Russian intelligence services and police will help cybercriminals operate with "near impunity" against their targets — including Canadians — in coming months, a new federal report predicts.
The assessment released Monday says Russia, and to a lesser extent Iran, very likely act as cybercrime safe havens from which digital criminals within their borders can operate against western targets.
Crime in the online realm in Canada is expected to increase over the next two years as the activities of organized groups pose a threat to national security and economic prosperity, says the latest cybercrime forecast by the Canadian Centre for Cyber Security.
"So long as cybercriminals can extract financial profit from Canadian victims, they will almost certainly continue to mount campaigns against Canadian organizations and individuals."
The report, compiled with support from the RCMP, says ransomware — malware that holds vital digital information hostage for payment — is likely the most disruptive form of cybercrime facing Canada because it is pervasive and can have a serious effect on an organization's ability to function.
Officials believe cybercriminals bent on making money will almost certainly continue to target high-value organizations in critical infrastructure sectors in Canada and around the world over the next two years.
The report says organized cybercriminal groups can reap large sums through their specialized technical capabilities, including development of tailored malware.
"The good news is that most cyberincidents can be prevented by basic cybersecurity measures," said Sami Khoury, head of the Cyber Centre.
"We have tailored advice and guidance products available on our website," Khoury told a news conference Monday. "Collaboration is key as we work to minimize the impact of cybercrime in Canada."
Cybercriminals often operate with a confidence that they're anonymous online and won't be held accountable for crimes committed in other countries, said Chris Lynam, director general of the National Cybercrime Co-ordination Centre and the Canadian Anti-Fraud Centre within the RCMP.
Businesses and citizens must report attacks to their local police, the anti-fraud centre and the Cyber Centre, he said. "One report from a small town in Canada could be the missing piece to an international puzzle."
Some forms of cybercrime, particularly ransomware, have both financial and physical effects on their victims, the report notes.
"For example, some hospitals that were victims of cybercrime indicated the incidents disrupted their ability to care for patients, leading to longer hospital stays for patients, delayed tests or procedures, complications from medical procedures and, in some cases, increased death rates."
Cybercrime can also disrupt the flow of essential goods and services by throwing a virtual wrench into an industrial supply chain, the report adds.
It notes a May 2021 ransomware attack on Colonial Pipeline led to a shutdown of the largest fuel pipelines in the United States, leading to price surges and fuel shortages for millions of Americans.
Cybercriminals are continuously coming up with new tactics to help them maximize profit, the report says.
"Cybercrime has evolved from online theft and credit card fraud to more elaborate ways of extorting victims as the attack surface for cybercriminals has expanded. The increasingly interconnected nature of the modern global economy has provided a growing number of opportunities for cybercriminals as victims' dependencies on technology continue to grow."
Cybercriminals often operate in jurisdictions where governments either overtly permit their illicit activities or at least look the other way, so long as they only target victims outside their home country, the report says.
"We assess that Russian intelligence services and law enforcement almost certainly maintain relationships with cybercriminals and allow them to operate with near impunity."
They do so as long as cybercriminals focus their attacks against targets located outside Russia and Commonwealth of Independent States countries such as Belarus, Moldova and Armenia.
"Consequently, many of the most sophisticated and prolific cybercriminals are Russia-based."
Since the Russian invasion of Ukraine in February 2022, several Russian-speaking organized cybercriminal groups have come out publicly either in support of Russia or against its enemies, the report notes.
"Regardless of their motivations, we assess that any escalation in cybercriminal activity against Ukraine, NATO, or the European Union very likely benefits Russia's strategic goals in Ukraine."
The authors say the relationship between Iran-based cybercriminal groups and Iranian intelligence remains unclear.
However, they conclude Tehran likely tolerates cybercrime activities by Iran-based cybercriminals that align with the state's strategic and ideological interests, and provides a haven to people indicted by foreign authorities, possibly recruiting talented criminals to join the intelligence services.
Cybercriminals continue to show resilience and an ability to change their business model to remain profitable, the report warns. To this end, offenders are expected to target more small- and medium-sized organizations to avoid attention-grabbing, higher-profile attacks.
This report by The Canadian Press was first published Aug. 28, 2023.