17 mars 2020 | Local, C4ISR, Sécurité

Online 'phishing' attacks expected to target housebound staffers as COVID-19 spreads

It's a 'huge opportunity' for online crime, one expert warns

The number of "phishing" attacks meant to steal the online credentials of public servants and corporate sector employees now housebound due to the COVID-19 pandemic is on the rise, one cyber security expert warns.

Many attempts are being made against employees who are working from home on virtual private works (VPNs). Cyber experts are still gathering data to establish a direct correlation between the pandemic crisis and the increase in malicious activity.

But Rafal Rohozinski, chief executive officer of the SecDev Group of Companies, said this pandemic moment — when large numbers of employees are at home and receiving instructions from their workplaces on how to connect to internal networks — offers online thieves a "huge opportunity."

Federal government and corporate sector systems were never designed to support a sudden, mass migration of employees from offices to their homes, he said.

"The opening that creates for those who want to wreak havoc through ransomware and malware is really, really significant," said Rohozinski. "And I don't think we're anywhere near prepared for that.

"What we're seeing is an increase in phishing being used as a means to get people's credentials."

U.S. Health Department attacked

The U.S. Health and Human Services Department's website was hit by a cyber attack over several hours on Sunday, an incident which involved overloading its servers with millions of hits.

Officials said the system was not penetrated, although media reports in Washington described it as an attempt to undermine the U.S. government's response to the coronavirus pandemic — and may have been the work of a foreign actor.

Rohozinski said that while the facts are not all in yet, his "professional guess" is that there's a link between the attack and the COVID-19 crisis.

Last week, Canada's top military commander warned that he'd seen recent indications the country's adversaries intend to exploit the uncertainty, confusion and fear generated by the pandemic.

Send in the trolls: Canada braces for an online disinformation assault on COVID-19

Gen. Jonathan Vance, chief of the defence staff, was not specific about the potential threats — but experts say they could range from hacking to online disinformation campaigns aimed at discrediting the federal government's response.

Rohozinski said he's concerned about the federal government's technical capacity to support thousands of employees on private networks.

"Everybody's moving on to VPNs. Everybody," he said. "This is an enormous pinpoint and an enormous vulnerability."

Federal Digital Government Minister Joyce Murray's office was asked for a response Monday, but was unable to provide an immediate comment.

Many of the country's leading information technology companies are part of the Canadian Cyber Threat Exchange (CCTE), a nonprofit centre where companies can swap information and insights. A CCTE spokeswoman said the corporate sector is better prepared to face the challenges posed by the mass movement of employees to home networks.

Canada to bar entry to travellers who are not citizens, permanent residents or Americans

Canadian military bans international travel in response to COVID-19

Still, there is reason for concern.

"Given we are moving people to work from home now, companies need to ensure that the work from home environment is as safe as the corporate environment and that people are trained to notice these phishing campaigns, just like they were in the corporate environment," said Mary Jane Couldridge, director of business development at the CCTE.

"It's a matter of keeping our community aware of what is impacting Canada daily so we know how to react to it and prevent it from spreading — and not chase rainbows."

Most corporations have plans they'll activate now to cover the wholesale movement of employees to networks outside of the office, she added.

https://www.cbc.ca/news/politics/online-hacking-phishing-covid-19-coronavirus-1.5499725

Sur le même sujet

16 juillet 2019 | Local, Naval

Canada’s Esquimalt navy base to receive four steel barges
The Canadian Government's Public Services and Procurement department has awarded a contract to Canadian Maritime Engineering to deliver four steel barges. The C$1.99m ($1.52m) contract was awarded on behalf of the Canadian Armed Forces to provide equipment for use by the nation's navy. The four steel barges will be supplied to Canadian Forces Base Esquimalt in British Columbia within 18 months from the contract award date. Under the contract, Canadian Maritime Engineering will also provide a complete technical data package and related training. The contract also includes an option to purchase spare parts. Canada Public Services and Procurement and Accessibility Minister Carla Qualtrough said: “Our government is providing the women and men of the Royal Canadian Navy with the equipment they need to do their important work. “This contract award is a prime example of the National Shipbuilding Strategy in action, providing meaningful opportunities for businesses and Canadians across Canada, and throughout British Columbia.” The steel barges will measure 12m-15m in length and have working decks of 75m². Set to replace six existing wooden barges, the planned steel barges will support maintenance work on the Canadian Navy's vessels. Canada Defence Minister Harjit Sajjan said: “Through our defence policy, ‘Strong, Secure, Engaged', we are providing the women and men of our Canadian Armed Forces with the equipment they need to do the important work we ask of them. “Barges are an essential part of the navy's fleet, and this contract for four steel barges will facilitate maintenance on its vessels to ensure the operational readiness of its fleet.” Under the National Shipbuilding Strategy (NSS), the government aims to renew the country's federal fleet of combat and non-combat vessels. The programme includes providing the Canadian Navy and Coast Guard with vessels. The government formed partnerships with Irving's Halifax Shipyard and Seaspan's Vancouver Shipyards for the NSS. https://www.naval-technology.com/news/canadas-esquimalt-navy-base-to-receive-four-steel-barges/
22 octobre 2019 | Local, Aérospatial

