Bank breaches highlight rise of cyber threats as new exploitation strategies emerge

Apparent attempts to extort two major Canadian banks highlight the increasing threat and variety of cyberattacks against major companies.

Attacks against BMO and CIBC-owned Simplii — that compromised the information of up to a combined 90,000 Canadians — made public Monday, appear to be the latest in a number of high-profile ransom attacks. The attacks have the banks in damage control mode, prompting them to assuage client concern about the safety of Canadian accounts.

CBC reported that it received a letter from someone who said they demanded a $1-million ransom from the targeted banks.

The banks would not confirm the CBC report Tuesday. BMO said only that a “threat” was made, but it has a policy of not making payments to fraudsters, while Simplii was similarly cryptic, saying only that fraudsters may have electronically accessed some data, but that its practice is not to pay ransom demands.

Both banks said they both took additional security measures after learning of the potential breach and would be directly contacting customers whose accounts may have been compromised. Royal Bank, Scotiabank and Toronto-Dominion Bank have said they have no indication they have been affected.

The apparent extortion attempt against BMO and CIBC’s direct-banking brand Simplii comes after a string of other high-profile pay-for-data attempts.

Recent examples include a failed attempt at Uber to pay off hackers — only for the company to later reveal that some 815,000 Canadians had their information compromised as part of a global attack, and the infamous cyberattack on cheating website Ashley Madison, which did not comply with hackers’ demands to close the website, resulting in the exposure of personal information of millions of users.

Smaller organizations are also falling victim to hacking payment scams, including the University of Calgary, which paid $20,000 to have its computer systems unlocked after a ransomware attack in 2016.

The risks are clearly on the rise, said cybersecurity expert Satyamoorthy Kabilan at the Conference Board of Canada.

“In terms of cyber incidents overall, whether it’s breaches, whether it’s these sorts of attacks, whether it’s standard ransomware, that’s skyrocketing.”

However, the incident involving BMO and Simplii varies from more standard efforts to either use the data itself to profit or to try and sell it to third parties — which makes it harder for companies to set up defensive plans, said Kabilan.

“Understanding tactics actually gives us an advantage in terms of defending ourselves, but if those are constantly varying, it starts putting up a few more challenges.”

Companies, especially banks, need to keep improving security efforts but also plan for resiliency and being able to respond in the event of an attack, he said.

“Companies have to wake up to the fact that there is no such thing as 100 per cent security in the cyber world. It’s a question of when and how bad.”

BMO and Simplii did the right thing in being quick to assure customers that their money is safe and that they’re working diligently to improve security, said Barry Waite, chair of the communications department at Centennial College.

Both banks said they’d directly reach out to affected customers and are co-ordinating with officials to respond to the incident and protect clients.

Demonstrating the safety of banking services will become increasingly important as they roll out more digital products, said Waite.

“This is important for the whole banking industry, demonstrating that as they increase technology, they’re introducing new apps, that they have the best security in place.”

The whole banking sector is looking to improve digital security in light of such threats, Scotiabank CFO Sean McGuckin said on a media conference call discussing its quarterly results.

“There’s a very open dialogue amongst financial institutions around cyber threats. So we are all quite open and learning and sharing from each other.”

Just Posted

Cannabis facility proposed for Clearwater County

Cannabis production facility proposed south of Caroline would produce 30,000 kg of cannabis a year

Two Central Alberta country singers are finalists in career-launching contest

They will attend music industry ‘boot camp’ this summer

Transit changes to aid Burman University students

An additional evening trip and student bus passes to be in place by fall

WATCH: Province, Maskwacis Cree Nations sign educational agreement

Funding and support will help the First Nations develop a Cree-based curriculum

WATCH: Red Deer celebrates World Refugee Day

The Central Alberta Refugee Effort hosted multiple events around Red Deer Wednesday

New Jersey Devils forward Taylor Hall wins Hart Trophy as NHL MVP

LAS VEGAS — Taylor Hall has won the Hart Trophy as the… Continue reading

Red Deer high school student psyched for SHAD

Lindsay Thurber’s Kaden Nivens will head to Newfoundland for the annual program in July

Red Deer College team tackles lack of Indigneous inclusion in research projects

A local college research team has completed a lengthy project examining the… Continue reading

Officials make case against parents accused of child abuse

RIVERSIDE, Calif. — Prosecutors made their case Wednesday against a Southern California… Continue reading

Manitoba educational assistant sentenced to 3 1/5 years for sex with student

WINNIPEG — A former educational assistant in Winnipeg has been sentenced to… Continue reading

Conservatives can ‘win anywhere,’ Scheer says in welcoming Richard Martel

OTTAWA — Conservative Leader Andrew Scheer welcomed the newest member of his… Continue reading

Fans grieve as detectives search for XXXTentacion’s killers

DEERFIELD BEACH, Fla. — For hours, the fans came in a steady… Continue reading

Canadian steel not a national security threat on its own: US commerce secretary

OTTAWA — The U.S. commerce secretary says Canada is not a national… Continue reading

Most Read


Five-day delivery plus unlimited digital access for $185 for 260 issues (must live in delivery area to qualify) Unlimited Digital Access 99 cents for the first four weeks and then only $15 per month Five-day delivery plus unlimited digital access for $15 a month