advance
take advantage of growing online markets for illicit their national strategic objectives. More nation-
goods and services in order to maximize their states are developing cyber tools designed to
profits. Cybercriminals tend to be opportunistic conduct cyber espionage.
when looking for targets, exploiting both technical
vulnerabilities and human error. }} It is very unlikely that, absent international
hostilities, state-sponsored cyber threat actors
}} Cyber threat actors — of all sophistication levels would intentionally disrupt Canadian critical
— will increase the scale of their activities to steal infrastructure. However, we also assess that as
large amounts of personal and commercial data. all manners of critical infrastructure providers
Data, such as intellectual property and Canadians’ connect more devices to the Internet, they become
personal information, are used for theft and resale, increasingly susceptible to less-sophisticated cyber
fraud, extortion, or espionage. threat actors, such as cybercriminals.
}} Canadians are very likely to encounter malicious }} Sophisticated cyber threat actors will likely
online influence activity in 2019. In the coming year, continue to exploit the trusted relationships
we anticipate state-sponsored cyber threat actors between businesses and their suppliers and service
will attempt to advance their national strategic providers for espionage and cybercrime purposes.
objectives by targeting Canadians’ opinions through
malicious online influence activity. }} Cyber threat actors are adopting more advanced
methods, such as compromising hardware and
software supply chains, making detection and
attribution more difficult.
33
CANADIAN CENTRE FOR CYBER SECURITY – NATIONAL CYBER THREAT ASSESSMENT 2018
TABLE OF CONTENTS
ABOUT THIS DOCUMENT 7
EFFECTS OF CYBER THREAT ACTIVITY 8
CYBER THREATS TO CANADIANS 10
Cybercrime 11
Malicious Online Influence Activity 14
CONCLUSION 27
USEFUL RESOURCES 28
ENDNOTES 29
5
CANADIAN CENTRE FOR CYBER SECURITY – NATIONAL CYBER THREAT ASSESSMENT 2018
The chart below matches estimative language with approximate percentages. These percentages are not derived via statistical analysis,
but are based on logic, available information, prior judgements, and methods that increase the accuracy of estimates.
7
CANADIAN CENTRE FOR CYBER SECURITY – NATIONAL CYBER THREAT ASSESSMENT 2018
8
CANADIAN CENTRE FOR CYBER SECURITY – NATIONAL CYBER THREAT ASSESSMENT 2018
Cyber threat actors deploy a variety of malicious tools to reach their targets. Some types of targets, such as financial
and banking information or personal information, are held by individuals and organizations alike. Some systems that
cyber threat actors target, such as government networks used to maintain essential services, are held by critical
infrastructure providers.
9
CANADIAN CENTRE FOR CYBER SECURITY – NATIONAL CYBER THREAT ASSESSMENT 2018
10
CANADIAN CENTRE FOR CYBER SECURITY – NATIONAL CYBER THREAT ASSESSMENT 2018
11
CANADIAN CENTRE FOR CYBER SECURITY – NATIONAL CYBER THREAT ASSESSMENT 2018
12
CANADIAN CENTRE FOR CYBER SECURITY – NATIONAL CYBER THREAT ASSESSMENT 2018
Cybercriminals use both cyber tools and social engineering to extort money
or information from Canadians.6 The most common form of malware used for
extortion is ransomware. After cybercriminals infect a device with ransomware,
they try to extort money from owners by encrypting their data. Ransomware is
no longer a sophisticated cyber tool. Low-sophistication cyber threat actors can
now access it as a service that they rent or purchase on cybercrime marketplaces.
13
CANADIAN CENTRE FOR CYBER SECURITY – NATIONAL CYBER THREAT ASSESSMENT 2018
14
14
CANADIAN CENTRE FOR CYBER SECURITY – NATIONAL CYBER THREAT ASSESSMENT 2018
15
CANADIAN CENTRE FOR CYBER SECURITY – NATIONAL CYBER THREAT ASSESSMENT 2018
16
CANADIAN CENTRE FOR CYBER SECURITY – NATIONAL CYBER THREAT ASSESSMENT 2018
We assess that cybercriminals are — and will continue to be — the greatest cyber threat facing businesses of all sizes in 2019.
Cyber threat actors target Canadian businesses for their data about customers, partners and suppliers, financial information
and payment systems, and proprietary information.
