The Canadian Government Comes Under Attack

Uploaded on 2020-09-01 in GOVERNMENT-National, FREE TO VIEW

Cyber criminals targeted the Canadian government at the beginning of August, when several government services were disabled following a series of cyber attacks. The Canada Revenue Agency temporarily shut down its online services after hackers used thousands of stolen usernames and passwords to fraudulently access government services in three separate but serious breaches, which has comprising the personal information of thousands. 

On August 15, the Treasury Board Secretariat announced that approximately 11,000 online government services accounts, originating from the Government of Canada Key service (GCKey) and Canada Revenue Agency (CRA) accounts, had been victims of hacking attempts. 

The GCKey allows Canadians to access the online services of several Government of Canada programs and services, including Employment Insurance services, while the CRA manages Canadians’ tax services as well as Canada Emergency Benefit (ECP) payments, a support program for employees who have lost their jobs due to the pandemic. Recently CRA noticed the first signs of credential-stuffing attacks on its website.  This means criminals try to use previously stolen credentials to log into another account owned by the same victim. Unlike a brute-force attack, bad actors therefore use previously stolen user/password combinations to access a third-party service. The agency’s online services were restored on August 19.

The government estimates that approximately 11,000 accounts have been hacked. Of these, approximately were 5,600 for the CRA and 9,000 for the KeyGC system. Of the CRA accounts affected, more than half were hacked using the GCKey access. 
Impacted individuals have had their accounts suspended, and the government is working on notifying all affected users and tallying the damage done by these cyberattacks. 

Government officials are encouraging all who suspect they have had their accounts compromised to report it, and check the status of other login accounts, such as online banking and to in the future always use unique logins and passwords, especially with services that hold personal information. Impacted individuals will receive a letter from the CRA explaining how to confirm their identity in order to protect and restore access to their CRA account, the revenue agency says.

 A record number of Canadians have been accessing Canadian government online portals in order to apply for and receive government aid during the pandemic and so some of their data is possibly compromised.

CBC:        Pymnts:       CTV News:   CNN:        We Live Security

You Might Also Read: 

Australia Assaulted By Severe State-Backed Cyber Attacks:
 

 

« Boards Should Insist On A Cyber Audit
British SMEs Are Suffering A Surge In Cyber Attacks »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

HPE Aruba Networking

HPE Aruba Networking

HPE Aruba Networking, a Hewlett Packard Enterprise company, is a leading provider of next-generation network access solutions for the mobile enterprise.

Labris Networks

Labris Networks

Labris Networks specializes in DDoS mitigation, NG Firewall, Unified Threat Management, Centralized Management, Regulatory Compliances and SOC/CERT Services.

Bridewell

Bridewell

Bridewell provide cost effective Security & Risk Assurance Services across Information Security, Cyber Security, Technology Risk, Security Testing and Data Privacy.

Cyber Talents

Cyber Talents

CyberTalents is on a mission to close the gap of cyber security professionals shortage across the globe.

Jobsite

Jobsite

Jobsite is an award winning job board in the UK providing job listings in the key sectors of IT, Engineering and Finance.

Exire Technologies

Exire Technologies

Exire Technologies is comprised of a team of professionals who are specialised in cybersecurity and a value added reseller and integrator of ICT security systems.

InfoLock

InfoLock

Infolock are experts in data governance, providing consulting and advisory services that help organizations effectively secure, manage, and optimize their data.

NJVC

NJVC

NJVC delivers IT automation, optimization and security to empower mission-enabling IT for customers with secure requirements.

Greenberg Traurig (GT)

Greenberg Traurig (GT)

Greenberg Traurig, LLP (GT) is a global law firm with offices in 40 locations in the United States, Latin America, Europe, Asia, and the Middle East.

Senteon

Senteon

Senteon is a turnkey cybersecurity platform designed to make securing confidential data affordable, understandable, and streamlined for small-to-mid sized businesses and MSPs.

Securious

Securious

If you need to improve your cyber security or achieve cyber security accreditations, Securious provide an independent service that will identify and address your issues quickly and efficiently.

DarkFeed

DarkFeed

DarkFeed is a Threat Intelligence provider that monitors the darknet in real-time, where hackers and Cyber criminals are most active.

Cyber Industrial Networks

Cyber Industrial Networks

Cyber Industrial Networks objective is to service the needs of industry in achieving reliable, robust and secure infrastructure that supports productivity.

Blue Cloud Softech Solutions

Blue Cloud Softech Solutions

Blue Cloud Softech propels inspiring digital transformations. We provide AI products, cybersecurity, healthcare technology, and cloud solutions.

Maveris

Maveris

Maveris is an IT and cybersecurity company committed to helping organizations create secure digital solutions to accelerate their mission.

Staris

Staris

Human based defense is dead. Staris is reinventing application security for an increasingly AI driven world.