It’s as if there’s “blood in the water,” a London-based technology analyst says.
Like sharks sniffing out a meal, hackers from around the globe are targeting vulnerable computer systems in Southwestern Ontario, Carmi Levy said Wednesday, a week after the area’s latest cyber attack in St. Marys in Perth County.
“Cybercriminals globally are … focusing their efforts on geographic areas where previous attacks have succeeded,” Levy said. “When one weakness is discovered by one cybercriminal, they all tend to flock toward that same space.”
A ransomware attack reported in St. Marys recently crippled the town’s computers and forced a network shutdown to protect sensitive data.
Whether that shutdown was successful is still being investigated. The town has hired cybersecurity experts from Deloitte Canada to conduct a forensic audit and officials have said this week they will wait for the results before releasing more information.
In the meantime, however, St. Marys has become one of many victims in what seems to be a developing hotspot for cybercriminals.
An attack on Stratford’s computer systems in 2019 led the city to pay a ransom of more than $75,000 in Bitcoin, a digital currency.
That same year, an attack in Woodstock ended up costing taxpayers more than $667,000 even though the city never paid a ransom. Instead, the bulk of the cost came from hiring outside experts and paying staff overtime to help the city rebuild its computer networks.
Although it wasn’t believed to a ransomware attack, personal information about more than 300 people, some of it highly sensitive, was compromised by a “cyber-security incident” earlier this year that knocked out Elgin County’s website and email system for nearly a month.
Outside of the southwest, town officials in Midland paid a ransom to reclaim data after hackers held their computer systems hostage for 48 hours in 2018. That attack happened five months after a similar incident in Wasaga Beach, about 38 kilometers away.
It isn’t likely these cyber attacks are coincidences, said Ann Cavoukian, one of Canada’s top privacy experts.
“The inference is that these smaller towns … are not devoting the strength they need to devote to securing the data that they have,” said Cavoukian, a former Ontario privacy commissioner and now executive director of Global Privacy and Security By Design Centre. “It poses a great threat and it concerns me that municipalities are not taking the measures necessary to secure their data.
“They don’t seem to understand the enormous threat that this presents if (IT systems are) not strongly secured, strongly encrypted.”
Cybersecurity issues are on the radar of the Association of Municipalities of Ontario, the not-for-profit organization that represents the province’s 444 municipal and regional governments.
Judy Dezell, the director of AMO’s Enterprise Centre, said in an email the organization provides guidance about how municipalities should be investing in IT infrastructure, including strong password policies, encrypting data, installing software updates, and creating offsite data backups. This is important because “with fewer companies offering cyber insurance for municipalities, it’s taxpayers that will pick up costs related to cyber attacks,” Dezell said.
Similar work is being done by the Canadian Center for Cyber Security, a child agency of the Communications Security Establishment in Ottawa.
“Municipal governments control a range of assets that are of interest to cyber threat actors, including financial information and payment systems, data about citizens, partners and suppliers, and services to constituents,” spokesperson Evan Koronewski said. “As a general rule, the more Internet-connected assets an organization has, the greater the cyber threat it faces. And more generally, a regional municipality’s cyber-security resources are often more limited than a large organization.”
The Canadian government does not recommend paying ransoms, Koronewski added, because there’s no guarantee a cybercriminal will comply and “any ransom payment fuels the ransomware model.”
Despite these efforts, both Levy and Cavoukian said the frequency of cyber attacks being reported in small Ontario municipalities is evidence more needs to be done to protect personal information and taxpayer dollars in those communities.
“Because this is the universal problem that affects all municipalities, it behooves them to put their heads together and work at a provincewide level or even a national level … rather than try to deal with this on their own,” Levy said. “Cybersecurity is not something that you want to be flying solo on. You really do need to have a comprehensive organization, a regional response to it.
“If it isn’t a priority at that level, it needs to be.”