Why are there so many cyberattacks lately? An explainer on the rising trend

A woman uses a computer keyboard in North Vancouver on December, 19, 2012. A wave of cybercrime has recently hit hospitals, businesses and organizations, including Toronto's Hospital for Sick Children in mid-December and the Toronto Transit Commission in late October, with the most recent impacting LCBO's website and mobile app beginning Tuesday evening.THE CANADIAN PRESS/Jonathan Hayward

TORONTO — A wave of high-profile cyberattacks has recently hit hospitals, businesses and organizations in Ontario, including the LCBO this week and Toronto's Hospital for Sick Children and Scouts Canada in December.

The Canadian Press spoke with cybersecurity experts about whether cyberattacks are on the rise, why they are happening, and what people and businesses can do to protect themselves.

Are cyberattacks happening more often?

These attacks "absolutely are" happening more frequently than before, says Robert Falzon, head of engineering at cybersecurity firm Check Point Canada, noting it is something that is likely going to be happening on a daily basis now.

One reason for that is the rising access of technology that enables the development of malware, scripting and other tools for potential hackers such as the AI-powered computer program ChatGPT.

"It has the ability for someone with not very much skill set or maybe even not a great command of the English language to create a full, almost flawless script to use in an attack against somebody in a phone scam or an email phishing scam or what have you," Falzon says.

"In the past, (hackers and scammers) would rely on their own grammar and spelling skills, which often many people were able to identify and say, 'oh, that looks like a scam.' They're getting harder and harder to detect now."

Charles Finlay, the founding executive director of the Rogers Cybersecure Catalyst Centre at Toronto Metropolitan University, agrees that these attacks are increasing — especially the kind that hit SickKids on Dec. 18, which affected phone lines and internal clinical systems and delayed lab and imaging results.

"They're increasing across western democracies," Finlay says. "This is a serious problem, a serious challenge, that is becoming increasingly severe."

Another reason for the rise, he says, is that the ransomware industry is growing as a multi-billion dollar global criminal industry.

"It's supported by sovereign countries that harbour ransomware attackers, and ransomware attacks have proven to be highly lucrative," says Finlay, noting that cyberattacks are also increasing as our reliance on technology does.

Are public bodies being targeted?

Falzon says Check Point Canada has seen malware specifically developed to be deployed against a particular company or entity, something they call campaigns.

"They're either using phishing or an even more advanced version of phishing, called whaling, where … it looks like it's coming from an executive instructing his workers to do XYZ," Falzon says "And as soon as they open or click or do anything in that email, they end up infecting the organization."

Hackers will target any organization that they believe they can leverage a ransom from, Finlay says, which is one of the reasons the attacks seem to be getting more aggressive.

"The more important the organization, the more critical that organization is to the proper functioning of society or the economy, the more likely it is that ransomware gang will be able to leverage significant financial return," Finlay says.

"So the attack on SickKids hospital is exactly the kind of attack that we need to expect."

But it's possible that organizations aren't always being targeted, Falzon says, as many of the tools that result in these cyberattacks take what he calls a scattergun approach – sending an email out to thousands of potential victims.

"Those are incidental attacks where somebody unfortunately fell victim to either clicking on a phishing email or an attachment or something, and then it infected that system in that area. And now you've got a widespread problem."

What can people do to protect themselves from cyberattacks?

Keeping computers and mobile devices up to date with the latest software is critical, Falzon says, as manufacturers are frequently creating "patches and updates" to target vulnerabilities.

"As all of these attacks become more sophisticated, our defence needs to become more sophisticated," Falzon says, noting that passwords must also be updated frequently and should never be used for more than one site or service.

He advises people to download ransomware protection software on personal devices and become hyperaware when opening emails or text messages from unknown source.

"It's a massive risk to carry that around and not have any protection on it," Falzon says.

"Somebody could send you a text, whether it’s WhatsApp, for example, where a simple text (is) sent to your cellphone, you view it, and next thing you know you're vulnerable. They can control your camera, your microphone, to see where you are, read your text messages, things like that."

What should businesses and organizations do to prevent falling victim to cyberattacks?

The question is not if an attack will happen, Finlay says, but when – something organizations need to keep in mind.

He suggests they do a "really thorough" risk assessment to discover any systems or data that are vulnerable to a cyberattack and then work with experts to determine how to protect them.

"That often involves investing in people, processes and technologies, so training your people to be aware of cybersecurity attacks," Finlay says.

Cyber awareness training is "absolutely" the first tool businesses, the government and even schools need to adopt to protect themselves, Falzon says.

"I'm a firm believer that we need to start doing that at an even younger age," he says.

For example, concepts like "cyber hygiene" could be taught to children – teaching them about passwords and what to avoid clicking on online.

"We have to switch to prevention rather than trying to detect, because by the time you've detected what's happening, it's far too late," said Falzon. "It's already been successful."

This report by The Canadian Press was first published Jan. 13, 2023.

Jessica Smith, The Canadian Press

Return to LakelandToday.ca