Emerging Cybersecurity Threats to Canadian Municipalities: What Every Citizen Needs to Know

Municipalities must implement new cybersecurity solutions to strengthen Canada’s cybersecurity amidst increasing digitization. These solutions are necessary to establish digital trust, safeguard future growth, and ensure cyber resilience.

As citizens of Canadian towns and cities, we tend to trust that our local governments have everything under control regarding cyber threats. But the truth is recent incidents of data breaches, and infrastructure attacks indicate the opposite. Cybercriminals are increasingly targeting local authorities, and even small towns should be vigilant against the threat of malware, ransomware, and other malicious software that may compromise national security.

Municipalities nationwide are rapidly transitioning towards digital transformation, an effort to become “smart cities.” Integrating new services and infrastructure modernization in municipalities increases the risk of cyber threats. With the extensive use of ICT ( the Internet of Things (IoT), cloud, fog, edge computing, and cyber-physical systems (CPS), data is being generated and gathered at an ever-increasing rate and speed.

Municipalities must heed the warning; now is the time to invest. Despite financial fears and drained budgets, digital threats won’t wait and remain a growing danger. Protecting citizens’ assets through proven cybersecurity solutions is no longer a luxury or secondary thought but an investment imperative. Without secure, reliable infrastructure driving digital citizen data, environments become vulnerable to inexperienced attackers and cybercriminals.

Why Municipalities Are Such Attractive Targets for Cyber Criminals

As municipalities continue to digitalize and integrate more services, they become increasingly vulnerable to cyberattacks.

• Municipalities are attractive targets for hackers because they contain a wealth of open and confidential datasets that can be accessed and processed. They can sell this data on the dark web or use it to extort money from the municipality to unlock hijacked information.
• The outdated infrastructure is more vulnerable to unauthorized access. When old and vulnerable systems are used with new technology, the risk of attack increases.
• Many municipalities need more staff or resources to keep up with the latest cybersecurity protocols and procedures.
• Smart city data is stored on city servers and cloud infrastructure that may be susceptible to Distributed Denial of Services (DDoS) attacks. Such attacks could make these services stop functioning properly.
• The attack surface is large and complex, making it challenging to determine what is exposed due to its technological systems’ interdependence and intricate nature.

Municipalities may also be targeted because of the significant damage a successful attack can cause, such as system outages, unauthorized data use, and leakage of confidential email messages and photos. This exposes them to a wide range of cyber threats such as ransomware, malware, phishing attacks, DDoS (distributed denial of services) attacks and more.

What types of cybersecurity threats, and who are the threat actors targeting Canadian communities?

Local governments frequently do not enforce security measures when connecting to a computer network or the Internet. This leads to municipal systems with insufficient security protocols that hackers can easily manipulate to gain control of systems, disrupt public services, and steal sensitive information.

Malicious and nonmalicious threat actors target Canadian municipalities. Non-malicious threat actors are hackers seeking to gain access to public infrastructure and services, while malicious threat actors often seek financial rewards.

1. Ransomware

NCTA for 2023-24 has identified five cyber threat narratives considered the most influential. These could cause significant cyber threat activity in 2024, with Ransomware being the most critical threat.

Currently, municipalities are vulnerable to large-scale attacks from malicious cyber actors due to the availability of ransomware-as-a-service campaigns. A ransomware attack can cause serious disruption to municipal services, resulting in long-term outages and financial losses.

2. Unpatched devices

Unpatched devices, such as those running outdated versions of Windows and insecure web servers, provide easy access points for attackers to exploit.

The Canadian Centre for Cyber Security has discovered that vulnerable devices are increasingly being used to launch attacks on municipalities, resulting in thefts of sensitive information and financial losses.

3. Malware

Municipalities may fall victim to hackers who install malware to compromise their networks and infrastructure. Cyber attackers can remain active on compromised systems for months without the victims’ detection. Cybercriminals use various types of malware, such as spyware, worms, watering holes, key loggers, and trojan horses, to infect systems and acquire confidential information.

4. DDOS (Distributed Denial of Service)

Some hackers use bots and malware to prevent people from accessing important city services. This type of attack is designed to overwhelm servers with requests, making the system unusable. The damage is twofold: not only does the attacker prevent legitimate users from accessing the service, but it also causes significant financial losses for the municipality.

5. Business Email Compromise

In 2019, Business Email Compromise was the most reported cybercrime by the Canadian Anti-Fraud Centre. BEC scams involve hackers sending spoof emails impersonating a legitimate business or employee to gain access to funds or sensitive information. Canadian municipalities are particularly vulnerable to these types of attacks due to their reliance on email-based services and their complex web of interdepartmental communications.

6. Cyber espionage

Foreign governments often conduct cyber espionage to obtain confidential information from government entities like municipalities by targeting critical infrastructure. This poses a growing threat.

Recent Cyber attacks on Canadian municipalities

Municipalities have reportedly spent $379 million due to cyberattacks since 2020, which taxpayers have funded.

In 2020, there were several notable cyber attacks on Canadian municipalities. Here are a few examples:

1. City of Saint John: In November 2020, the City of Saint John, located in New Brunswick, experienced a significant cyber attack that disrupted its online services. The attack resulted in the city shutting down its online systems to prevent further damage and protect sensitive data.
2. City of Stratford: In April 2020, the City of Stratford, located in Ontario, fell victim to a ransomware attack. The attack impacted the city’s computer systems and forced them to temporarily shut down their email, phone, and online payment systems. The city worked to restore its services and investigate the incident.
3. Town of Midland: In September 2020, the Town of Midland, located in Ontario, suffered a cyber attack that targeted its computer systems. The attack disrupted the town’s operations, including email services and online payment systems. The town took immediate measures to contain the incident and restore its services.
4. In 2021, Whistler, B.C., was attacked in April 2021. No ransom was paid, but upwards of 800 GB of data was stolen, which resulted in the need for a complete system rebuild.
5. In June 2021, a ransomware attack occurred in Banff, Alberta, which resulted in the town shutting down its computer systems, temporarily suspending online services, and delaying vendor payments. Such attacks can significantly harm not only municipalities but also their residents.

Act now

Canadian municipalities must work together with Managed Service providers at local and national levels to protect their digital networks from cyber espionage. By deploying advanced cyber security solutions and strategies such as SIEM, Vulnerability and Attack Surface Management, Endpoint Detection and Response (EDR), Network Detection and Response (NDR), Extended Detection and Response (XDR), Zero Trust, Security Orchestration Automation Response (SOAR), Artificial Intelligence (AI) and Machine Learning (ML) – the number of successful cyber-attacks against municipal networks could be drastically reduced. Further public-private partnerships like those established by the USA should also be explored, as this could result in more holistic solutions without replicating existing infrastructure. It’s evident that investments need to be made for us to create a future where our networks are safe from unwarranted intrusions – now is the time for action!