November 4, 2024 issue
On October 11, 2024, the Calgary Public Library experienced a significant cybersecurity breach that forced the closure of all its branches. The library's systems were compromised, leading to a shutdown of servers and computer access across all locations. The library states that their monitoring systems successfully detected the attack, and that the shutdown was a precautionary measure.
An investigation into the cyber event established that it was an attempted ransomware attack. While the investigation was ongoing, the library provided limited access to services. Visitors could browse collections and check out books manually, but digital services like book returns, printing, Wi-Fi, and automated room bookings were unavailable.
The cybersecurity team worked diligently to determine the scope of the breach and has communicated timely updates to the public about the status of library services and the ongoing investigation. This included a confirmation on October 29th that their investigation showed no sign that information had been breached. The library’s proactive measures demonstrate the importance of having robust cybersecurity protocols in place and continuous vigilance and preparedness in the face of evolving cyber threats.
While the Toronto Public Library suffered a similar attack late last year, ransomware incidents are not limited to public libraries. According to a report by Unit 42, the ransomware landscape saw a 49% increase in victims reported by ransomware leak sites in 2023. A contemporaneous report from Zscaler highlights that ransomware groups are shifting their targets, with previously “untouchable” organizations (e.g., hospitals, public services, and critical infrastructure) being beset more and more in recent times. As such, public sector entities—like the Calgary Public Library— and other targeted organizations recognize the importance of remaining vigilant and investing in advanced cybersecurity measures to protect their systems and data.
The Calgary Public Library's experience serves as a reminder of the critical importance of cybersecurity in today's digital age. By staying informed and implementing robust security protocols, organizations can mitigate the risks associated with ransomware attacks and ensure the safety of their data and services. CyberAlberta has a series of playbooks—including those on fortifying against ransomware, data breaches, and data loss—that can be used to assist organizations in proactively protecting their data and systems.
On October 11th, 2024, the South China Morning Post published an article titled: "Chinese scientists hack encryption in quantum computer experiment: paper." The headline implies the end of modern public key cryptography. Fortunately, this claim is false, though it did not prevent the spread of misinformation. In reality, researchers only factored a 50-bit number, which is far from the 2048-bit integers used in RSA encryption.
This is not the first, nor will it be the last, instance of such exaggerated claims. Readers should be skeptical of sensational headlines. It is unlikely that Chinese military officials would allow such information to be published if they had broken a modern encryption scheme. Moreover, current quantum computers cannot break public key cryptography systems or AES encryption, contrary to some articles.
Misleading articles undermine trust in the quantum field and add to the confusion about the actual timeline of when the quantum threat will become a reality. This can lead organizations to view the quantum threat and truthful reports with skepticism, akin to the "boy who cried wolf" scenario. This is concerning because experts and reputable bodies such as NIST agree that the quantum threat is real.
The threat will manifest at the intersection of two inversely accelerating rates: the number of qubits required to break modern encryption, which decreases over time, and the number of qubits in the largest quantum computer, which increases over time.
However, no one knows when this intersection will occur. According to The Global Risk Institute, the urgency for an organization to act depends on three factors:
Despite the uncertainty, organizations should still strive for cryptographic agility. Staying informed, proactive, and skeptical of grandiose claims is critical to navigating this evolving threat landscape.
Recent cyberattacks targeting water facilities in the US demonstrate the growing threat of cyber threat actors attempting to tamper with critical infrastructure, highlighting the need for robust cybersecurity across the industry. In October 2024, a New Jersey water provider serving over 14 million people—including 18 military sites—experienced a cyberattack that disrupted billing systems. A month earlier, a water plant in Kansas, detected potentially malicious activity, prompting a precautionary switch to manual operations. Although water services were unaffected, these incidents raised public concerns about water supply's security.
The water industry faces ongoing threats from both nation-state threat actors and financially motivated cybercriminals, sometimes with severe consequences. In December 2023, the pro-Iranian group Cyber Av3ngers attacked a private water company in Ireland, leaving 160 homes without water for two days. They exploited a vulnerability in a Unitronics programmable logic controller (PLC) used at the facility. The group claimed the attack was due to the use of Israeli-made equipment, showing how some cyberattacks on water facilities are influenced by geopolitical motives.
Notably, a 2021 incident at a Florida water facility led to dangerously high lye levels. Incident response had successfully remediated the issue, and further investigation has since indicated that the incident was caused by an accidental mistake made by a staff member. Regardless of how initial access is achieved, such incidents illustrate the serious and often opportunistic threats critical infrastructure organizations face and the pressing need for cybersecurity best practices.
Given these incidents, critical infrastructure sectors, including water facilities, must adhere to basic cybersecurity standards to protect their digital systems from a wide range of cyberattacks. Failing to do so can result in the tampering of critical services or managing public fallout regarding safety concerns. Critical infrastructure organizations can help secure their services by:
Staying informed, proactive, and vigilant is crucial for navigating the evolving threat landscape and ensuring the security of critical infrastructure.