The Canadian government shuts down thousands of user accounts for its online portals after a sustained cyberattack.
The Canadian government shuts down thousands of user accounts for its online portals after a sustained cyberattack. The Canadian officials detected as many as 300,000 attempted attacks to access accounts on at least 24 government systems.
“Early on Saturday morning a CRA portal was directly targeted with a large amount of traffic using a botnet to attempt to attack the services through the credential stuffing, ” said Marc Brouillard, acting Chief Executive Officer for the government of Canada.
A “credential stuffing” attack is one in which stolen usernames and passwords are mined to access personal accounts fraudulently.
The largest of the attacks targeted GCKey accounts. GCKey allows Canadians to access dozens of government services like Employment Insurance (EI), My Service Canada accounts, Refugee and Citizenship Canada accounts, Immigration and veterans programs. The attack might have permitted hackers to access 5,600 CRA My Accounts.
Another attack took place last week where hackers took advantage of “vulnerability in security software, which allowed hackers to bypass security questions and gain access, ” said Annette Butikofer, the chief information officer at the CRA.
In total, more than 11,000 out of 12 million personal accounts were compromised. Government officials were notified to have online services restored by Wednesday.
A record number of Canadians were accessing Canadian government portals to apply for and receive government aid during Covid-19.
The CRA spokesperson said that CRA quickly identified the impacted accounts and disabled access to these accounts to ensure the safety and security of the taxpayer’s information.
“The credentials used in the attack came from previous, non-government of Canada data breaches. They were effective because Canadians reused old passwords on the government of Canada systems, ” said Scott Jones, head of Canada’s Centre for Cyber Security, adding, “the accounts that used unique passwords remain secure.”
The government is investigating the matter and advises Canadians to choose unique, strong passwords for all online accounts and check for suspicious activity.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?