Company 
Team 
League Partners 
Case Study
Company News 
Team Member Spotlight 
Managed IT Services
Cloud Hosting 
Co-Managed %201.svg){kind=icon}
Managed VOIP 
Managed Security Services 
Data Backup + Disaster Recovery 
Security Assessment 
CMMC Compliance 
SharePoint
Power BI
Web Design + Hosting
Application Development
Businesses 
Municipalities 
Local Government Services 
Healthcare
Manufacturing
Aerospace and Defense
Case Studies
Guides
News
Events
Municipalities
Healthcare
Managed IT Services
Compliance
Cybersecurity
The Canadian Government came under a serious and sustained cyberattack over the weekend and was forced to shut down the majority of its online portals as a result.
Over 300,000 individual attacks were detected over the two days as hackers attempted to gain access to accounts on at least 24 government systems.
Marc Brouillard, acting Chief Information Officer for the government of Canada, stated: “Early on Saturday morning, a CRA (Canadian Revenue Agency) portal was directly targeted with a large amount of traffic using a botnet to attempt to attack the services through credential stuffing.”
He went on to say that out of an abundance of caution, the CRA portal was shut down to contain the attack and implement measures to protect CRA services.
Federal officials later confirmed that these attacks targeted and exploited an internal “vulnerability” and used login information that had been stolen in previous hacks. The attack led to some damaging and worrying results, with over 11,000 out of 12 million personal accounts compromised, including tax accounts and online portals accessing Covid-19 relief programs. The data of thousands of Canadian citizens from their online Canada Revenue Agency accounts have potentially been breached.
The attack was so successful largely because Canadians reused old passwords on Government of Canada systems, according to Scott Jones, head of Canada's Centre for Cyber Security.
Marc Brouillard stated that: “The bad actors were able to use the previously hacked credentials to access the CRA portal. They were also able to exploit a vulnerability in the configuration of security software solutions, which allowed them to bypass the CRA security questions and gain access to a user's CRA account.” He went on to reassure Canadians that this vulnerability was patched and the risk of this attack vector has been mitigated.
Government officials first learned of attacks occurring on August 7th and contacted the RCMP on August 11th. The public was informed after further attacks had taken place last weekend. As yet, the perpetrators have not been identified.
Government officials were keen to stress that the vulnerability exploited was not in the Canadian Revenue Agency’s systems but rather came from the hackers having obtained login credentials through previous attacks. A ‘front door’ attack, where the bad actors logged in as regular users, rather than a ‘back door’ attack exploiting weaknesses in the systems themselves. They did, however, admit that in dealing with the attacks a potential vulnerability in government security software had been discovered and repaired.
This attack was particularly damaging as record numbers of Canadians are currently accessing government portals online to apply for and receive aid as a result of the COVID-19 pandemic.
Accounts that were compromised have been suspended, and affected individuals needing to apply for aid or access their online services for another reason were urged to do so over the phone. Anyone who has been affected by the breach will receive a letter from the Canadian Revenue Agency explaining how to confirm their identity in order to protect and restore access to their account.
At the moment, the RCMP and federal privacy commissioner are investigating and are unable to comment further on the attack.
