Canada Ransomware attack on construction company raises questions about federal contracts

13:00  26 january  2020
13:00  26 january  2020 Source:   cbc.ca

Feds to avoid selling Trans Mountain pipeline so long as risks remain

  Feds to avoid selling Trans Mountain pipeline so long as risks remain The federal government is studying the best options for Indigenous communities to reap economic benefits from the Trans Mountain pipeline but Ottawa is not planning to sell the project while legal and political risks remain. The Supreme Court of Canada eliminated one of those risks Thursday when it denied British Columbia the right to regulate the contents of the pipeline. At least two other significant legal challenges continue to hang over the project, making its future far from certain.READ MORE: Supreme Court rejects B.C.

A construction company that's won millions of dollars worth of contracts with the military and other federal departments has been hit by a ransomware attack — raising questions about how the federal government does businesses with outside firms open to cyber attacks .

For federal construction contractors , payment and performance bond obligations in construction contracts with the federal government that When should contractors raise such questions ? This past November, the Federal Circuit addressed those questions in K-Con, Inc . v. Secretary of the

Ransomware attacks on federal government contractors raise questions about the security of government data.© Kacper Pempel/Reuters Ransomware attacks on federal government contractors raise questions about the security of government data.

A construction company that's won millions of dollars worth of contracts with the military and other federal departments has been hit by a ransomware attack — raising questions about how the federal government does businesses with outside firms open to cyber attacks.

Ransomware attacks involve malicious software used to cripple a target's computer system to solicit a cash payment. Last month, a group known as Maze — infamous for publicly shaming victims until they pay up — claimed to have run a successful strike against the Toronto-based company Bird Construction, stealing 60 GBs of data.

Construction firm failed to pay $60K fine for fall that injured worker

  Construction firm failed to pay $60K fine for fall that injured worker The construction firm that pleaded guilty in the death of a 24-year-old surveyor at a Little Italy worksite has failed to pay a fine for a second incident at the same location, Radio-Canada has learned.Bellai Brothers Construction Inc. was fined $60,000 last summer after a worker fell three metres at the Claridge Icon condo site in March 2018 and suffered a head injury, according to court documents obtained by Radio-Canada.

The federal government routinely awards contracts to companies with histories of misconduct, including … contract fraud and other violations. The following contractors top the list based on total contract awards. This table shows the associated instances of misconduct and total penalty amounts.

What ransomware attacks really cost. Atlanta, for example, spent at least .6 million just on Recovering from a February ransomware attack has been a slow and expensive process for Repairing CDOT’s network required help from information security consultants and federal agencies.

"Bird Construction responded to a cyber incident that resulted in the encryption of company files," wrote a company spokesperson in an email to CBC.

"Bird continued to function with no business impact, and we worked with leading cyber security experts to restore access to the affected files."

The company wouldn't say whether they paid their cyber-assailants — something police forces warn against.

A company spokesperson the firm they notified government officials at the time of the breach.

While it doesn't appear that any secure government files were compromised in the hack, the Bird case raises concerns about how secure government contracts are as the number of ransomware incidents multiplies.

Between 2006 and 2015, Bird scored 48 contracts with the the Department of National Defence totalling more than $406 million. Bird also helped build the RCMP's Surrey detachment headquarters and has done work for Public Services and Procurement Canada.

Former Vancouver mayor Gregor Robertson has a new job

  Former Vancouver mayor Gregor Robertson has a new job Vancouver’s former mayor Gregor Robertson has a new job at a green construction firm. Nexii Building Solutions Inc., a Canadian green building and construction technology company, announced Tuesday that Robertson has been hired as its executive vice-president of strategy and partnerships. In a statement, Robertson said he is focusing his efforts on the climate crisis because at buildings are a large source of climate pollution. “That’s why when Nexii — the creators of new breakthrough green building technologies — asked me to join their team, I didn’t hesitate.

The “Petya” ransomware has caused serious disruption at large firms including the advertising giant WPP, French construction materials company Saint-Gobain and Russian steel and oil firms Evraz and Rosneft. Petya cyber- attack : Cadbury factory hit as ransomware spreads to Australian businesses.

Companies across the globe are reporting that they have been struck by a major ransomware cyber- attack . British advertising agency WPP is among those to say its IT systems have been disrupted as a consequence. The virus, the source of which is not yet known, freezes the user's computer and

Christyn Cianfarani, president of the Canadian Association of Defence and Security Industries, said Canada could learn from the United States and Britain, countries that have taken steps to ensure the security systems of all government contractors — even those not dealing with classified information — are locked down.

"When we look at the major hacks that have occurred, especially on the defence side, where you know fighter aircraft information was stolen — it wasn't stolen from the prime contractor, it was stolen in a tiny, tiny shop supplying widgets," she said, citing the 2017 theft of sensitive information about Australia's defence programs through a government contractor.

"Whether they're done by nation states or by criminal organizations or by rogue actors, it's a characteristic of these kinds of attacks to get to governments using businesses as the point of entry, especially ... small businesses that tend to be the most vulnerable."

Keystone XL Wins Green Light From U.S. to Plow Ahead on Project

  Keystone XL Wins Green Light From U.S. to Plow Ahead on Project TC Energy Corp.’s long-delayed Keystone XL pipeline took another step forward with U.S. approval of a key stretch of construction. The Interior Department authorized construction across a swath of federal land in Montana, according to a release on Wednesday. While approval by the oil-friendly Trump administration was expected, the move is a sign of growing momentum for a project that ground to a halt under federal opposition in 2015.“This is another important step as we advance towards building this important energy infrastructure project,'’ TC spokesman Terry Cunha said in an email.

