How B.C. tech is navigating risk of Russian cyberattacks

Experts say heightened threat of state-sponsored hacking, malware should provide corporate wake-up call

Fortinet’s B.C. offices in Burnaby, where experts are fighting cyber threats | Chung Chow

The day after Russia’s invasion of Ukraine last month, the Canadian Centre for Cyber Security fired off a bulletin, warning citizens the war would be more than just an armed conflict.

A new malware known as HermeticWiper was targeting Ukrainian organizations, and weeks earlier, even before tough sanctions were enacted against Russia, the Cyber Centre was urging the “Canadian cybersecurity community – especially critical infrastructure network defenders – to bolster their awareness of and protection against Russian state-sponsored cyber threats.”

At the same time some B.C. tech companies are being deployed to enact economic sanctions, this heightened threat of retaliatory cyberattacks emanating from Russia may serve as an urgent wake-up call to Canadian organizations, according to experts.

“Canada has always been a target, like other governments, like other nations,” said Derek Manky, Fortinet Inc.’s (Nasdaq:FTNT) chief security strategist and vice-president of global threat intelligence, who is based out of the American cybersecurity giant’s B.C. offices.

“It’s really important to understand that if there is a heightened level of security that it’s not just this problem nation state [Russia], but cybercrime also, and all that coming together.”

Data compiled by Fortinet found the use of malware increased by 358 per cent globally in 2020 compared with 2019, while the use of ransomware increased by 435 per cent.

Manky said state-sponsored actors have typically taken aim at public sector targets in operational technology, critical infrastructure, health care, as well as financial services.

“But the reality is what we’re up against and facing today is a convergence of these two worlds between these state-sponsored [breaches] and … cybercrime.”

He added that organizations need to improve in-house training for employees to identify basic threats such as phishing emails as well as take further measures such as investing in segmentation of networks.

Fortinet, for its part, decided to suspend operations within Russia last week.

Meanwhile, made-in-B.C. technology has been enforcing sanctions against Russia, oligarchs and other key officials.

Vancouver-based Trulioo Information Services Inc. specializes in online identity verification by accessing multiple data sources, such as credit bureaus or utility companies, to help verify customers for other organizations such as banks. The company can help confirm the online identities of five billion consumers and 330 million business entities globally.

Garient Evans, Trulioo’s vice-president of identity solutions, said it’s now dealing with an ever-growing “naughty list” of Russian entities and individuals targeted by these global sanctions.

“They’re updated in real time. So every time that you see a news alert that another oligarch and his family members have been added to the sanctions list, we are scrutinizing each and every name that comes into our network to see if that individual is on the sanctions list. If they are, our clients receive an alert that says, ‘Hey, we have a potential match,’” Evans said, adding that those matches are usually placed in an investigative queue.

Trulioo must also dig into the false positives and false negatives that come up. For example, common names such as Smith or Mohammed may deliver results targeting the wrong people if data points such as date of birth or previous addresses aren’t examined.

But the targets of sanction often hide assets through corporate trusts, likened to Russian nesting dolls, that make it difficult to understand who owns or controls the company.

And in the case of the recent sanctions against Russia, names require transliteration from Cyrillic to English, which could mean multiple possible spellings.

But Evans noted that regulators are playing an important role in enforcing sanctions and putting the pressure on organizations to do their due diligence.

The European Union’s Sixth Anti-Money Laundering directive went into effect last year, increasing potential jail time for bank officers who either knowingly or unknowingly facilitate money laundering.

“Even if you didn’t know that you’re dealing with a Russian oligarch, and you transact and allow that to occur in your program, the consequences could be that you go to jail,” Evans said.

“You can expect what’s going on in the news with Ukraine, and the Russian sanctioning, that there’ll be this heightened attention paid to the consequences for bankers and others related to the sanctions.”

Meanwhile, cybersecurity expert Dominic Vogel said the prospect of retaliatory cyberattacks might wake up some small and medium-sized businesses that have otherwise not invested in proper security measures.

“One of the myths is that people think to do security well, [they] need to spend hundreds of thousands of dollars on state-of-the-art technology. For the average small to mid-sized business, that’s just not the case,” said the founder and chief strategist at Vancouver-based Cyber SC.

He said simple steps such as conducting a multi-factor authentication can drastically reduce the risk of companies falling victim to attacks such as ransomware.

Vogel also noted that some organizations are more likely to be targeted than others, such as financial institutions or manufacturers whose systems contain sensitive personal or proprietary data – information that would be easier to monetize on the black market.

While the pandemic also served as an impetus for organizations to review cybersecurity as office workers flooded home to do their jobs, Vogel is concerned many organizations still remain lax about their cybersecurity:

“I’ve been at this for 15 years. I wonder at what point people will wake the hell up.”

torton@biv.com

@reporton