The Canadian Government Comes Under Attack

Uploaded on 2020-09-01 in GOVERNMENT-National, FREE TO VIEW

Cyber criminals targeted the Canadian government at the beginning of August, when several government services were disabled following a series of cyber attacks. The Canada Revenue Agency temporarily shut down its online services after hackers used thousands of stolen usernames and passwords to fraudulently access government services in three separate but serious breaches, which has comprising the personal information of thousands. 

On August 15, the Treasury Board Secretariat announced that approximately 11,000 online government services accounts, originating from the Government of Canada Key service (GCKey) and Canada Revenue Agency (CRA) accounts, had been victims of hacking attempts. 

The GCKey allows Canadians to access the online services of several Government of Canada programs and services, including Employment Insurance services, while the CRA manages Canadians’ tax services as well as Canada Emergency Benefit (ECP) payments, a support program for employees who have lost their jobs due to the pandemic. Recently CRA noticed the first signs of credential-stuffing attacks on its website.  This means criminals try to use previously stolen credentials to log into another account owned by the same victim. Unlike a brute-force attack, bad actors therefore use previously stolen user/password combinations to access a third-party service. The agency’s online services were restored on August 19.

The government estimates that approximately 11,000 accounts have been hacked. Of these, approximately were 5,600 for the CRA and 9,000 for the KeyGC system. Of the CRA accounts affected, more than half were hacked using the GCKey access. 
Impacted individuals have had their accounts suspended, and the government is working on notifying all affected users and tallying the damage done by these cyberattacks. 

Government officials are encouraging all who suspect they have had their accounts compromised to report it, and check the status of other login accounts, such as online banking and to in the future always use unique logins and passwords, especially with services that hold personal information. Impacted individuals will receive a letter from the CRA explaining how to confirm their identity in order to protect and restore access to their CRA account, the revenue agency says.

 A record number of Canadians have been accessing Canadian government online portals in order to apply for and receive government aid during the pandemic and so some of their data is possibly compromised.

CBC:        Pymnts:       CTV News:   CNN:        We Live Security

You Might Also Read: 

Australia Assaulted By Severe State-Backed Cyber Attacks:
 

 

« Boards Should Insist On A Cyber Audit
British SMEs Are Suffering A Surge In Cyber Attacks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Finjan Holdings

Finjan Holdings

Finjan solutions are aimed at keeping the web, networks, and endpoints safe from malicious code and security threats.

Glasswall Solutions

Glasswall Solutions

Glasswall Solutions has developed a disruptive, innovative security technology which provides unique protection against document based cyber threats.

Flashpoint

Flashpoint

Flashpoint is a globally trusted leader in risk intelligence for organizations that demand the fastest, most comprehensive coverage of threatening activity on the internet.

The Open Group

The Open Group

The Open Group: Leading the development of open, vendor-neutral IT standards and certifications.

Cygilant

Cygilant

Cygilant is a SOC2 certified service provider that combines MSSP and Incident Detection and Response (IDR) capabilities managed by global SOCs staffed with trained security engineers.

Havelsan

Havelsan

HAVELSAN is a leading technology company in Turkey developing indigenous systems for domestic and foreign military, public and private sector clients.

TruNarrative

TruNarrative

TruNarrative provides a unified solution for Identity Verification, Fraud Detection, eKYC, Risk Assessment, AML Compliance and Account Monitoring.

ShiftLeft

ShiftLeft

ShiftLeft is a continuous application security platform, purpose-built for the modern software development life cycle.

Trusona

Trusona

Trusona is a pioneer and leader in passwordless two-factor authentication (2FA).

RackTop Systems

RackTop Systems

RackTop Systems is the pioneer of CyberConverged data security, a new market that fuses data storage with advanced security and compliance into a single platform.

Envelop Risk

Envelop Risk

Envelop Risk is a global specialty cyber insurance firm, combining decades of insurance industry expertise with sophisticated cyber and artificial intelligence-based analytics.

CHEQ

CHEQ

CHEQ provides fully autonomous, preemptive technology for brand safety and ad-fraud prevention.

Militus

Militus

Militus provides the only information security service available that learns and analyzes your network over time using a custom-built network-based toolset.

Gorilla Technology Group

Gorilla Technology Group

Gorilla specializes in video analytics, OT network security and big data to support a wide range of solutions for commercial, industrial, cities and government purposes.

Cryptr

Cryptr

Cryptr provides plug and play authentication to manage all your authentication strategies in one place with just a few lines of code.

INT3L

INT3L

The INT3L group (formerly Defentek) is a provider of national security and intelligence solutions, systems and services.