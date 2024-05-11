The province is not saying which state is believed to be involved, only that no sensitive information was compromised and the rest of the information in the investigation is classified.

A state or state-sponsored actor is accused of three cybersecurity attacks against the provincial government's computer network since April 10.

Shannon Salter, Deputy Prime Minister and Head of the Civil Service, said on Friday that given the sophistication and complexity of cyberattacks, there is a high degree of confidence that a state or actor state-sponsored is behind them.

The province is not saying which state is suspected of being involved — only that no sensitive information was compromised and the rest of the information in the investigation is classified.

British Columbia's Solicitor General Mike Farnworth said there has been no disruption to government operations or services to British Columbians and “there is no indication at this time that any sensitive information has been compromised.”

“I want to reassure British Columbians that we have worked very closely with the Canadian Center for Cyber ​​Security and other agencies to resolve the incidents and implement additional measures to protect data and systems information,” Farnworth said.

The first attack was reported internally on April 10 and the next day, BC government teams confirmed there had been a cybersecurity incident and reported it to the Canadian Center for Cyber ​​Security, said Salter.

Salter said she was informed on April 16 and informed the prime minister the next day.

On April 29, more threats were discovered and all provincial employees were asked to change their email passwords, which is just one of many measures being implemented, Salter said.

The Canadian Center for Cyber ​​Security has advised the province not to make cybersecurity incidents public so as not to alert the perpetrators before the attacks can be sufficiently investigated and the public, systems, data and users can be protected, she said.

On May 6, another threat was detected. It was determined that the April 29 and May 6 attacks were intended to cover the perpetrator's tracks, making the investigation more complex, Salter said.

Two days later, the prime minister had a classified briefing with the cyber center and, on the same day, the cabinet was briefed for the first time, Salter said.

The province continues to work with the Canadian Center for Cyber ​​Security and DART, a cybersecurity training provider, to learn everything it can about the attacks, Salter said.

The province's online safety network, updated in 2022, fends off about 1.5 billion online security threats per day, she said.

Farnworth said the attack was deemed sophisticated by cybersecurity experts who investigated the intrusion, adding that covering one's tracks is the mark of a state actor or state-sponsored actor.

Farnworth couldn't explain why another state would be interested in hacking into the British Columbia government's network.

Asked about remote working as a possible point of vulnerability, he said government servers and systems are designed to be able to handle remote connections – staff working from home or elsewhere.

“That is why we are making the necessary investments to ensure that our systems are constantly upgraded,” Farnworth said, adding that constant monitoring is carried out and there is a team of 76 technical security officers of which the only work is to focus on government systems.

Shawnigan Lake-based threat analyst Brett Callow said employees working remotely can actually make it more difficult for hackers to gain quick and easy access to a large company or government system .

“The transition to working from home has actually made life a little harder for the bad guys,” Callow said. “They were used to people opening malicious emails and clicking bad links on their work computers, which gave them direct access to company networks, but that changed when people started to work from home. »

Recently, libraries in British Columbia were targeted by a hacker who demanded a ransom for withholding user information, while retailer London Drugs was forced to close its stores for more than a week to deal with a cybersecurity breach.

Callow noted that most cyberattacks involve ransomware, in which an intruder gains access to a network, blocks or encrypts the system, then holds the victim's data or device hostage, threatening to keep it locked or disclose information. information publicly online if the victim does not pay. .

“Most often it's done for money, but there can be other motivations, from espionage to activism,” Callow said.

Ransomware is most often created in Eastern Europe, particularly Russia, and used by hackers around the world, said Callow, who works for Emsisoft, an anti-malware and antivirus software company. .

Farnworth said the BC government's cyberattack was not a ransomware incident.

He said he did not know who the state actor was or the motivation for the cybersecurity attack.

When the investigation is complete, there will be a full review of what happened and the lessons that were learned, he said, adding that at that point the government would be able to disclose more information.

[email protected]