Bank breaches highlight rise of cyber threats as new exploitation strategies emerge

Apparent attempts to extort two major Canadian banks highlight the increasing threat and variety of cyberattacks against major companies.

Attacks against BMO and CIBC-owned Simplii — that compromised the information of up to a combined 90,000 Canadians — made public Monday, appear to be the latest in a number of high-profile ransom attacks. The attacks have the banks in damage control mode, prompting them to assuage client concern about the safety of Canadian accounts.

CBC reported that it received a letter from someone who said they demanded a $1-million ransom from the targeted banks.

The banks would not confirm the CBC report Tuesday. BMO said only that a “threat” was made, but it has a policy of not making payments to fraudsters, while Simplii was similarly cryptic, saying only that fraudsters may have electronically accessed some data, but that its practice is not to pay ransom demands.

Both banks said they both took additional security measures after learning of the potential breach and would be directly contacting customers whose accounts may have been compromised. Royal Bank, Scotiabank and Toronto-Dominion Bank have said they have no indication they have been affected.

The apparent extortion attempt against BMO and CIBC’s direct-banking brand Simplii comes after a string of other high-profile pay-for-data attempts.

Recent examples include a failed attempt at Uber to pay off hackers — only for the company to later reveal that some 815,000 Canadians had their information compromised as part of a global attack, and the infamous cyberattack on cheating website Ashley Madison, which did not comply with hackers’ demands to close the website, resulting in the exposure of personal information of millions of users.

Smaller organizations are also falling victim to hacking payment scams, including the University of Calgary, which paid $20,000 to have its computer systems unlocked after a ransomware attack in 2016.

The risks are clearly on the rise, said cybersecurity expert Satyamoorthy Kabilan at the Conference Board of Canada.

“In terms of cyber incidents overall, whether it’s breaches, whether it’s these sorts of attacks, whether it’s standard ransomware, that’s skyrocketing.”

However, the incident involving BMO and Simplii varies from more standard efforts to either use the data itself to profit or to try and sell it to third parties — which makes it harder for companies to set up defensive plans, said Kabilan.

“Understanding tactics actually gives us an advantage in terms of defending ourselves, but if those are constantly varying, it starts putting up a few more challenges.”

Companies, especially banks, need to keep improving security efforts but also plan for resiliency and being able to respond in the event of an attack, he said.

“Companies have to wake up to the fact that there is no such thing as 100 per cent security in the cyber world. It’s a question of when and how bad.”

BMO and Simplii did the right thing in being quick to assure customers that their money is safe and that they’re working diligently to improve security, said Barry Waite, chair of the communications department at Centennial College.

Both banks said they’d directly reach out to affected customers and are co-ordinating with officials to respond to the incident and protect clients.

Demonstrating the safety of banking services will become increasingly important as they roll out more digital products, said Waite.

“This is important for the whole banking industry, demonstrating that as they increase technology, they’re introducing new apps, that they have the best security in place.”

The whole banking sector is looking to improve digital security in light of such threats, Scotiabank CFO Sean McGuckin said on a media conference call discussing its quarterly results.

“There’s a very open dialogue amongst financial institutions around cyber threats. So we are all quite open and learning and sharing from each other.”

Just Posted

PHOTO: Renewable Energy Fair at Red Deer College

The Renewable Energy Fair and Workshops event was held at Red Deer… Continue reading

PHOTOS: Red Deer College Queens host third annual Pink in the Rink game

The RDC Queens picked up an extra special victory on home ice… Continue reading

PHOTOS: The Mustard Seed CEO speaks at Seeds of Hope Gala in Red Deer

The first-ever Seeds of Hope Gala was held at the Red Deer… Continue reading

Person airlifted to hospital after collision near Innisfail

One person was airlifted to hospital after a serious collision west of… Continue reading

WATCH: Make-A-Wish grants Star Wars loving teen’s wish

The Make-A-Wish Foundation granted Anakin Suerink’s wish in Red Deer Saturday afternoon

Migrant caravan swells to 5,000, resumes advance toward US

CIUDAD HIDALGO, Mexico — Despite Mexican efforts to stop them at the… Continue reading

“I don’t feel real”: Mental stress mounting after Michael

PANAMA CITY, Fla. — Amy Cross has a hard time explaining the… Continue reading

Toronto residents set to vote Monday on the next four years of civic leaders

Toronto’s municipal election campaign, marked by unprecedented provincial interference, ends Monday when… Continue reading

Former PQ minister Lise Payette remembered as role model for female politicians

MONTREAL — Members from across Quebec’s political spectrum gathered at a downtown… Continue reading

Voters head to polls for BC municipal elections today, some complain of long lines

VANCOUVER — Voters in British Columbia are heading to the polls today… Continue reading

Kennedy Stewart named mayor of Vancouver; one of several B.C. turnovers

VANCOUVER — Former New Democrat MP Kennedy Stewart has won a neck-and-neck… Continue reading

‘In our bloodline:’ Land-based learning links curriculum with Indigenous culture

REGINA — A school day for six-year-old Hunter Sasakamoose can start with… Continue reading

‘Stupid’ law preventing Canada’s re-engagement with Iran: retired envoy

OTTAWA — The real reason the Liberal government hasn’t been able to… Continue reading

Most Read