“In 2020, we have observed cyber threat actors developing COVID-19-related content to trick victims into clicking on malicious links and attachments,” said Scott Jones, the head of Canadian Centre for Cyber Security (Cyber Center).
“Cyber threat actors know that people are anxious about the future and are less likely to act prudently when presented with emails, SMS messages, or advertisements related to COVID-19,” he wrote in the National Cyber Threat Assessment 2020 (pdf).
The Cyber Center said in the report that scammers often attempt to replicate or imitate the branding of legitimate international organizations and public health agencies to get sensitive information from victims.
“One SMS phishing campaign claimed to provide access to a Canadian Emergency Response Benefit payment, but only after the target divulged personal financial details. Another campaign impersonated the Public Health Agency of Canada’s Medical Officer of Health to deliver malware through a fake COVID-19 update that appeared official and legitimate,” the report said.
State-sponsored cyber programs launched by China, Russia, Iran, and North Korea pose the greatest and the most sophisticated strategic threats to Canada.
“Foreign state-sponsored cyber programs are probing our critical infrastructure for vulnerabilities. Foreign efforts to influence public discourse through social media have become the ‘new normal,’” said Minister of National Defence Harjit Sajjan.
“The Internet is at a crossroads, with countries like China and Russia pushing to change the way it is governed, to turn it into a tool for censorship, surveillance, and state control.”
While Canadians are “low-priority targets” for online foreign influences, citizens can still be exposed due to Canadian media’s close interactions with allied countries like the United States.
The report said the Council on Foreign Relations has maintained a list of countries suspected of sponsoring cyber operations since 2005. The list currently stands at 33 countries but continues to grow.
The report said state-sponsored threat actors likely aim to disrupt critical Canadian infrastructure, including the supply of electricity, but unlikely intended to disrupt Canadian critical infrastructure. However, they may target major Canadian organizations “to collect information, pre-position for future activities, or as a form of intimidation.”
Canadian businesses, academia, and governments remain a popular target of commercial espionage and intellectual property theft, and especially those related to curbing COVID-19, which will help combat their own domestic public health responses or to profit from its illegal reproduction by their own firms, the report said.