Cyber attack hits engineering giant with contracts for military bases, power plants
OTTAWA –
A Canadian engineering big whose work entails important navy, energy and transportation infrastructure throughout the nation has been hit with a ransomware assault.
Toronto-based Black & McDonald has to date refused to publicly touch upon the cyberattack, whereas the Department of National Defence and different shoppers of the corporate have downplayed any influence or harm.
“Black & McDonald notified OPG that they had experienced a ransomware attack which was unrelated to OPG operations and information,” mentioned Ontario Power Generation spokesman Neal Kelly.
“OPG performed an instantaneous investigation and located there was no influence to our operations. OPG continually displays to make sure the very best ranges of cybersecurity.
Experts are nonetheless involved, saying the assault on Black & McDonald represents a far better risk to Canada’s nationwide safety and demanding infrastructure than the assault on Canada’s largest bookstore chain, Indigo Books & Music Inc.
“This is a different ball game,” mentioned David Shipley, CEO of cybersecurity agency Beauceron Security. “If it’s tied back to Russia in some way, then we’ve got some more questions to ask. Other nation-states are stepping up cybercrime groups as well, notably North Korea, but also Iran.”
Details in regards to the ransomware assault are scarce, with Black & McDonald refusing even to verify it occurred.
Department of National Defence spokeswoman Jessica Lamirande in an announcement mentioned it was first reported to Defence Construction Canada, which handles contracts with exterior firms for the help and upkeep of navy bases throughout the nation.
“Once DCC was informed of the incident, it blocked all incoming emails from Black & McDonald out of an abundance of caution and conducted business by phone or in person,” she mentioned. “Once the contractor restored its email system and informed DCC, email communication resumed.”
But whereas Lamirande confirmed the corporate reported the cyber breach early final month, she couldn’t touch upon the ransomware’s origins or what measures the corporate had taken.
Black & McDonald and its subsidiary Canadian Base Operators have a number of multimillion-dollar contracts with the Defence Department for the help of Canadian navy bases, together with one signed in 2020 and valued at $157 million over 10 years.
The firm, which has 5,500 staff throughout Canada and reported greater than $1.5 billion in gross sales final 12 months, additionally offers engineering and development providers for important infrastructure initiatives, together with nuclear energy vegetation, airports and with the Toronto Transit Commission.
“We were advised by B & M last week, but no immediate concerns were conveyed,” TTC spokesman Stuart Green mentioned in an e mail, including: “No impact on the TTC.”
Without extra data on the character of the assault and its offender, Shipley takes such assurances with a grain of salt.
“An absence of evidence that something bad happened doesn’t mean something bad didn’t happen,” he mentioned. “What proof do you have that says this didn’t get touched, exfiltrated, et cetera. How are you this confident?”
Until extra data is obtainable, Shipley mentioned questions will stay.
Cybersecurity officers inside and out of doors authorities have been warning for years about the necessity to strengthen Canada’s cyber defences relating to important infrastructure. The nation has already seen the influence of such an assault.
Late final 12 months, hackers accessed the non-public information of greater than 58,000 Newfoundlanders. They additionally worn out the data know-how programs of the province’s largest well being authority, forcing officers to cancel 1000’s of appointments, together with most cancers care.
The risk of a profitable assault is not simply dropping data. A rising variety of gadgets used to manage nuclear energy vegetation, air-traffic management programs and different infrastructure might be accessed remotely, mentioned Terry Cutler, CEO of cybersecurity agency Cyology Labs.
“So it’s very serious because if that data got out, they’re going sell it on the dark web,” he mentioned. “Cyber criminals will sell it, and maybe state-sponsored actors will buy that stuff. And then from there, they can start building up plans to attack.”
Black & McDonald’s ties to the Canadian navy are additionally a possible supply of concern, mentioned Brett Callow, a risk analyst with cybersecurity agency Emsisoft, notably given present tensions with Russia.
“Some ransomware operations are Russia-based and some are believed to have connections to the Russian government,” he mentioned. “This means there’s no way to know where the data that they steal may end up or, necessarily, even what the real motive for an attack may be.”
There have been stories of different assaults on Canadian defence corporations prior to now 12 months, although whether or not there was a rise is unclear as firms will not be usually required to report incidents to the federal government, not to mention the general public.
“There’s so much secrecy around incidents that’s it’s hard to tell whether attacks are trending up or trending down,” Callow mentioned.
This report by The Canadian Press was first printed March 8, 2023.