Canada Refining Requirements for New UAV Fleet; Request for Proposals Expected Next Year
Canada Refining Requirements for New UAV Fleet; Request for Proposals Expected Next Year October 21, 2019 - by Shaun McDougall The Canadian government is in discussions with a pair of unmanned aerial vehicle manufacturers to refine requirements for a new fleet of armed medium-altitude, long-endurance drones. The new aircraft are being acquired through the Remotely Piloted Aircraft Systems (RPAS) project, previously known as the Joint Unmanned Surveillance and Targeting Acquisition System (JUSTAS). General Atomics has teamed with CAE Canada, MDA, and L3 Wescam to offer the MQ-9B SkyGuardian. L3 MAS is working with Israel Aerospace Industries to bid the Artemis unmanned aircraft system, which is based on IAI's Heron TP. The program officially entered the Refine & Review Requirements phase in July 2019, at which point the government and industry teams began discussions to refine program requirements. These discussions will help inform a formal Request for Proposals, which is expected to be released in fiscal year 2020/2021 (between April 2020 and March 2021). A contract is anticipated in fiscal year 2022/2023, barring any delays. Deliveries could begin in 2024/2025. Canada's desire for a new fleet of UAVs surfaced around 20 years ago, but little progress has been made since then. The Royal Canadian Air Force had been preparing to award a contract to General Atomics for its Predator UAV in 2007, but the program was halted due to concerns about a lack of competition. At one point, the government outlined a new two-phase approach. The first phase would include an armed UAV for overland missions. A second phase would buy a system primarily for maritime surveillance off Canada's coasts, as well as limited Arctic surveillance. This plan was scrapped in 2013 and the program went back to the drawing board. Ultimately, government documents show the Air Force has tried and failed six times since 2005 to acquire a new UAV fleet. Following the initial delays of the JUSTAS program, Ottawa leased Heron UAVs as an interim solution to fulfill an urgent requirement for additional ISR capabilities in Afghanistan. The first system was delivered to Canada in October 2008 and deployed to Afghanistan shortly thereafter. The Herons replaced smaller SPERWER UAVs that were in service since 2003. The value of the RPAS program has not been announced, and Canada has not specified how many aircraft it will buy. The government's Defence Capabilities Blueprint indicates the program will fall within a very broad price range of between CAD1 billion and CAD4.99 billion, one of the preset funding ranges used by the blueprint to categorize programs. https://dsm.forecastinternational.com/wordpress/2019/10/21/canada-refining-requirements-for-new-uav-fleet-request-for-proposals-expected-next-year/
7 décembre 2018 | Local, Aérospatial

Pénurie de pilotes : le casse-tête des forces armées canadiennes
Les conclusions du rapport du vérificateur général soulignant une pénurie de pilotes militaires au Canada résonnent particulièrement au Manitoba, où la formation initiale des pilotes des Forces armées canadiennes est donnée et supervisée. Un texte de Pierre Verrière Il est difficile de parler de l'Aviation royale canadienne sans évoquer le Manitoba. Pendant la Seconde Guerre mondiale, les pilotes de tout le Commonwealth venaient y suivre leur formation avant d'être déployés en Europe. Depuis 1992, la troisième École de pilotage des Forces canadiennes située à Portage-la-Prairie, à une heure de Winnipeg, assure la formation de base des pilotes canadiens. Enfin, c'est à Winnipeg qu'est situé le quartier général de la 2e Division aérienne du Canada, responsable de l'instruction des pilotes. Or, ce sont justement ces pilotes qui font gravement défaut, selon le vérificateur général du Canada. Ce dernier met notamment l'accent sur les pilotes de chasse. Selon le vérificateur, il en manque plus du tiers pour satisfaire aux exigences opérationnelles. Parmi les raisons évoquées, on compte le rythme auquel les pilotes quittent l'aviation, qui est plus rapide que celui auquel elle peut en former de nouveaux. Entre avril 2016 et mars 2018, l'Aviation royale canadienne a ainsi perdu 40 pilotes de chasse qualifiés et en a formé seulement 30 nouveaux. Ce problème n'est cependant pas nouveau ni étranger pour les responsables de la formation des pilotes. Article complet: https://ici.radio-canada.ca/nouvelle/1139188/penurie-pilotes-forces-armees-canadiennes-manitoba

Toutes les nouvelles