Stolen information is often held for ransom, sold, or used to gain a competitive advantage. Beyond financial losses from theft
or ransom payments, cyber incidents can also result in reputational damage, productivity loss, intellectual property theft,
operational disruptions, and recovery expenses.
17
CANADIAN CENTRE FOR CYBER SECURITY – NATIONAL CYBER THREAT ASSESSMENT 2018
DATA BREACHES
Stealing Customer and Client Data
PROJECT ADORATION Cyber threat actors have both the intent and capability
In January 2017, the Royal Canadian to acquire sensitive information as demonstrated by
Mounted Police (RCMP) took down a numerous high-profile data breaches targeting the
website hosting 3 billion personal records data of millions of customers around the world. Large
collected from major global data breaches. Although databases containing personal information such as
the RCMP located the servers hosting personal content names, addresses, phone numbers, financial details, and
in Canada, users from around the world could access
employment information are valuable to cyber threat
the information for a small fee. In December 2017, the
RCMP charged an individual alleged to have trafficked actors. The aggregation of data collected from multiple
identity information.11 breaches can provide cyber threat actors the ability to
build comprehensive profiles to conduct cyber threat
This case is a revealing example of how cybercriminals
profit by using personal information stolen from activity against specific groups or individuals.
data breaches. While cybercriminals exploit the We assess that in 2019 large databases will almost certainly
transnational nature of the Internet, operations such as remain attractive targets for cyber threat actors seeking to
Project Adoration, which involved cooperation between sell information or support state-sponsored espionage.
the RCMP, the Dutch National Police, and the United
States Federal Bureau of Investigation, demonstrate Cyber threat actors also attempt to extort businesses by
that law enforcement is advancing systems and threatening to reveal confidential client information. Some
methods to tackle cybercrime. This case highlights the businesses decide that paying a ransom is cheaper than
importance of international partnerships to investigate the costs associated with ignoring a cyber ransom. Yet,
and prosecute cybercriminals. cyber threat actors can decide to delete, modify, or release
information, even if a payment is made. Robust cyber
security and business continuity practices are required to
protect valued data.
18
CANADIAN CENTRE FOR CYBER SECURITY – NATIONAL CYBER THREAT ASSESSMENT 2018
19
CANADIAN CENTRE FOR CYBER SECURITY – NATIONAL CYBER THREAT ASSESSMENT 2018
20
CANADIAN CENTRE FOR CYBER SECURITY – NATIONAL CYBER THREAT ASSESSMENT 2018
21
CANADIAN CENTRE FOR CYBER SECURITY – NATIONAL CYBER THREAT ASSESSMENT 2018
22
CANADIAN CENTRE FOR CYBER SECURITY – NATIONAL CYBER THREAT ASSESSMENT 2018
23
CANADIAN CENTRE FOR CYBER SECURITY – NATIONAL CYBER THREAT ASSESSMENT 2018
Figure 9: Cyber threat actors try to access IT and OT of a critical infrastructure provider
24
CANADIAN CENTRE FOR CYBER SECURITY – NATIONAL CYBER THREAT ASSESSMENT 2018
25
CANADIAN CENTRE FOR CYBER SECURITY – NATIONAL CYBER THREAT ASSESSMENT 2018
IT Purchases $1,901
We assess that confidential data will very likely remain an attractive target for cyber threat actors. Canadians provide sensitive
information about themselves when they use essential public services with the expectation that their information will be
secure. By accessing personal information and threatening its release, cyber threat actors can try to coerce decision makers
at public institutions into paying a ransom to protect citizen confidentiality, maintain operations, and defend reputations.
Public institutions also create and collect other kinds of sensitive information of value, which cyber threat actors target for
ransom or sale. For example, in order to sell valuable information or conduct espionage, cyber threat actors target details
about confidential operations, such as negotiations or deliberations. While foreign intelligence agencies have conducted
espionage against federal and sub-national governments for decades, the digitization of government services has created
more opportunities to attempt to access confidential information using cyber capabilities.
Nation-state adversaries have the greatest capability and intent to conduct cyber threat activity against Canadian public
institutions. State-sponsored cyber threat actors vary in sophistication and it is likely that some advanced actors can operate
undetected. Cyber threat activity against Canadian public institutions occurs most often when Canada is a global research
leader, or involved in sensitive international or bilateral issues.
We assess that nation-states around the world are continuing to invest in their cyber capabilities with the intent of
advancing their national security and economic objectives.