Federal Contracts Corp will make it easy for you to get the equipment you need. Federal Contracts Corp is your solution to increasing your government business.

The WannaCry ransomware attack was a May 2017 worldwide cyberattack by the WannaCry ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system

Cianfarani said Canada needs to start working on its own cyber security certification program for vendors.

Apart from federal work, Bird also has worked on renovations at multiple Ontario Provincial Police detachments and a wastewater treatment plant in Wood Buffalo, Alta., and helped to build Calgary's new emergency operations control centre. The company also has held contracts with oilpatch and potash companies, including Suncor.

A spokesperson for the RCMP said the police service is aware of the hack but would not say whether it's investigating.

Little recourse for feds after an attack

Public Services and Procurement Canada, which oversees how the government buys goods and services, has different levels of security clearance depending on whether a contractor has access to classified information.

"The government of Canada does go a long way to do that when there is sensitive information in play. When there's not sensitive information at play, companies do need to realize that this is a growing [trend]," said Aaron Shull, managing director and general counsel for the Centre for International Governance Innovation.

Company fined $75K for explosion that destroyed Canmore home

  Company fined $75K for explosion that destroyed Canmore home A company has been fined $75,000 for an explosion that destroyed a Canmore house and forced some nearby residents from their homes for months. The incident took place in 2015, when workers struck a pipe and then failed to call either the police or the fire department but did contact ATCO Gas. Shortly after the pipe was struck, the gas travelled into the basement of a nearby home and exploded.APM Construction, the company responsible for the rupture, pleaded guilty to charges under the Occupational Health and Safety Act for endangering its employees. The fine was handed down in provincial court on Wednesday.

Ransomware is a type of malware from cryptovirology that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid.

CORE Construction ’s rich history started with one key moment in 1937, when our founder, Otto Baum, applied for a loan to start a masonry company . Utilizing comprehensive construction knowledge and industry expertise, CORE provides exceptional building services in 13 markets.

A spokesperson for Public Services and Procurement Canada said the department is working to ensure all companies are properly vetted.

"Ransomware and the impacts of this type of attack are monitored by Public Services and Procurement Canada in collaboration with other government security agencies," said spokesperson Stéfanie Hamel.

"Public Services and Procurement Canada is working closely with relevant departmental stakeholders to ensure that, as part of the procurement process, companies it does business with have gone through intensive screening and meet all of our security requirements before any contract is granted."

Shull said there's little recourse for government departments once their confidential information is caught up in a cyber attack.

"The problem, of course, is that once a company has been breached it's a little bit like trying to nail the barn door shut after the horse is already gone," he said.

"The tools that are available to the federal government to penalize these companies are unsatisfactory. You're going to end up with a lawsuit for breach of contract or negligence, or something like that."

The Bird Construction case is just the latest in a series of ransomware attacks hitting Canadian networks — a series that includes attacks on a number of Ontario municipalities, including Woodstock, Stratford and The Nation.

Gov't wasting billions on 'failed' projects through outsourcing, says union

  Gov't wasting billions on 'failed' projects through outsourcing, says union OTTAWA — Outsourcing of work that could be done by federal government employees is costing taxpayers billions of dollars, and has created an unaccountable shadow public service, says a report from one of the country's biggest civil service unions. The report released Monday by the Professional Institute of the Public Service of Canada (PIPSC) says the government spent nearly $12 billion on management consultants, temporary contractors and information technology consultants between 2011 and 2018.

“The company is currently experiencing a hostile ransomware attack on its network systems,” said an internal Merck memo quoted by the Philadelphia Inquirer. The ransomware attack reportedly began in Ukraine, but has since spread to corporate systems across the world, affecting the Russian state oil

But a new string of ransomware attacks on the House of Representatives could stall legislation more effectively than party infighting or a filibuster. Ransomware is typically delivered via email and works by encrypting a victim’s data and demanding payment in exchange for the decryption key.

The RCMP has reported an uptick in ransomware attacks and a recent survey of Canadian organizations found the vast majority (88 per cent) had experienced a data breach over the last 12 months.

Brett Callow, a security analyst with the anti-virus software firm Emsisoft, said any stolen data could be used to perfect a future scam. He said implementing a bolstered audit system could help the government identify information that has been put at risk.

"If data has been stolen, there's obviously no way of getting it back. The most you can do is pay the criminals for a pinky-promise that they will not use that data," he said.

Vendors need better cyber hygiene: experts

Both DND and the RCMP said they follow Public Services and Procurement Canada's directions when it comes to contracts for goods, services and construction.

"The protection of information is a priority for the Department of National Defence," said Jessica Lamirande.

"We continue to take every precaution to ensure the proper security and privacy measures are in place, including complying with all relevant Government of Canada policies."

A RCMP spokesperson said the force also reviews the security requirements for all contracts and may include security clauses that require contractors to safeguard information.

Justin Fier, director for cyber intelligence and analytics at the online security firm Darktrace, said companies need better cyber hygiene and more training to prevent human error.

"The unfortunate and sad truth is no matter how much we educate our workforce, people will get duped into clicking the link in the email or ... doing something that they probably shouldn't be doing just because it gets the job done quicker and more efficiently," he said.

"It's not going anywhere anytime soon. As long as we pay the ransoms, they're going to keep coming back."

Federal Court to rule on Trans Mountain pipeline expansion challenge .
Federal Court to rule on Trans Mountain pipeline expansion challengeFour First Nations from British Columbia filed court challenges after the federal government approved the project a second time last June.

—   Share news in the SOC. Networks

Topical videos:

usr: 31
This is interesting!