Canada’s cyber incident response centre has taken down over 1,500 COVID-19-themed fraudulent sites or email addresses aimed at Canadians, IT World Canada has learned.

The number comes from the Canadian Centre for Cyber Security (CCCS) after an official told a webcast Thursday on cybersecurity and the health care sector that the agency and its partners have achieved “pretty high numbers” in closing malicious web sites targeting Canadians.

Asked for more detail on the comment, Ryan Foreman, a spokesperson for the centre, said the 1,500 sites closed included ones that spoofed the Public Health Agency of Canada, Canada Revenue Agency, and Canada Border Services Agency. These sites have been related to cyber-crime and fraud.

“This is a worldwide effort and it’s a very automated process,” Foreman added, without giving more detail.

The centre has been working with private firms, telecommunication providers, international cyber Incident response teams and other countries.

CBC News this morning reported the Canadian Anti-Fraud Centre received 739 reports since March 6 of attempts to defraud Canadians with scams related to the pandemic. Of those attempts succeeded with losses of $1.2 million.

Canada’s response to the attacks comes as criminals and threat actors backed by nation-states take advantage of global hunger for news about the coronavirus to spread malware.

While the Canadian effort has sunk many fake sites, there is still a growing number that pops up daily around the world. Experts say attackers aren’t creating new malware, they’re just repurposing email and text messages with the exploits they’ve been using for months or years.

Related:

 

Cybersecurity companies have no shortage of ways of measuring the weed-like growth. Darktrace, for example, estimates that in April, 60 per cent of all advanced spear-phishing attacks blocked by its email solution was either related to COVID-19 or aimed to trick employees by referencing remote working.

As of April 14, Sophos had identified over 1,700 malicious domains using “corona” or “COVID” in their names, of which 1,200 were currently active. Google is detecting about 18 million malware and phishing Gmail messages per day related to COVID-19, in addition to more than 240 million COVID-related daily spam messages.

The health care sector in many countries has been targeted, prompting the CCCS to issue an alert on March 20.

Michele Mullin, the centre’s director-general of partnerships and risk mitigation, was the panellist who mentioned the CCCS’s work in eliminating many malicious sites during a webcast hosted by Ryerson University’s Rogers Cybersecure Centre on cybersecurity and Canada’s health sector during the pandemic.

The centre isn’t necessarily seeing an increase in the volume of cyber attacks, she said, but threat actors are taking advantage of a common strategy: Fashion phishing messages around what’s hot in the news.

“They know the lines between work and home are being blurred,” Mullin said, referring to COVID-19. “People are working from home, they’re being distracted by children and pets, they’re often working on systems that have fewer protections than they do from work. All of those distractions mean people are more likely to click [on a link or attachment] before thinking.”

Messages targeting Canadians range from lures relating to the federal emergency benefits programs to offers to sell personal protective gear like masks.

“The health sector is seen as a soft target among more sophisticated adversaries as well as criminal groups,” she added. “It holds valuable information including highly-sensitive personal information and intellectual property.”

Criminals believe health-related institutions “are more likely to pay ransom to regain access to systems or to data,” she said, which is why they have to be prepared with a response plan including data backup and recovery.

The state-sponsored activity includes targeting COVID-19 research and technology. Coincidentally, Mullin added, foreign governments have reduced their cyber activity as their staff are being sent home because of the pandemic. That has slowed their tempo — but only temporarily. CCSC believes that will pick up, particularly because traditional espionage is being hampered by coronavirus travel restrictions.

Panellist Jeff Curtis, chief privacy officer at Toronto’s Sunnybrook Health Sciences Centre, the largest trauma centre in the country, said that since the pandemic started employees report the amount of COVID-19 related emails and texts — legitimate and malicious — “has gone through the roof.” Combined with suddenly having to use video and collaboration tools staff may not be used to “the attack surface is much larger than it used to be.”

Sunnybrook Hospital’s chief privacy officer Jeff Curtis during a webcast. Screenshot

More than ever he sees a big part of his job as telling staff “you don’t have to react immediately to everything that comes across your desk.”

Toronto privacy lawyer Mary Jane Dykeman, co-founder of INQ Data Law, said her firm has recently been getting calls for advice from health care organizations having to make quick decisions but wanting to make sure the provision of health care isn’t impeded.

“Many initiatives are going at high speed right now,” she noted, but clients are saying, ‘Please don’t slow us down.’

“We are going into Phase Two [of COVID response],” she argued, adding special attention has to be given to the data that’s now ending up in people’s homes. “We need to be careful of the workloads we put in place. And if this is going to last longer we need to correct some of the quick things we did and then start to plan for when people go back [to their workplaces] because there’s going to be all this data sitting in people’s homes all over the globe.”

Russell Rice, vice-president of product strategy at Ordr, a California-based provider of solutions that identify devices on networks including medical devices, said that because many IoT devices can’t get security updates hospitals and clinics need to inventory the internet-connected devices they have, do a cybersecurity risk assessment on them, and decide what they can to improve their security.