26
CANADIAN CENTRE FOR CYBER SECURITY – NATIONAL CYBER THREAT ASSESSMENT 2018
CONCLUSION
T
he cyber threat environment in Canada is always changing. We expect
cyber threat actors to shift their methods and targets based on their
evolving priorities, motivations, and capabilities.
In this assessment, we identified current trends in the cyber threat
environment. Wherever possible, we highlighted the likelihood of cyber
threat activity and examined how it can affect Canadians, as well as
Canadian businesses and critical infrastructure.
In general, most of the cyber threats that we discussed can be mitigated
through awareness and best practices in cyber security and business
continuity. Cyber threats and influence operations succeed today because
they exploit deeply rooted human behaviours and social patterns, and
not merely technological vulnerabilities. Defending Canada against cyber
threats and related influence operations requires addressing both the
technical and social elements of cyber threat activity.
As the National Cyber Security Strategy recognizes, Canadian citizens,
businesses, and critical infrastructure operators need to have confidence
in the cyber systems we rely on every day. We are making a difference. The
Cyber Centre approach of security through collaboration brings together
expertise from government, industry, and academia to tackle the toughest
cyber challenges that Canada faces. Working together, we can make Canada
more resilient against cyber threats.
27
CANADIAN CENTRE FOR CYBER SECURITY – NATIONAL CYBER THREAT ASSESSMENT 2018
USEFUL RESOURCES
For more information about mitigating cyber threats, we strongly encourage visiting:
}} Whitelist applications
28
CANADIAN CENTRE FOR CYBER SECURITY – NATIONAL CYBER THREAT ASSESSMENT 2018
ENDNOTES
1 Critical infrastructure refers to the processes, systems, facilities, technologies, networks, and services essential to the
health, safety, security, and economic well-being of Canadians and to the effective functioning of government. Public
Safety Canada. 12 June 2018. Accessed September 2018.
2 In this assessment, we use the term cybercrime to refer to criminal activity involving a network or network-connected
device.
3 United States Department of Justice. 13 December 2017. Accessed September 2018; and Perlroth, Nicole. The New
York Times. 21 October 2016. Accessed September 2018
6 Extortion refers to unlawfully obtaining money, property or services from a person or institution through threats or
force.
9 Rocha, Roberto. CBC News. 3 August 2018. Accessed September 2018. Original dataset available at: Data Source.
12 The Globe and Mail. 18 June 2018. Accessed September 2018; Evans, Pete. CBC News. 28 May 2018. Accessed
September 2018; and Canadian Financial Group. 28 May 2018. Accessed September 2018.
13 A smart phone or laptop computer may have been designed in one country, the raw materials and specific components
like the screen, microphone, and camera can come from companies around the world, and the device itself could have
been assembled in yet another location before reaching a consumer in Canada.
14 A supply chain is defined as the system of organizations, people, technology, activities, information and resources
involved in moving a product or service from a supplier to a customer. See National Institute for Standards and
Technology. April 2015. Accessed September 2018.
15 Corera, Gordon. BBC News. 26 July 2018. Accessed August 2018; and Menn, Joseph. Reuters. 18 September 2017.
Accessed September 2018.
29
CANADIAN CENTRE FOR CYBER SECURITY – NATIONAL CYBER THREAT ASSESSMENT 2018
16 PricewaterhouseCoopers United Kingdom. April 2017. Accessed September 2018; and Nish, Adrian and Tom Rowles.
BAE Systems. 3 April 2017. Accessed September 2018.
17 National Audit Office (United Kingdom). 25 April 2018. Accessed September 2018.
19 United States Computer Emergency Readiness Team (US-CERT, Department of Homeland Security). 15 March 2018.
Accessed September 2018.
20 Perlroth, Nicole, et al. The New York Times. 27 June 2018. Accessed September 2018.
22 BBC News. 26 February 2016. Accessed September 2018; and BBC News. 11 January 2017. Accessed September
2018.
23 Smith, Rebecca. The Wall Street Journal. 24 July 2018. Accessed September 2018; and United States Computer
Emergency Readiness Team (US-CERT, Department of Homeland Security). 15 March 2018. Accessed September 2018.
24 CTV News. 24 July 2018. Accessed September 2018; and Canadian Municipal Government Meeting Agenda. 24 July
2018. Accessed September 2018.
30