SUPPORT US

Cyber-Security in Canada During COVID-19

Cyber_Security_Header.jpg

Image credit: Pixabay.com

COMMENTARY

by Amy Cavendish

Table of Contents

Introduction

The Economist Intelligence Unit recently revealed Canada to be one of the most internet-connected nations in the world. Pre-pandemic, the average Canadian spent 43.5 hours online per month, with users connected to complete personal admin tasks, work and find entertainment. Now, with more and more users social distancing, internet use in Canada has risen even higher. 

Accordingly, the number of Canadian businesses and individuals targeted by cyber-criminals is on the rise too. A recent report from Ryerson University’s Cybersecure Policy Exchange indicated that 57 per cent of Canadians had fallen victim to cyber-crime. As the COVID-19 crisis continues, Canadians are also facing attack vectors that are deliberately designed to profit from the pandemic.

TOP OF PAGE

Critical Cyber-Attacks Facing Canadians

Here are some of the key COVID-19 cyber-threats Canadian internet users need to contend with in 2020 and some steps to mitigate the risks.

Fake COVID-19 Tracking Apps
In June, security researchers revealed the extent hackers will go to when it comes to stealing data and holding users ransom. Threat actors released a fake COVID-19 tracing app. The app, which mimicked the version due to be released by the Canadian government, infected Android mobile devices with a ransomware script called CryCryptor.

According to ESET, the malicious code was also being distributed on two websites falsely claiming to be part of Health Canada. The websites are listed as tracershield.ca and covid19tracer.ca. The fraudulent tracking app was named “Covid-19 Tracer App.” 

Speaking to SC Magazine, Erich Kron, a cyber-security awareness campaigner for KnowBe4, noted: “This is yet another example of attackers using the current Covid-19 situation as an attack vector on people; given the emotional nature surrounding the pandemic and the latest spikes in new cases, the bad actors have no problem cashing in on the chaos.” Kron continued: “Hearing about a COVID-19 tracker through official government channels, people are more likely to look for and install an app, especially when it is made to look official. Once this trust is established, people are more likely to dismiss any suspicions when the tracking app requests access to files on their device and approve the request. This opened the door for the attack to be successful.”

Phishing Attempts
Hackers are adjusting their social engineering tactics to play upon citizens’ fears and concerns amid the ongoing COVID-19 crisis. Several pandemic-inspired phishing attempts are making the rounds. In these situations, threat actors attempt to mimic government or health bodies in order to glean data or gain access to a user’s device.

Phishing attempts are often delivered via email, but text messages are just as likely to be used. One common scam involves hackers sending citizens a text that asks them to apply for the Canada Emergency Response Benefit (CERB) or the Canada Emergency Student Benefit (CESB). Users should note that the Canadian government will never send emails or texts prompting citizens to register for either the CERB or the CESB. Instead, applications must be made online through the dedicated portal or over the phone. In addition, a number of CERB and CESB repayment scams have been discovered. 

Phishing attempts may also be disguised as messages from the World Health Organization (WHO). As early as March, the organization warned of phishing emails soliciting funds and the dangers of an “infodemic.” The WHO has also warned of fraudulent WhatsApp messages that contain malicious links. Clicking a link may allow spyware or malware access to the user’s device.

Another common phishing scam to be aware of is messages purportedly from the COVID-19 Solidarity Response Fund. These messages may contain invoices requesting payment on behalf of the fund, the WHO, the UN Foundation or the Swiss Philanthropy Foundation.

Spoofed Government Websites
A spate of COVID-19-themed websites that purport to be from the government are currently online. These sites masquerade as the real deal and the threat actors go to great lengths to make the sites look as legitimate as possible. From design elements to the site’s URL, fraudulent websites can look very convincing. But engaging with spoofed websites is a sure-fire way for users to give away sensitive data, be it financial or personally identifiable information.

Remote Worker Security
With many Canadian workers telecommuting as opposed to heading into physical offices, there is an increased risk of cyber-attack on businesses. The shift to working at home means staff members connecting remotely to the company’s system, thus opening up a greater number of potential access points for threat actors to exploit. 

