December 4, 2024 issue
In late October, The Daily published a report from Statistics Canada outlining the impact of cybercrime on approximately 9,000 Canadian businesses. The report revealed that in 2023, approximately 16% of Canadian businesses were affected by cybersecurity incidents, a decrease from 21% in 2019 and 18% in 2021.
Identity theft incidents surged by 11% from 2021, impacting 31% of businesses affected by cybersecurity incidents in 2023. Fraud and scams also saw an increase, affecting 50% of impacted businesses, which represents a 6% rise from 2021. These types of incidents continue to be the most common attack vectors.
Ransomware attacks were reported by 13% of impacted businesses, an increase of 2% from 2021. Notably, 88% of victims chose not to make a payment. Among those who did pay, roughly 116 businesses paid less than $10,000, while approximately five organizations paid more than $500,000. The increase in ransomware is being felt in Alberta too. Thus far in 2024, CyberAlberta’s Threat Intelligence team has been made aware of 38 ransomed Albertan organizations, increasing from 15 in 2023.
Spending on cybersecurity has seen significant changes over the past two years. Total spending on recovery from cybersecurity incidents doubled from about $600 million in 2021 to $1.2 billion in 2023. Spending on prevention and detection of cybersecurity incidents rose from $9.7 billion in 2021 to $11.0 billion in 2023. In 2023, businesses spent a substantial $3.8 billion on salaries for employees associated with cybersecurity detection or prevention. However, only 50% of businesses reported having cybersecurity employees in 2023, a decrease from 61% in 2021. The primary reason cited for not having employees was the preference for hiring consultants or contractors.
Additionally, 22% of businesses provided formal training to develop or upgrade the cybersecurity skills of their non-IT employees in 2023.
Regarding reporting to police services, about 13% of Canadian businesses impacted by cybersecurity incidents reported incidents to police services in 2023, up from 10% in 2021. Of the reported incidents, 56% related to financial theft or demanding ransom, while 33% were related to the extortion of personal or financial information. In Alberta alone in 2023 there were 12,124 cybercrimes reported to local or federal police services, an increase of 24% over 2022.
On October 30th, 2024, the Canadian Centre for Cybersecurity (CCCS) published the National Cyber Threat Assessment (NCTA) for 2025-2026. This report details the Canadian cyber threat landscape, which by extension includes provinces and territories, such as Alberta. Therefore, organizations in Alberta can use the NCTA to understand and prepare for relevant cyber threats. Below, we have extrapolated some of the key details and extended them to Alberta:
Ransomware is the most impactful threat facing Canada and the primary threat to Canada's critical infrastructure. It is very likely that this threat will increase over the next two years, as the cybercriminal ecosystem becomes increasingly resilient. CyberAlberta has observed and tracked several ransomware groups active in Alberta, and our findings are in-line with those of the NCTA: ransomware is the most impactful threat facing Alberta.
The People’s Republic of China (PRC) is the most sophisticated cyber threat to Canada. Provinces and territories are likely valuable targets due to their decision-making power in areas of interest to the Chinese Communist Party (CCP), such as resource extraction. Additionally, research and development sectors, as well as academia, are likely targets, with Chinese Advanced Persistent Threats (APTs) known to steal intellectual property to gain a competitive edge. Alberta is a world leader in energy, the University of Alberta amongst others are considered leaders in artificial intelligence, and Calgary is becoming a hub for quantum computing. Factors such as these make Alberta a likely target.
Canada's support for Ukraine and NATO membership makes it a likely target for Russian state-sponsored cyber threat actors. The Government of Alberta's recent Memorandum of Understanding (MoU) to support the rebuilding of Ukraine's energy sector further increases the probability of Alberta being targeted. This targeting is likely to come in the form of espionage and influence operations, seeking to manipulate foreign policy and sow discourse.
It is highly advised that organizations review the referenced material through the focal point of their organization and assets. While reviewing the material, consider who might target you, why they might target you, and if your organization is prepared to thwart any such attacks. Use this analysis to inform security decisions and risk assessments.
A recent investigation by CBC’s The Fifth Estate/Radio-Canada highlighted a major incident affecting the Canadian Revenue Agency (CRA). The incident involved a malicious actor gaining unauthorized access to personal accounts and submitting fraudulent claims. According to the investigation, the CRA suggested the threat actor gained access using credentials compromised during a breach affecting H&R Block, a prominent tax service partner of the CRA. The threat actor then exploited their access to change direct deposit information and submit false tax returns, resulting in over six million dollars in fraudulent claims. This latest incident is part of a significant rise in breaches involving Canadian tax accounts.
H&R Block and the CRA have both stated that there is no evidence their systems were directly compromised in connection with the malicious scheme. As of now, the source of the data breach enabling these fraudulent claims remains unconfirmed. However, in April 2024, the CRA identified Dark Web postings attempting to solicit or sell confidential H&R Block data. According to The Fifth Estate/Radio-Canada, this data was likely used by the threat actor to access hundreds of Canadians’ CRA accounts and file fraudulent claims. In one instance, the attacker successfully submitted a fraudulent tax return using a valid postal code but a fabricated street name: "Tomato Street."
This incident underscores a rise in breaches affecting the CRA, raising concerns about the agency and its partnering tax service providers' ability to protect sensitive data. In June 2024, the Privacy Commissioner reported that the CRA experienced 71 breaches during the financial year ending in March 2024—compared to just 42 breaches over the previous three years combined. However, The Fifth Estate/Radio-Canada’s investigation revealed that the CRA faced 31,468 “material” privacy breaches between March 2020 and December 2023. This discrepancy suggests a significant underreporting of breaches to both Parliament and the public.
The CRA has announced that details of this breach will be included in its 2025 annual report to Parliament. The agency has reaffirmed its commitment to safeguarding Canadians’ sensitive data in accordance with the Privacy Act. Additionally, it has assured affected taxpayers that credit protection services will be offered as part of its response to data breaches.