Cyber actors backed by Russia, China and other foreign adversaries are increasingly targeting non-profit and advocacy groups, journalists, human rights activists and other members of civil society, cyber agencies from Canada and other allies say.
A joint advisory issued Tuesday from Canada’s Communications Security Establishment, the U.S. Cybersecurity and Infrastructure Security Agency and FBI, and counterparts from the United Kingdom, Japan, Estonia and Finland warn such groups face a “high risk” of cyberattacks, as many have a “low defense capacity.”
The advisory says “industry reporting indicates a consistent pattern of state-sponsored cyber actors targeting specific segments of civil society,” and that the threat is growing.
The CSE and its partners say the threat is “predominantly” coming from cyber actors sponsored by Russia, China, Iran and North Korea.
Civil society groups at high risk include “non-profit, advocacy, cultural, faith-based, academic, think tanks, journalist, dissident, and diaspora organizations, communities, and individuals involved in defending human rights and advancing democracy,” the advisory states.
“Often, these organizations and their employees are targeted by state-sponsored threat actors who seek to undermine democratic values and interests,” the advisory says.
Foreign interference and attempts to disrupt democracy have become key issues for Canada and its allies in recent years, and is the subject of an ongoing public inquiry in Canada.
The email you need for the day’s
top news stories from Canada and around the world.
At the same time, agencies and technology companies like Microsoft have warned state-sponsored cyberattacks are continuing to grow in scope, and their targets are expanding beyond governments and critical infrastructure.
Microsoft said in a report issued last year that non-government organizations, media and universities — which it called “perceived soft targets” — were among the top sectors targeted by Russian, Chinese, Iranian and North Korean-sponsored hackers.
The joint advisory warns that threat actors are using increasingly personalized and subversive tactics, and devoting significant resources to researching their targets.
It says threat actors “compromise organizational or personal devices and networks to intimidate, silence, coerce, harass, or harm civil society organizations and individuals.”
Actors often gain access to networks and devices by using social engineering, which “lures victims to divulge account credentials or download malware,” or by having targets download apps that seem legitimate but actually include malicious software.
“After gaining access to devices, actors often install spyware on the devices,” it says.
Those targeted often have a low capacity to defend themselves — for instance, due to a lack of internal IT support.
“Individuals that fall under the civil society umbrella often rely on insecure channels for communication and need to manage public profiles to advance their work,” the advisory cautions.
“Organizations with low defence capacity are ill-prepared for and vulnerable to common cyberthreats, such as social engineering attempts.”
The agencies released guidance along with its advisory Tuesday on how civil society groups can protect themselves from malicious cyber activity and attacks.
Recommended measures include keeping software updated on all devices, implementing multi-factor authentication and cybersecurity training for all employees, auditing and deleting old or expired accounts, and exercising caution in choosing IT vendors.
—With files from the Canadian Press
© 2024 Global News, a division of Corus Entertainment Inc.