A state or state-sponsored actor orchestrated the “sophisticated” cyberattacks against the British Columbia government networks, as revealed by the head of B.C.’s public service on Friday. Shannon Salter, deputy minister to the premier, disclosed to the press that the threat actor made three separate attempts over the past month to breach government systems, with the government being aware of the breach at the time before finally making it public on May 8.

Premier David Eby initially announced that multiple cybersecurity incidents were observed on government networks on Wednesday, mentioning that the Canadian Centre for Cyber Security (CCCS) and other agencies were involved in the investigation. Salter, in her technical briefing on Friday, refrained from confirming if the hack was related to last month’s security breach of Microsoft’s systems, which was attributed to Russian state-backed hackers, resulting in the disclosure of email correspondence between U.S. government agencies. However, she reiterated Eby’s comments that there was no evidence suggesting sensitive personal information was compromised.

The timeline of the cyberattacks on British Columbia began when the government first detected a potential cyberattack on April 10. Government security experts initiated an investigation and confirmed the cyberattack on April 11. The incident was reported to the Canadian Centre for Cyber Security, a federal agency, which engaged Microsoft’s Diagnostics and Recovery Toolset (DaRT) due to the sophistication of the attack. Premier David Eby was briefed about the cyberattack on April 17.

Subsequently, on April 29, government cybersecurity experts discovered evidence of another hacking attempt by the same “threat actor.” The same day, provincial employees were instructed to immediately change their passwords to 14 characters long as part of the government’s routine security updates. Furthermore, another cyberattack was identified on May 6, with Salter mentioning that the same threat actor was responsible for all three incidents.

The cyberattacks were not disclosed to the public until late Wednesday evening, coinciding with an ice hockey game, prompting accusations from B.C. United MLAs that the government was attempting to conceal the attack. The Opposition MLA Todd Stone questioned the delay in disclosing the breach and the potential compromise of sensitive personal information.

Salter clarified that the cybersecurity center advised against public disclosure to prevent other hackers from exploiting vulnerabilities in government networks. She revealed that three separate cybersecurity incidents were identified, all involving efforts by the hackers to conceal their activities. Following a briefing of the B.C. NDP cabinet on May 8, the cyber center agreed that the public could be notified.

Over 40 terabytes of data are currently being analyzed in relation to the cyberattacks, with the province storing personal data of millions of British Columbians, including social insurance numbers, addresses, and phone numbers. Public Safety Minister and Solicitor General Mike Farnworth mentioned that no ransom demands were received, making the motivation behind the cyberattacks unclear. Farnworth also stated that the CCCS believes a state-sponsored actor is behind the attack based on the sophistication of the attempted breaches.

Government sources revealed to CTV News that various government ministries and agencies, along with their websites, networks, and servers, face approximately 1.5 billion “unauthorized access” or hacking attempts daily. This number has been increasing over the years, leading the province to budget millions of dollars per year for cybersecurity. Salter confirmed that the government spends over $25 million annually to fortify its defenses and that previous investments in B.C.’s cybersecurity infrastructure helped detect the multiple attacks last month.

In conclusion, the cyberattacks against the British Columbia government networks have raised concerns about the security of sensitive personal information and the potential involvement of a state-sponsored actor. The ongoing investigation will shed more light on the extent of the breaches and the measures needed to enhance cybersecurity defenses to prevent future attacks.

Source link