Metrolinx says it doesn't believe it was specific target in North Korea cyberattack
Tara Deschamps, The Canadian Press
Published Wednesday, January 24, 2018 4:30PM EST
Last Updated Wednesday, January 24, 2018 7:35PM EST
TORONTO -- Ontario transit agency Metrolinx said Wednesday it doesn't believe it was specifically targeted in a recently thwarted cyberattack it claims came from North Korea.
Anne Marie Aikins, a spokeswoman for the public transportation service in the Greater Toronto and Hamilton Area, told the Canadian Press it was hit with malware that circulated the globe with many potential victims.
When Metrolinx first revealed the attack Tuesday, it said it was routed through Russia and didn't compromise personal information Metrolinx stores or its bus or train operations systems.
Metrolinx would not reveal how the threat presented itself or whether it was circulated through a link, digital document or download.
Ron Diebert, a global security expert and the director of the Citizen Lab at the University of Toronto, said malware "roams the internet like a common cold or flu virus," but doesn't always have a deliberate victim.
Because it can easily be stumbled upon, he said, for example, "this could be someone at Metrolinx checking their Facebook Messenger and receiving a link that took them to a malicious system."
In most cases, malware is "very broadly targeted" and people wanting to use it for harm spread it around in hopes of ensnaring as many victims as possible, said Simon Frankel Pratt, an international security lecturer at the University of Toronto.
North Korea has been linked to a wave of recent hacks, most prominently the WannaCry ransomware attack.
It infiltrated hundreds of thousands of computers and wreaked havoc on Britain's National Health Service, forcing some hospitals to cancel surgeries, in May.
Last month, U.S. President Donald Trump's administration blamed North Korea for WannaCry and said it managed to connect the country to such attacks through evidence and confirmation from the United Kingdom and companies including Microsoft.
If the threat is related to WannaCry, then Diebert said it begs the question of why Metrolinx didn't properly secure their infrastructure last year when patches were widely-circulated.
However Pratt said that with the limited information shared about the attack, he doesn't see any reason to assume the Metrolinx incident is connected to WannaCry.
Aikins said Metrolinx uses "ethical hackers" to help it thwart attacks and works closely with the province on cybersecurity issues like the recent incident.
Based on what he has heard, Pratt said Metrolinx has "done a fine job" handling the attack, which he considers to be "a routine occurrence."
"Don't panic," he stressed.
"Our transit system isn't at risk. Our safety is not threatened."