Multiple cyber attacks targeting Canadian airports have resulted in significant disruptions, according to recent cybersecurity news. These attacks, orchestrated by pro-Russian hacking groups, have caused widespread service disruptions, affecting check-in kiosks and electronic gates. The Canada Border Services Agency (CBSA) confirmed that the cyber attacks caused delays in processing arrivals, lasting over an hour at border checkpoints across the country.
The CBSA stated that the connectivity issues at airports on September 17, 2023, were the result of a distributed denial of service (DDoS) attack campaign. The NoName ransomware group, a notorious cybercriminal organization, claimed responsibility for the precision-targeted attack. This group is known for its aggressive tactics and has previously targeted critical entities, including port authorities and governmental institutions.
In response to the cyber attacks, the CBSA quickly restored connectivity, successfully bringing all systems back online within a few hours. However, delays at check-in kiosks persisted, affecting border checkpoints nationwide, including Montreal-Trudeau International Airport. The Montreal Airport Authority also reported experiencing delays caused by the cyber attacks.
The CBSA emphasized its commitment to the safety and security of Canadians and travelers, assuring that no personal information was compromised during the cyber attacks. It is important to note that these attacks on Canadian airports are part of a larger wave of cyber assaults on key port authorities and governmental institutions in Canada. The Canadian Centre for Cyber Security has warned about ongoing DDoS campaigns targeting government, financial, and transportation sectors. These attacks are believed to be the work of state-sponsored Russian threat actors, including the NoName ransomware group.
The exact means by which the DDoS attack breached the closed-circuit system used by check-in kiosks have not been disclosed. It is noteworthy that this system is designed to operate offline, making the intrusion all the more perplexing.
Unfortunately, Canada is not the only nation facing the wrath of the NoName ransomware group. Lithuania recently fell victim to their DDoS attacks, which affected critical services such as the e-services of the Seimas, Lithuania’s parliament, and the website of Litgrid AB, a prominent Lithuanian company.
The NoName ransomware group, a prolific Russian hacker group, entered dark web forums in March 2022 and has since claimed responsibility for multiple cyber attacks on organizations in various regions, including Ukraine, America, and Europe. They primarily conduct illicit activities through Telegram channels, where they not only claim responsibility for their attacks and issue threats but also disseminate educational content. The group also utilizes GitHub to host their DDoS tool website and related repositories. One of their most prominent tools, DDOSIA, carries out denial-of-service attacks by overwhelming target sites with a barrage of network requests. The NoName ransomware group collaborates with other pro-Russian cyber collectives, emphasizing a coordinated approach to their activities.
The cyber attacks on Canadian airports highlight the seriousness of the issue and the expertise of the threat actors behind them. It is crucial for organizations and government agencies to remain vigilant and prioritize cybersecurity measures to protect against such attacks.
Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and individuals bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.