Several services from the Canadian government, including the national revenue agency, had to be shut down following a series of credential stuffing cyberattacks
Cybercriminals set their sights on the Canadian government at the beginning of August, when several government services were disabled following a series of cyberattacks. On August 15, the Treasury Board Secretariat announced that approximately 11,000 online government services accounts, originating from the Government of Canada Key service (GCKey) and Canada Revenue Agency (CRA) accounts, had been victims of hacking attempts. The GCKey allows Canadians to access the online services of several Government of Canada programs and services, including Employment Insurance services, while the CRA manages Canadians’ tax services as well as Canada Emergency Benefit (ECP) payments, a support program for employees who have lost their jobs due to the pandemic.
On August 7, CRA noticed the first signs of credential-stuffing attacks on its website. Credential stuffing means criminals try to use previously stolen credentials to log into another account owned by the same victim. Unlike a brute-force attack, bad actors therefore use previously stolen user/password combinations to access a third-party service.
Annette Butikofer, CRA’s Chief information officer, explains that the agency did not notify the RCMP until August 11, then informing the general public and suspending access to its online services on August 15. She mentioned: “We were very confident that the monitoring was good, but after [the events involving] the KEICC, we noticed an attack on Saturday and decided to block and close our po ..
Support the originator by clicking the read the rest link below.
