The Canadian Government Comes Under Attack

Uploaded on 2020-09-01 in GOVERNMENT-National, FREE TO VIEW

Cyber criminals targeted the Canadian government at the beginning of August, when several government services were disabled following a series of cyber attacks. The Canada Revenue Agency temporarily shut down its online services after hackers used thousands of stolen usernames and passwords to fraudulently access government services in three separate but serious breaches, which has comprising the personal information of thousands. 

On August 15, the Treasury Board Secretariat announced that approximately 11,000 online government services accounts, originating from the Government of Canada Key service (GCKey) and Canada Revenue Agency (CRA) accounts, had been victims of hacking attempts. 

The GCKey allows Canadians to access the online services of several Government of Canada programs and services, including Employment Insurance services, while the CRA manages Canadians’ tax services as well as Canada Emergency Benefit (ECP) payments, a support program for employees who have lost their jobs due to the pandemic. Recently CRA noticed the first signs of credential-stuffing attacks on its website.  This means criminals try to use previously stolen credentials to log into another account owned by the same victim. Unlike a brute-force attack, bad actors therefore use previously stolen user/password combinations to access a third-party service. The agency’s online services were restored on August 19.

The government estimates that approximately 11,000 accounts have been hacked. Of these, approximately were 5,600 for the CRA and 9,000 for the KeyGC system. Of the CRA accounts affected, more than half were hacked using the GCKey access. 
Impacted individuals have had their accounts suspended, and the government is working on notifying all affected users and tallying the damage done by these cyberattacks. 

Government officials are encouraging all who suspect they have had their accounts compromised to report it, and check the status of other login accounts, such as online banking and to in the future always use unique logins and passwords, especially with services that hold personal information. Impacted individuals will receive a letter from the CRA explaining how to confirm their identity in order to protect and restore access to their CRA account, the revenue agency says.

 A record number of Canadians have been accessing Canadian government online portals in order to apply for and receive government aid during the pandemic and so some of their data is possibly compromised.

CBC:        Pymnts:       CTV News:   CNN:        We Live Security

You Might Also Read: 

Australia Assaulted By Severe State-Backed Cyber Attacks:
 

 

« Boards Should Insist On A Cyber Audit
British SMEs Are Suffering A Surge In Cyber Attacks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

4ARMED

4ARMED

4ARMED services cover the end-to-end experience of securing modern software, from design and build through to deploy and test.

Quadrant Information Security

Quadrant Information Security

Quadrant Information Security is a consulting firm committed to supporting organizations in all vertical markets and protecting their sensitive data.

Grupo CFI

Grupo CFI

Grupo CFI is the largest Spanish network of data protection and cybersecurity professionals.

Pioneer Search

Pioneer Search

Pioneer Search is a UK based Technology & Change, Electronics Engineering, Cyber Security & Cloud and Data & Analytics Employment Agency.

BluBracket

BluBracket

BluBracket is the first comprehensive security solution that makes code safe—so developers can innovate and collaborate, and security teams can sleep at night.

Traced

Traced

At Traced, our aim is to redefine mobile cyber security to provide the best possible protection to everyone against breaches of privacy and security.

Wayra

Wayra

Wayra connects Telefónica and technological disruptors around the world. As their preferred strategic partner, we scale them up to accelerate their business and ours.

e-Careers

e-Careers

e-Careers is an edtech institution that provides industry recognised courses and up-skilling solutions to individuals and organisations.

Gigit

Gigit

Gigit’s Service portfolio focuses on your business’ needs and the integration of comprehensive cybersecurity policies, plans, procedures, and practices into your business culture and operations.

Artjoker

Artjoker

Artjoker is a full cycle software development partner specialized in Blockchain projects and smart contract development including full cycle information security of all projects.

Avint

Avint

Avint delivers transformational cybersecurity solutions that help both commercial and government entities achieve mission success.

Professional Labs

Professional Labs

Professional Labs specialize in simplifying complex problems for our customers with Cloud Services, Managed Services and Cyber Security.

Digital.ai

Digital.ai

Digital.ai empowers organizations to scale software development teams, continuously deliver software with greater quality and security.

BreakPoint Labs

BreakPoint Labs

BreakPoint Labs is dedicated to providing the methods and means for sustainable, measurable, and effective cybersecurity operations.

Anetac

Anetac

Developed by seasoned cybersecurity experts, the Anetac Identity and Security Platform protects threat surface exploited via service accounts.

Interpres Security

Interpres Security

Interpres Security operationalizes TTP-based threat intelligence and automates continuous exposure monitoring to help CISOs and security practitioners reduce threat exposure.