Canada’s Foreign Affairs Department hit by cyberattack

It has been reported that Canada’s Foreign Affairs Department was hit by a cyberattack, according to the Treasury Board of Canada. The hack of Global Affairs Canada, the government entity responsible for diplomatic and global relations, occurred on January 19, according to a statement provided by the Treasury Board. As a result of the attack, some access to the Internet and Internet-based services are not currently available, but mitigation measures were being taken to restore them.

Abdelkader Cornelius, Threat Researcher at Cybereason, said: “Based on Canada’s Foreign Affairs Department confirmation that it was the victim of a cyberattack, it will be more interesting to learn if the attack was the result of the Canadian’s government’s criticism of Russia’s possible invasion of Ukraine. In any event, the attack is a reminder that any threat group, and in this case Russian actors, can launch an attack similar to the one against Canada’s foreign affairs department, or any other government or organisation for that matter. Very often, nation states will make noise in the shadows, but sometimes they create so much noise that it ends up making headlines.

“This latest attack is a reminder to public and private sector organisations that every corporate Internet-connected device is vulnerable, be it through unknown or unpatched vulnerabilities in hardware and software. In the global cybercriminal ecosystem, initial brokers that offer initial access to networks are abundant and sell access to government agencies and private sector companies to the highest bidders. In the case of Canada’s Foreign Affairs Department, access would fetch a higher fee than an unknown or smaller target. To reduce risk and improve its resiliency against cyberthreats, every organisation should regularly test its infrastructure for weak points by conducting threat assessments and deploying appropriate incident response plans. In addition, follow security hygiene best practices that include timely patch management, offsite data backups and security awareness training. Organisations should also deploy multi-layer prevention capabilities on all enterprise endpoints across their networks. And implement extended detection and remediation solutions across their environments for visibility to end advanced attacks before hackers gain a footing in their network.”