Bank breaches highlight rise of cyber threats as new exploitation strategies emerge

Apparent attempts to extort two major Canadian banks highlight the increasing threat and variety of cyberattacks against major companies.

Attacks against BMO and CIBC-owned Simplii — that compromised the information of up to a combined 90,000 Canadians — made public Monday, appear to be the latest in a number of high-profile ransom attacks. The attacks have the banks in damage control mode, prompting them to assuage client concern about the safety of Canadian accounts.

CBC reported that it received a letter from someone who said they demanded a $1-million ransom from the targeted banks.

The banks would not confirm the CBC report Tuesday. BMO said only that a “threat” was made, but it has a policy of not making payments to fraudsters, while Simplii was similarly cryptic, saying only that fraudsters may have electronically accessed some data, but that its practice is not to pay ransom demands.

Both banks said they both took additional security measures after learning of the potential breach and would be directly contacting customers whose accounts may have been compromised. Royal Bank, Scotiabank and Toronto-Dominion Bank have said they have no indication they have been affected.

The apparent extortion attempt against BMO and CIBC’s direct-banking brand Simplii comes after a string of other high-profile pay-for-data attempts.

Recent examples include a failed attempt at Uber to pay off hackers — only for the company to later reveal that some 815,000 Canadians had their information compromised as part of a global attack, and the infamous cyberattack on cheating website Ashley Madison, which did not comply with hackers’ demands to close the website, resulting in the exposure of personal information of millions of users.

Smaller organizations are also falling victim to hacking payment scams, including the University of Calgary, which paid $20,000 to have its computer systems unlocked after a ransomware attack in 2016.

The risks are clearly on the rise, said cybersecurity expert Satyamoorthy Kabilan at the Conference Board of Canada.

“In terms of cyber incidents overall, whether it’s breaches, whether it’s these sorts of attacks, whether it’s standard ransomware, that’s skyrocketing.”

However, the incident involving BMO and Simplii varies from more standard efforts to either use the data itself to profit or to try and sell it to third parties — which makes it harder for companies to set up defensive plans, said Kabilan.

“Understanding tactics actually gives us an advantage in terms of defending ourselves, but if those are constantly varying, it starts putting up a few more challenges.”

Companies, especially banks, need to keep improving security efforts but also plan for resiliency and being able to respond in the event of an attack, he said.

“Companies have to wake up to the fact that there is no such thing as 100 per cent security in the cyber world. It’s a question of when and how bad.”

BMO and Simplii did the right thing in being quick to assure customers that their money is safe and that they’re working diligently to improve security, said Barry Waite, chair of the communications department at Centennial College.

Both banks said they’d directly reach out to affected customers and are co-ordinating with officials to respond to the incident and protect clients.

Demonstrating the safety of banking services will become increasingly important as they roll out more digital products, said Waite.

“This is important for the whole banking industry, demonstrating that as they increase technology, they’re introducing new apps, that they have the best security in place.”

The whole banking sector is looking to improve digital security in light of such threats, Scotiabank CFO Sean McGuckin said on a media conference call discussing its quarterly results.

“There’s a very open dialogue amongst financial institutions around cyber threats. So we are all quite open and learning and sharing from each other.”

Just Posted

PHOTOS: Buccaneers battle Wolfpack in AFL semifinal

The Central Alberta Buccaneers battled the Calgary Wolfpack in the Alberta Football… Continue reading

Raising awareness for Bikers Against Child Abuse

Second annual Raise A Ruckus Against Child Abuse was held at the Red Deer Radisson Hotel Saturday

Central Alberta Yogathon cancelled Saturday

Due to air quality concerns the fourth annual event will take place Sept. 15

City Hall Park construction begins next week

Construction to update Red Deer’s City Hall Park is set to begin… Continue reading

PHOTOS: Jazz at the Lake begins

The 16 annual event began Friday and runs until Sunday in Sylvan Lake

WATCH: Medicine River Wildlife Centre opens new playground

The grand opening of the playground was Saturday morning

Thousands to attend funeral service for officers killed in Fredericton shooting

FREDERICTON — Hundreds of people have lined the route of a funeral… Continue reading

Calgary police officer seriously injured

CALGARY — The Calgary Police Service says one of its officers was… Continue reading

Canadians react to death of former UN secretary-general Kofi Annan at age 80

MONTREAL — Canadian politicians are adding their voices to the international reaction… Continue reading

‘Four of a dozen kids will not make it:’ Tina Fontaine’s family healing together

WINNIPEG — Melissa Stevenson was just starting her career 18 years ago… Continue reading

No winning ticket for Friday night’s $16 million Lotto Max jackpot

TORONTO — No winning ticket was sold for the $16 million jackpot… Continue reading

Hundreds of neo-Nazis march in Berlin, protected by police

BERLIN — Hundreds of neo-Nazis waving flags with the colours of the… Continue reading

Romanian trucker is Genoa bridge’s 43rd victim

GENOA, Italy — The Latest on the Italy bridge collapse (all times… Continue reading

1 dead, 6 injured after building collapse in Nigeria capital

ABUJA, Nigeria — An emergency response chief says one person is dead… Continue reading

Most Read


Five-day delivery plus unlimited digital access for $185 for 260 issues (must live in delivery area to qualify) Unlimited Digital Access 99 cents for the first four weeks and then only $15 per month Five-day delivery plus unlimited digital access for $15 a month