Apparent attempts to extort two major Canadian banks highlight the increasing threat and variety of cyberattacks against major companies.
Attacks against BMO and CIBC-owned Simplii — that compromised the information of up to a combined 90,000 Canadians — made public Monday, appear to be the latest in a number of high-profile ransom attacks. The attacks have the banks in damage control mode, prompting them to assuage client concern about the safety of Canadian accounts.
CBC reported that it received a letter from someone who said they demanded a $1-million ransom from the targeted banks.
The banks would not confirm the CBC report Tuesday. BMO said only that a “threat” was made, but it has a policy of not making payments to fraudsters, while Simplii was similarly cryptic, saying only that fraudsters may have electronically accessed some data, but that its practice is not to pay ransom demands.
Both banks said they both took additional security measures after learning of the potential breach and would be directly contacting customers whose accounts may have been compromised. Royal Bank, Scotiabank and Toronto-Dominion Bank have said they have no indication they have been affected.
The apparent extortion attempt against BMO and CIBC’s direct-banking brand Simplii comes after a string of other high-profile pay-for-data attempts.
Recent examples include a failed attempt at Uber to pay off hackers — only for the company to later reveal that some 815,000 Canadians had their information compromised as part of a global attack, and the infamous cyberattack on cheating website Ashley Madison, which did not comply with hackers’ demands to close the website, resulting in the exposure of personal information of millions of users.
Smaller organizations are also falling victim to hacking payment scams, including the University of Calgary, which paid $20,000 to have its computer systems unlocked after a ransomware attack in 2016.
The risks are clearly on the rise, said cybersecurity expert Satyamoorthy Kabilan at the Conference Board of Canada.
“In terms of cyber incidents overall, whether it’s breaches, whether it’s these sorts of attacks, whether it’s standard ransomware, that’s skyrocketing.”
However, the incident involving BMO and Simplii varies from more standard efforts to either use the data itself to profit or to try and sell it to third parties — which makes it harder for companies to set up defensive plans, said Kabilan.
“Understanding tactics actually gives us an advantage in terms of defending ourselves, but if those are constantly varying, it starts putting up a few more challenges.”
Companies, especially banks, need to keep improving security efforts but also plan for resiliency and being able to respond in the event of an attack, he said.
“Companies have to wake up to the fact that there is no such thing as 100 per cent security in the cyber world. It’s a question of when and how bad.”
BMO and Simplii did the right thing in being quick to assure customers that their money is safe and that they’re working diligently to improve security, said Barry Waite, chair of the communications department at Centennial College.
Both banks said they’d directly reach out to affected customers and are co-ordinating with officials to respond to the incident and protect clients.
Demonstrating the safety of banking services will become increasingly important as they roll out more digital products, said Waite.
“This is important for the whole banking industry, demonstrating that as they increase technology, they’re introducing new apps, that they have the best security in place.”
The whole banking sector is looking to improve digital security in light of such threats, Scotiabank CFO Sean McGuckin said on a media conference call discussing its quarterly results.
“There’s a very open dialogue amongst financial institutions around cyber threats. So we are all quite open and learning and sharing from each other.”
Ian Bickis, The Canadian Press
Connect with us Facebook
Equifax fell short of privacy obligations to Canadians, says privacy commissioner
Apartment where Ernest Hemingway lived to go up for sale in Toronto
Pace of Canadian housing starts up in March on seasonally adjusted basis: CMHC
Ontario realtors advise government to end so-called ‘bully’ offers
‘This is a wake-up call:’ swift action needed on rising seas, experts say
TFSA celebrates its 10th anniversary
Liberals’ mortgage plan to have tiny effect on housing prices: CMHC
CMHC looks to raise extra money for housing outside of billions from government
Federal government pledges $1.3B for affordable housing in Toronto
NDP’s fiscal vows for 2019 election to reflect forthcoming ‘tax gap’ report
- Equifax fell short of privacy obligations to Canadians, says privacy commissioner
- Apartment where Ernest Hemingway lived to go up for sale in Toronto
- Pace of Canadian housing starts up in March on seasonally adjusted basis: CMHC
- Ontario realtors advise government to end so-called ‘bully’ offers
- ‘This is a wake-up call:’ swift action needed on rising seas, experts say
5 Mortgage Secrets1 year ago
5 SECRETS THE BANK DOESN’T WANT YOU TO KNOW ABOUT YOUR MORTGAGE
Buying a Home10 months ago
6 Reasons to get Pre-Approved for a Mortgage Early
Finance9 months ago
When is a Variable Rate Mortgage the Smart Choice?
5 Mortgage Secrets1 year ago
THE PENALTY COVER UP Mortgage Secret 3 of 5
Buying a Home12 months ago
3 Documents You Didn’t Know You Need for Your Mortgage Approval
Credit9 months ago
What Happens to My HELOC When I Sell My Home?
5 Mortgage Secrets1 year ago
THE POSTED RATE SCAM Mortgage Secret 2 of 5
Home Page12 months ago
Central bank raises key metric used to determine mortgage eligibility