Foreign hackers launched repeated cyberattacks to no avail against Lacombe County’s servers earlier this month.
The hackers, believed to be from Russia, used a variety of online weapons, including malware and brute force password attacks to try to get into the county’s systems only to be stopped by security measures.
The attacks came to light through reports provided to county staff by its SonicWall, the front line of defence for the county’s servers that fended off the attacks. A second line of defence involving anti-virus security software is also in place.
Michael Kartusch, the county’s information technology manager, said the IP address of the hacker was based in Russia but they could be from almost anywhere.
“The level of sophistication of cybercriminals these days is actually quite scary,” said Kartusch.
“It is something that from the county’s perspective we’ve got to make sure we’ve got multiple layers of protection to be sure that when the bad guys come knocking at our front door that door doesn’t open for them.”
It is common to detect online intruders lurking at the edges of security systems seeking vulnerable spots.
“It something that I think all organizations face. But certainly the level of sophistication and the amount of damage that the cyberattackers can do with randomware and those types of things cybersecurity has got to be at the forefront of any IT group,” he said.
Often cyberhackers use bots or other similar programs that are running continuously, automatically searching for ways into thousands of server systems.
In Lacombe County’s case, the hackers used what is known as a SQL injection attack, which aims to insert code into a system to expose information not meant to be seen. An unsuccessful denial of service attack was also launched, which is designed to make a network or computer inaccessible to its users.
A breach could prove to be a big problem. Besides personal or ratepayer credit card data being obtained, hackers could plant ransomware. The programs lock or encrypt data on a victim’s computer network until a ransom is paid.
In 2016, University of Calgary acknowledged it had to pay $20,000 in bitcoin after ransomware extortion. In 2019, three Ontario hospitals were infected with ransomware. The disruption meant email systems were taken offline, healthcare records became harder to access and patients faced longer wait times.
In January, a Quebec man was arrested after being accused of extorting more than $27 million from ransomware victims including the College of Nurses of Ontario, a Canadian Tire store in B.C., and the Northwest Territories Power Corporation.
Like other municipalities, City of Red Deer is well defended against cyberattacks and has not seen any recent attacks.
“We perform quite regular security scans and penetration testing and full security audits,” said Angela Kaczmar, who works in the information and technology services department.
Typically, those trying to get into a system scan is looking for weaknesses before attempting to get in. If all looks secure, they move often to the next potential victim, said Kaczmar, who is projects planning and control supervisor.
While it’s been quiet on the cybersecurity front for Red Deer lately, the city was the target of an unsuccessful ransomware attack about five years ago.
“Because of the design of our system, it wasn’t able to get very far in our systems and network. Any of the data that was encrypted wasn’t relevant and any little pieces that were we restored from backup,” she said.
“The effect on us was very minor compared with what some people go through,” she said, adding that the few holes the hackers discovered were plugged.