Ransomware Attack at US-Canada Water Management Organization.

September 7, 2023

International Joint Commission (IJC), the organization tasked with managing the lake and river systems along the border between the U.S. and Canada for the last hundred years, announced Wednesday that it experienced a cyberattack following reports that ransomware hackers claimed to have stolen reams of data.

The NoEscape ransomware gang claimed it attacked the organization — which has offices in Washington, D.C., Ottawa and Windsor — and stole 80 GB of contracts, geological files, conflict of interest forms and more. The gang gave the IJC 10 days to respond to their demand for a ransom. The group did not say how much money it was demanding to unlock the files. IJC did not respond to requests for comment about whether a ransom would be paid.

This week, the Cybersecurity and Infrastructure Security Agency (CISA) announced that it would be offering drinking water and wastewater systems free vulnerability scanning services. Water systems can get weekly automated scans that will provide a report on known vulnerabilities found on internet-accessible assets, week-to-week comparisons, and mitigations.

read more

DDoS Attack at Bordercheck Point in Canada

September 14, 2023

A cyberattack suspected to be carried out by a pro-Russia hacking group reportedly resulted in widespread service disruptions at several Canadian airports. The Canada Border Services Agency (CBSA) confirmed to Recorded Future News that the connectivity issues that affected check-in kiosks and electronic gates at airports last week are the result of a distributed denial of service (DDoS) attack. Such attacks work by flooding systems with junk traffic, disrupting their operations. CBSA’s spokesperson said that they had restored all systems within a few hours. The Montreal Airport Authority (ADM) told the Canadian newspaper La Presse that a computer outage at check-in kiosks caused significant delays in the processing of arrivals for over an hour at border checkpoints throughout the country, including Montreal-Trudeau International Airport.

CBSA has not disclosed how a DDoS attack managed to breach the computer system used by check-in kiosks at airports. This system is supposed to be on a closed circuit, meaning it should not be connected to the internet, La Presse reported. CBSA did not respond to request to comment.

read more

Data Breach at Air Canada Involved Employee Information

September 21, 2023

Canada’s largest airline announced a data breach this week that involved the information of employees, but said its operations and customer data was not impacted. “An unauthorized group briefly obtained limited access to an internal Air Canada system related to limited personal information of some employees and certain records. Flight operations systems and customer facing systems were not affected,” the company said.

“No customer information was accessed. We have contacted parties whose information has been involved as appropriate, as well as the relevant authorities. All our systems are fully operational.”
The company added that it worked with cybersecurity experts to further lockdown its systems following the incident.

(The announcement came on the same day that a cyberattack suspected to be carried out by a pro-Russia hacking group reportedly resulted in widespread service disruptions at several Canadian airports.)

read more

Ransomware Attack Against Montreal Utility

August 3, 2023

A 100-year-old municipal organization that manages electrical infrastructure in the city of Montreal suffered a ransomware attack at the hands of the Lockbit criminal group.
Commission des services electriques de Montréal (CSEM) suffered the attack at the hands of the ransomware gang called Lockbit this past Wednesday which said it “added Commission des services electriques de Montreal to their victim list.”
The electric provider said in an advisory it was hit with ransomware on August 3 but refused to pay the ransom.

read more

14 Ontario Gateway Casinos Close for Two Weeks after Ransomware Attack

April 16, 2023

Canada’s Gateway Casinos & Entertainment Ltd. confirmed on Friday ,22 April that all 14 of the company’s casinos in the province of Ontario were shut down after being hit with a ransomware attack on 16 April.

On Saturday April 29, Gateway Casinos confirmed it was starting to re-open its Ontario operations. 15 other casinos in different provinces were not affected and remained open.

read more

Suncor Suffers Cyber Attack, Hurts Retail Operations

June 23, 2023

Canada’s leading integrated energy company, Suncor, said Sunday it suffered a cybersecurity incident that is affecting its ability to complete transactions with customers, officials said.
The company said it is taking measures and working with third-party experts to investigate and resolve the situation, and has notified appropriate authorities. At this time, the company said it was not aware of any evidence that customer, supplier or employee data suffered compromised or ended up misused as a result of this situation.
“While we work to resolve the incident, some transactions with customers and suppliers may be impacted,” the company said in a statement.
The issues began on Friday (June 23), when customers reported problems logging into the app and website for Petro-Canada, a gas station chain owned by Suncor.

read more

Ransomware Attack at Constellation Software; ALPHV Steals over 1TB Data

April 3, 2023

Constellation Software confirmed some of its systems were breached. “The Incident was limited to a small number of systems related to internal financial reporting and data storage”. “The independent IT systems were not impacted by this Incident in any way.” It had contained the attack and restored the IT infrastructure systems impacted. Business partners and individuals whose information was stolen are being contacted.

Constellation Software acquires, manages, and builds software businesses through six operating groups: Volaris, Harris, Jonas, Vela Software, Perseus Group, and Topicus.

read more

Production at Canadian Tool Manufacturer Exco Technologies Interrupted

January 17, 2023

A Canadian-based international manufacturer of die cast tools and car parts has been the victim of a cyber attack. Exco Technologies said Monday that three production facilities within its Large Mould Group are recovering from a cyber incident last week. The Toronto-headquartered company temporarily disabled some computer systems as it investigated this incident. It is in the middle of bringing these systems back online, and expects operations to be substantially restored over the next two weeks.

Shipments to customers have not and are not expected to be materially interrupted. The statement didn’t detail the kind of attack, or whether personal or corporate data was accessed. It said independent experts have been retained to help the company in dealing with the matter.

read more

DDOS Hacktivist Attack at Quebec’s Power Utility

April 13, 2023

A pro-Russian hacking group has claimed responsibility for a cyberattack against Quebec’s state-owned electricity provider. Hydro-Québec said on Thursday it was hit with a denial-of-service attack at approximately 3 a.m. ET and was working to try to get its website up and running again. Hydro-Québec’s website, app and Info-Panne website for verifying power outages went offline.

“No critical Hydro-Québec systems were attacked and users’ personal data was not compromised,” said Philippe Archambault, head of media and government affairs for the utility. He said the cybersecurity team is working on restoring service.

“This is not a case of hacking and getting access to the information at the back end, at least not at this time, not with this type of tech,” Waterhouse said. “It’s really just to protest against Canada’s involvement with Ukraine.”

read more

DDOS Cyberattack at Canadian Primary Eastern Seaports: Halifax, Montreal and Quebec.

April 14, 2023

On April 14, 2023, in the early morning hours, the Port of Halifax in Nova Scotia and the Ports of Montreal and Quebec suffered a “distributed denial of service” (DDOS) cyberattack. Unlike ransomware attacks, these attacks flood network servers with so much internet traffic that it overwhelms a website, rendering it inaccessible or useless for legitimate users. The attacks appeared to be directed at the ports’ websites, causing them to crash for several hours. Further, Quebec’s state-owned electricity provider Hydro-Quebec also experienced a similar cyber assault the next morning.

Despite these attacks, it appears none of the ports’ operations or internal systems were impacted by the incident. The Port of Halifax’s spokesperson Lane Ferguson emphasized that their “internal systems continue to operate normally” and “port operations have not been affected.” Similarly, the spokesperson for the Port of Montreal asserted that the port’s security team had confirmed the port operations were unaffected and there was no risk of a data breach.

Afterwards, a pro-Russian hacking group called NoName057(16) took responsibility for the cyberattack and asserted it would continue to target Canada. This cyber assault is only the latest of several cyber issues that global ports and maritime infrastructure have suffered recently.

read more