'Sophisticated' attack was announced Wednesday; 3 attempts made to breach government systems
The head of B.C.'s public service has announced that there is a high degree of confidence a state or state-sponsored actor attempted to breach government systems in a cyberattack.
Shannon Salter, head of the public service, announced that three separate attempts were made to breach government systems over the last month, with attackers being directed to do so by a foreign state.
Salter said that investigations remain ongoing, and did not share which state could have been involved in the cyberattack or which systems they attempted to access.
Premier David Eby announced the cyberattack on Wednesday, saying the Canadian Centre for Cyber Security (CCCS) and other agencies are involved in the investigation.
Public Safety Minister and Solicitor General Mike Farnworth told reporters Friday there is no evidence that sensitive information, such as health data, has been compromised in the attack.
Farnworth added there was no evidence the cyberattack succeeded in accessing the information and there had been no ransom demand.
"Government staff, with support from other agencies, have worked to protect government systems and respond to the incident," he said at the news conference. "They have been able to ensure that there has not been an interruption to government operations or services."
He added that 76 staff are employed year-round to protect government systems from cyberattacks, with officials saying a large number of attempts are made on government systems daily.
Experts identify hallmarks of foreign actors behind B.C. cyberattacks: minister
2 hours ago
In response to a question from CBC News, Public Safety Minister Mike Farnworth says recent cyberattackers used sophisticated ways to cover their tracks, tipping off investigators that they are likely connected to a foreign state.
Timeline of attack
Salter told reporters in a technical briefing Friday afternoon that the B.C. government first began investigating an attempted breach of its systems on April 10.
On April 11, the cybersecurity incident was confirmed and reported to the CCCS, and the government also notified Microsoft's Detection and Response Team (DART) of the suspected breach attempt.
A few weeks later, on April 29, Salter said the same threat actor was involved in additional activity on government systems, and public service workers were told to change their passwords.
On May 6, another cyberattack was identified, with Salter saying the same threat actor was responsible for all three incidents.
Two days later, B.C.'s premier went public with news of the attack, after the CCCS told officials that safeguards had been put in place that would allow the public to be notified.
The CCCS is part of Canada's national cryptological agency, the Communications Security Establishment, providing guidance, services and support to government on cybersecurity.
Motivation behind cyberattack unknown
Salter said that the investigation into the cyberattacks will continue, and emphasized that over 40 terabytes of data is being analyzed — more than what is held in the U.S. Library of Congress.
Farnworth said that the CCCS believes a state or state-sponsored actor is behind the attack based on the sophistication of the attempted breaches.
"Being able to do what [technical experts] were seeing, and covering up their tracks, is the hallmarks of a state actor or a state-sponsored actor," he said.
Salter said the motivation behind the cyberattack remains unknown.
She added that previous investments in B.C.'s cybersecurity infrastructure helped detect the attack last month, and the government spends more than $25 million a year to beef up its security controls, in addition to working closely with its federal partners.
Workers told to change passwords
The premier said last week that the province's chief information officer had directed public service employees to change their passwords to "ensure the security of government email systems."
The Opposition B.C. United party questioned why the government took a week to update the public about the cyberattack, given the password change notification last week.
Salter said on Friday that the CCCS was clear all along that the cyberattacks could not be made public until appropriate measures had been put in place in order to avoid further attacks.
Eby said, to his knowledge, the cyberattack isn't connected to the recent attack on London Drugs.
The pharmacy and retail chain based in Richmond, B.C., had to close all of its stores in Western Canada for a week in response, with the chain's CEO remaining tight-lipped about the exact cause of the attack.
The B.C. Libraries Co-operative said last week that it was also targeted by a hacker who threatened to release user data if a ransom was not paid.
ABOUT THE AUTHOR
Journalist
Akshay Kulkarni is a journalist who has worked at CBC British Columbia since 2021. Based in Vancouver, he has covered breaking news, and written features about the pandemic and toxic drug crisis. He is most interested in data-driven stories. You can email him at akshay.kulkarni@cbc.ca.
With files from The Canadian Press
*****
Credit belongs to : www.cbc.ca