Cyber crooks increasingly targeting home devices: report

Cyber criminals are shifting their attention from traditional computers to internet-connected devices in Canadian homes, says the government's cyber security agency.

Cyber security agency says manufacturers choosing convenience over security

Canada's cyber security agency says crooks are moving from attacks on traditional computers to attacks on internet-connected home devices. (Marcio Jose Sanchez/Associated Press)

Cyber criminals are shifting their attention from traditional computers to internet-connected devices in Canadian homes, says the government's cyber security agency.

In its threat assessment for 2018, the newly created Canadian Centre for Cyber Security says devices connected to the internet — such as a growing number of "televisions, home appliances, thermostats and cars" — have become attractive targets.

"Manufacturers have rushed to connect more types of devices to the internet, often prioritizing ease of use over security," the centre wrote in its report, made public Thursday.

"We regularly observe cyber threat actors exploiting security flaws in devices resulting in either disruption to device functionality or using devices as platforms to launch other malicious cyber activities."

Cybercriminals used thousands of devices connected to the internet — from baby monitors to air quality monitors and surveillance cameras — to launch a botnet attack in October 2016, the centre said.

"The botnet conducted a powerful Distributed Denial of Service (attack) that disrupted a major website domain manager, temporarily disabling some of the world's most popular e-commerce, entertainment and social media sites for millions of users."

Head of the Canadian Centre for Cyber Security, Scott Jones (right), answers reporters questions on the centre's first report along with Andre Boucher, responsible for the centre's operations. (Elizabeth Thompson)

Enterprising cybercriminals have even infected devices connected to the internet with malware to mine cryptocurrency — with the owner of the device often being oblivious to what is going on.

While cybercrime isn't new, the centre predicts cyber attacks on Canadians are going to rise in number.

"Stealing personal and financial information is lucrative for cybercriminals and is very likely to increase."

The centre said it sees cybercriminals becoming more organized and developing business-like processes.

Selling stolen information

"Cybercrime is now so prevalent and sophisticated that it sustains illegal online marketplaces," the centre wrote. "These cybercrime marketplaces offer illicit goods, stolen information and malware. Some cybercrime marketplaces even offer customer support and rating functions."

Speaking to reporters as the centre's first report was made public, Scott Jones, head of the centre, said his organization isn't trying to scare Canadians away from new technology. Instead, he said, the report is meant to help Canadians and Canadian companies avoid becoming victims of cyber criminals and state-controlled hackers.

With the next federal election set for 2019, the centre is also expecting other countries to use the web, botnets and troll farms to try to influence the opinions of Canadians and exploit political divisions or controversies.

"Although major web platforms are making efforts to curb the negative effects of manipulative information sharing, the opinions of Canadians will remain an attractive target for cyber threat actors seeking to influence Canada's democratic processes."

An increasing number of Canadians are using smart speakers and other devices connected to the internet. (Amazon/Google/Apple)

The centre cited a CBC News report that found Russia's Internet Research Agency used its trolls to comment on Canadian issues like the January 2017 Quebec City mosque shooting and asylum seekers crossing the border in the summer of 2017.

Jones said the centre plans to publish an update this spring on cyber threats to Canadian elections.

The centre said Canadian businesses will continue to be attractive targets for cybercrime — and their executives as well.

"Whaling occurs when an executive with authority to issue large payments receives a message appearing to come from a relevant department or employee, urging them to direct funds to an account controlled by a cyber threat actor."

Corporate espionage remains a threat, particularly for businesses in strategic sectors of the economy or those that have attractive intellectual property or commercially sensitive information. Companies with large databases are targeted by cyber crooks who try to extort businesses by revealing confidential client information.

Paying cyber ransom

"Some businesses decide that paying a ransom is cheaper than the costs associated with ignoring a cyber ransom. Yet cyber threat actors can decide to delete, modify or release information even if a payment is made."

The increased availability of cyber tools and the increasing interconnection of devices has also made it easier to launch attacks on Canada's critical infrastructure, the centre said.

"State-sponsored cyber threat actors have conducted cyber espionage against critical infrastructure networks in Canada and allied nations. In Canada, these threat actors have conducted reconnaissance and intelligence-gathering in the energy, aerospace and defence sectors."

The Canadian Centre for Cyber Security is predicting other countries will be using Twitter and social media to try to influence Canadian opinion in 2019.

Speaking with reporters, agency officials said those state-sponsored actors may have gathered enough information to disrupt critical infrastructure networks.

However, they said they believe other countries don't appear to be poised to do anything with that information — at least not yet.

"At this time, we assess it is very unlikely that state-sponsored cyber threat actors would intentionally seek to disrupt Canadian critical infrastructure and cause major damage in the absence of international hostilities," the centre said in its report.

While the centre was willing to talk about cyber security threats to Canada, Jones was tight-lipped when it came to questions about Chinese telecom giant Huawei and fears expressed by experts that it could take advantage of new 5G networks to spy on Canadians.

While Jones said government has given it a mandate to study security risks posed by the company and a deadline to report, Jones refused repeatedly to say when that report is due.

Jones also was reluctant to say whether the arrest of Huawei's chief financial officer Meng Wanzhou in Vancouver Saturday on behalf of the United States could prompt China to retaliate with cyber attacks, or whether the centre has seen any increase in cyber attacks since her arrest.

"We always have to be resilient, no matter what the possible trigger could be. So we increase our resilience against any form of malicious cyber activity that we could be facing as a nation."

Elizabeth Thompson can be reached at elizabeth.thompson@cbc.ca


Elizabeth Thompson

Senior reporter

Award-winning reporter Elizabeth Thompson covers Parliament Hill. A veteran of the Montreal Gazette, Sun Media and iPolitics, she currently works with the CBC's Ottawa bureau, specializing in investigative reporting and data journalism. She can be reached at: elizabeth.thompson@cbc.ca.