A Whitehorse-based IT provider has seen an increase in malicious cyber attacks that are believed to be tied to the Russian invasion of Ukraine. They are going as far as to call it an attack on the Yukon as a whole.
Martin Lehner, a cybersecurity expert who owns Tangerine Technology, said many who work in cybersecurity were on high alert, expecting to see malicious activity with greater frequency coinciding with the start of the war in the eastern European nation.
Initially an increase in phishing or email scams was observed but Lehner said there was no way to conclusively tie it to the conflict. He was surprised that more invasive targeted attacks on networks weren’t seen in late February and early March.
Lehner said that changed overnight on March 14 with a major attack on secure remote access technology. He said the activity observed since March 14 represents a thousandfold increase in attacks against the secure networks used by Tangerine’s clients to access their stored data.
It was the origin of the attacks on the networks that suggested a connection with Russia and the conflict in Ukraine, Lehner said. He said the attacks were originally routed through servers in Switzerland that have previously been linked to Russian-sponsored cyberattacks. Subsequent attacks also came by way of networks in Belarus and China. Lehner said the use of servers in other countries by Russian actors has become common because much of the rest of the world has made access from Russian servers more difficult due to past malicious online activity originating from the country.
Lehner said Tangerine Technology’s clients outside the Yukon have not seen the same explosion of malicious activity as those in the Yukon have. He said some of those clients, in both the public and the private sector, maintain databases of sensitive personal information.
“Given the amount of computer networks we administer, in varying industries and sectors of our economy, we can confidently say that the Yukon, as a whole, is actively under attack,” said Tangerine’s chief operating officer Martin Lawrie.
“We’ve been strongly suggesting to the Yukon government for years now that they establish an aggregated repository for cybersecurity-related information,” Lehner added.
“We are in such a unique position in the Yukon, where only a handful of providers have access to this immense of amount of data that is statistically relevant and representative. We could be a world leader in this field, and I would hope that government recognize that at some point.”
The office of the Yukon Information and Privacy Commissioner is also circulating a cybersecurity warning relating the situation in Ukraine. The commissioner’s office passed on a notice from the Canadian Centre for Cyber Security (CCCS) regarding a particularly destructive form of malware called wiper-ware that is capable of rendering computers useless. The CCCS reports that the wiper-ware was employed against Ukrainian organizations as the Russian invasion began in late February. While there has been no wiper-ware activity detected in Canada the CCCS is still urging caution.
“It has come to the attention of our office that in recent days cyberattacks of this kind have escalated to target nations beyond Ukraine,” stated Diane McLeod-McKay, the Yukon Information and Privacy Commissioner, in a March 17 notice to the public.
“Given this, there is a risk to Canadian organizations, including those in the Yukon.”
Contact Jim Elliot at jim.elliot@yukon-news.com