Canadian government institutions were targeted in cyber attacks an estimated 2.3 trillion times during the previous fiscal year—or 6.3 billion times a day, says a report from the Communications Security Establishment (CSE).
In its Annual Report, which covered April 2022 to the end of March 2023, the attacks were referred to as “malicious actions” against the government, typically in the form of ransomware, information extraction, and attempts to map government systems, all of which increased in its last fiscal year compared to previous years.
The agency’s 2020-21 Annual Report said it blocked 2-7 billion malicious actions a day, and 3-5 billion during the following fiscal year.
The CSE told True North the war in Ukraine partially explains the latest increase.
“Since Russia’s unjustified and illegal invasion of Ukraine began in 2022, we have seen a notable rise in cyber threat activity by Russian-aligned actors targeting Ukraine’s allies, including Canada,” Robyn Hawco, a CSE spokeswoman, said in an emailed statement.
The statement added that state-sponsored programs from hostile foreign actors are also at play.
“However, as outlined in the National Cyber Threat Assessment (NCTA) 2023-24, the state-sponsored programs of China, Russia, Iran, and North Korea all pose a strategic threat to Canada. State-sponsored cyber activity is generally the most sophisticated threat to Canadians and Canadian organizations.”
Hawco declined True North’s request to elaborate attack details. But the report noted that the government agency opened 2,089 “cyber incident” cases during the 2022-23 fiscal year, more than half of which, Hawco said, affected critical infrastructure organizations.
The report defined a cyber incident as “any unauthorized attempt, whether successful or not, to gain access to, modify, destroy, delete, or render unavailable any computer network or system resource”
However, the overwhelming majority of so-called cyber incidents aren’t reported.
The Annual Report said the CSE’s foreign signals intelligence collection is determined by the country’s intelligence priorities, which Cabinet establishes.
Reports the CSE produced for the government covered such topics as espionage, sabotage, intellectual property theft, “Arctic sovereignty,” instability in Haiti, terrorism and extremism.