SecurityBrief Canada - Technology news for CISOs & cybersecurity decision-makers
Canada

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Shadowy figure using laptop dark room digital spiderwebs connecting computers representing cybercrime accessibility
#
Malware
#
Ransomware
#
Advanced Persistent Threat Protection

Canada's modern tech threat: Cybercrime you can subscribe to

Wed, 10th Dec 2025
Author image
By Jake MacAndrew, Interview Editor

In 2017, a North American casino experienced a data breach. According to Darktrace CEO Nicole Eagan, the hackers gained access by compromising an internet-connected thermostat in the lobby's fish tank.

It can take only one minor security breach to bring an organisation down in a cyber attack; that was the consensus among experts who work to mitigate attacks and those who have experienced them firsthand. Not only does it seem that one slip-up can bring down a network, but today's commercialisation of crime online has made it easy.

With the rise of Cybercrime-as-a-service (CaaS) in Canada, the barrier to entry for cyberattacks has never been lower.

Michel Hebert, Practise Lead, Industry Research at Info-Tech Research Group, keeps a close eye on the evolution of cybercrime in Canada. He stresses that even with advanced cybersecurity programs in place, one small mistake can bring an organisation down, no matter the industry.

A for-profit casino may be considered a likely target for criminals, but so can a grade school in today's cybercrime landscape. In December 2024, the Toronto District School Board was targeted in a ransomware attack linked to its third-party student information system. 

"There's a perception that certain industries are softer targets. In Canada, healthcare, municipal governments, education...have all been hit by ransomware attacks at a higher rate. In some cases, it's because maybe their security program wasn't as mature as it should have," he says. "When I speak to members I emphasise this: the bad guys need to be right once...you have to be right 100 per cent of the time."

In the United States, the Nevada state government experienced a data breach earlier this year. According to an after-action report by Info-Tech, the breach occurred after a State employee downloaded a malware-laced system administration tool from a fraudulent website impersonating the official page.

When Bell Canada launched its cybersecurity operations product offering, the division's CEO, John Menezes, said at the time, "Cyber threats are more sophisticated, and the urgency to address them is greater, spanning every sector and level of society. Artificial intelligence has accelerated this shift beyond anything we have experienced before."

In an interview with TechDay Canada this month, Menezes said that Bell Cyber has seen around 80,000 attacks so far this year, compared to 40,000 to 50,000 last year. He believes this is linked to AI supercharging attacks.

While AI's impact is exponentially increasing the complexity of cyber defence and, consequently, cyber attacks, Hebert adds that there is an asymmetry in the push-and-pull nature of this battle. 

"The tools that the malicious agents use in offence are much more powerful than the tools we use in defence," he says. "If I give you a tool that identifies vulnerabilities only 20 per cent of the time...you're only going to catch 20 per cent of the vulnerabilities. You're not going to actually use it in defence. But as an attacker, that tools are invaluable. They can find 20 per cent of the vulnerabilities in the system."

This growing trend is also causing significant losses. According to the RCMP's Cyber/Fraud Related Losses Trend, Canadian's lost CAD $638 million to cybercrime and fraud in 2024.

After selling a real estate portfolio four years ago, Andria Delia invested in various cryptocurrencies as an alternative investment. She took necessary security precautions, such as buying a new iPad with a fresh Apple ID to store the crypto. But it was hacked within hours, and thousands of dollars were mysteriously transferred out of her account. She says the threat actors gained access through an eSIM swap by employees within the telecom store.

Delia became a cyber threat intelligence expert through personal experience. In the years that followed, she earned certifications in cyber threat intelligence from the SANS Technology Institute. Delia now works in cyber threat mitigation when organisations experience a ransomware attack.

"Modern Canadian ransomware attackers look less like lone hackers and more like a franchisee," says Delia. "We always tend to dismiss or forget about the Initial Access Brokers that are essential to the thriving of Ransomware-as-a-Service and Cybercrime-as-a-Service. This is the entryway to come into organisations."

It all starts with the Initial Access Broker, a specialised cybercriminal who will sell stolen logins to privileged accounts, VPN credential leaks, or any other method threat actors use to gain access to a network. Whether the access point is discovered by a hacker or sold by someone on the inside, once a deal is brokered through online sales channels, an attack can be initiated.

"It's great to have all these endpoint detections, but it's a false sense of security. It takes that one rogue employee, that unusual suspect - the quiet guy in marketing, the cousin of so-and-so, your trust circle," she says. "AI and behaviour analytics within your endpoint detections are extremely helpful, but if somebody wants to sell your password or give access to somebody, then there's not much an EDR can do." 

Many operations are hidden in plain sight as they communicate and organise on social media platforms.

The RCMP took down Canadian operations of phishing-as-a-service provider Lab Host during Project NOVA earlier this year. With a monthly subscription of $179 or $249 for the premium package, a cybercriminal could create highly realistic login pages for financial institutions. Chris Lynam, Director General of the National Cybercrime Coordination Centre and the Canadian Anti-Fraud Centre, RCMP, told industry experts in September that users could access this program through publicly available networks like Telegram. The Canadian channel had around 4,800 users.

"If you were to ask me what I'm most worried about in terms of cybercrime, I would go back to ransomware as the first concern. Why would I go back to ransomware? That's where the money is. That's what's having a big economic impact," says Hebert. "When I describe the ransomware syndicates, it makes it seem like it's very top down, but it's actually a loose collection of groups."
 

He adds that there's an ecosystem at play. One affiliate may penetrate an organisation, while another might launch software attacks, negotiate terms, or prepare Bitcoin financing, all made easier to organise through digital messaging channels and Cybercrime-as-a-Service platforms.

"We need to understand the risk so that we can mitigate it, and the only way that we can do that is if we're honest about the risk that we face."

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Ping Identity names Adnan Chaudhry Chief Revenue Officer
CrowdStrike to buy Seraphic to secure browser sessions
Microsoft patches zero-day, kills legacy Windows drivers
Commvault Cloud Unified Data Vault secures S3 data
Acronis boosts MSP security with new threat research

Top stories

Black Hat to debut cyber war room documentary in Vegas
2026: Resilience, the new foundation of cybersecurity
AI’s 2026 security fallout: identity chaos & deepfake fear
ADLINK gains IEC 62443-4-1 nod for secure edge R&D
Agentic AI double agents expose dangerous security gaps