Staff’s personal devices may also represent a significant security concern if they are infected with malicious software or otherwise compromised. Another concern in this vein is the security and health of a staff member’s home internet connection.

TOP OF PAGE

Staying Secure

In addition to good digital hygiene practices, Canadian citizens and businesses alike should take the measures below to meet the threats head-on:

Combating COVID-Inspired Fraudulent Apps, Websites and Phishing Attempts
Canadians should be very careful when choosing to download tracing apps, particularly before the government formally announces a new app’s release or an update for the official tracking app. Download apps only from the official app stores, preferably after following a link on the government’s official COVID Alert page.

Users should not willingly volunteer personal or financial information unless they made contact with a government agency first. In addition, all text messages and emails with a COVID-19-themed outreach should be treated with suspicion. 

Businesses should ensure all staff members are knowledgeable about current phishing scams. They should also require staff working remotely to have security software installed on their devices. 

Identifying spoofed websites can be difficult. Users should look out for the telltale signs of spoofing before entering any information: logos and/or colours look slightly off, the URL is not exactly the same as before, and grammatical and/or spelling errors are present. 

Ensuring Remote Worker Security
Businesses need proper cyber-security strategies and tools in place that encompass the shift to a work-from-home business model. Both company networks and systems along with the devices used for work need protection. 

  • A VPN, or virtual private network, accomplishes two key things: the program shields internet activity from any prying eyes and encrypts any data in transmission. The security tools are considered essential for remote workers who may be using compromised networks.
  • Anti-malware and anti-virus programs. Company devices should be equipped with both anti-malware and anti-virus protection. While the former is a modern version of the latter, both form part of a solid cyber-security strategy. Anti-malware is also useful on handheld devices as it may detect threats delivered via text message. Companies should make both solutions available to remote staff.
  • Email scanners. With threat actors upping the ante when it comes to phishing, it’s wise to have email protection in place.
  • Education is key, and staff should receive regular cyber-security training to mitigate the risk of human error.
  • Allow automatic updates. Unpatched software represents a significant security risk. All programs should be updated as soon as patches are released. If staff are working on their own devices, make sure they’re aware of this.
  • Make sure the business’s perimeter security is in good shape. Hire cyber-security experts to double-check for vulnerabilities.

The threat landscape is constantly shifting and evolving. Individual users, businesses and government service providers should consider cyber-security to be the highest priority. This is particularly important now as the pandemic has proved to be the perfect breeding ground for threat actors seeking to capitalize on fear and uncertainty.

While it might seem like a heavy responsibility to help combat cyber-threats, the reality is that the onus is on individuals and businesses. The government can provide regulatory guidance, (albeit somewhat lacking at times), and take steps to thwart known threats, but new threats will only appear to replace those eliminated.

TOP OF PAGE

About the Author

Amy Cavendish is a content strategist at the TechFools, a tech blog aiming to inform readers about the potential dangers of technology and introduce them to the best ways to protect themselves online. As an outspoken advocate for digital freedom, Amy is dedicated to empowering her readers to take control of their digital lives with her thought-leadership articles.

TOP OF PAGE

Amy Cavendish Commentary Security Cyber & Tech Global Canada COVID-19 Pandemic

Be the first to comment

Sign in with

Please check your e-mail for a link to activate your account.
SUBSCRIBE TO OUR NEWSLETTERS
 
SEARCH

HEAD OFFICE
Canadian Global Affairs Institute
Suite 2720, 700–9th Avenue SW
Calgary, Alberta, Canada T2P 3V4

 

Calgary Office Phone: (587) 574-4757

 

OTTAWA OFFICE
Canadian Global Affairs Institute
8 York Street, 2nd Floor
Ottawa, Ontario, Canada K1N 5S6

 

Ottawa Office Phone: (613) 288-2529
Email: [email protected]
Web: cgai.ca

 

Making sense of our complex world.
Déchiffrer la complexité de notre monde.

 

©2002-2024 Canadian Global Affairs Institute
Charitable Registration No. 87982 7913 RR0001

 


Sign in with Facebook | Sign in with Twitter | Sign in with Email

Sign in with Facebook, Twitter or email.
Created with NationBuilder