A Serious Shot Across Canada's Cybersecurity Bow - Canada's Ethical Hackers Sound Alarm for Aggressive Cyber-Attacks on Municipal Governments

TORONTO, Nov. 17, 2020 /CNW/ - In the wake of last weekend's cyber-attack that shut down many of Saint John, New Brunswick's municipal services - Packetlabs (a collective of ethical hackers specializing in real-world simulated cyber-attacks to protect governments, businesses and organizations) continues to sound the national alarm for greater cyber-security and testing for all levels of governments and their supply chain businesses.

"Although Canada's municipalities are known as very tempting targets for aggressive cyberattacks, we've spoken to many across the country that simply can't get the required funding for proper security testing," said Richard Rogerson, Managing Partner of Packetlabs. "It's actually surprising that we don't see more attacks at the relatively unguarded municipal level of Government and unfortunately, something like the Saint John attack could be a criminal test case for more."

What happened in Saint John?

With St John's IT environment going offline, Rogerson speculates it was most likely a Ransomware attack.

"Ransomware is a business and attackers appraise the value of each target accordingly," added Rogerson. "These Ransoms are not cheap. We've heard of ransoms well in excess of $1M. By contrast, the average cost of a penetration test (to determine and fix cybersecurity vulnerabilities BEFORE they can be exploited) is between $25K and 50K."

What would attackers have access to?

According to Rogers, municipalities run critical services and the impact of a breach like this can be massive. They have sensitive information about residents including taxation, family services, elections, 911 dispatch, and more. Recent attacks have threatened to disclose compromised information if a ransom was not paid. This information could even result in follow-up attacks including fraud.

Could this happen anywhere?

Rogerson says 'yes.' "Most Canadian municipalities lack leadership in Cybersecurity and this has created a massive opportunity for attackers," added Rogerson. "There are well-defined security frameworks that can be rolled out that will drastically reduce the potential for a breach, or the impact of one. At a minimum, all organizations should make use of multi-factor authentication, apply the latest security patches, and hire ethical hackers to test their network and understand critical vulnerabilities and how to address them in your environment." 

What can municipalities do about cyber-attacks?

Rogerson points out that most ransomware attacks involve a low-skilled attacker breaking into an environment with a playbook. "They've become so easy, that it's essentially been turned into a franchise," he said. "Their attacks are not complex, and they're primarily attacking vulnerabilities that we know about, that we have patches for, but lack resources or focus to apply in a timely manner. We need municipalities to take cybersecurity more seriously or have some type of provincial oversight with a list of essential controls."

About Packetlabs
Packetlabs are a collective of ethical hackers specializing in real-world simulated cyber-attacks to protect organizations. They offer a variety of services including infrastructure penetration testing, web and mobile application testing, social engineering, red team exercises, source-code reviews and exploit development all to help clients protect their data and customers.

Their clients occupy multiple industries, including government, technology, media, retail, healthcare, financial, consulting, law enforcement, and more. Packetlabs mandates each of their consultants with the most advanced penetration testing training available in the industry.

SOURCE Packetlabs