Cyberattack breaches thousands of Canadian Government Accounts
The government of Canada has released a statement that thousands of Canadian government accounts have been compromised following a cyberattack.
The Treasury board of Canada stated that the attackers exploited the government’s GCKey system. This system is an SSO protocol used by 30 Canadian federal governments. It allows public users to access government service pages, including employment, social services, and Covie-19 relief programs. IT is also used for CRA system logins.
It was discovered that of 12 million GKey accounts, 9041 accounts were hacked. The method of attack was “credential stuffing”. In such an attack, the attacker utilizes credentials that were stolen in a previous, unrelated data breach.
Whenever a data breach occurs, cybercriminals often sell stolen credentials online in black market. To date, there are an estimate billions of username and passwords that are in circulation in these underground marketplaces. Credentials stuffing is also made more effective due to the fact that many users reuse credentials across accounts.
Furthermore, automation is used as a tool to launch large-scale stuffing attacks using very little human resources on the cyberattackers side. In the aforementioned government attack, Treasure Board of Canada discovered that over 5000 of the 9041 compromised accounts were CRA accounts.
Marc Brouillard, the CIO of the Treasury board of Canada, stated that the CRA portal was targeted with a botnet in the attacker’s attempt to attack the service. The CRA portal was swiftly taken down in order to contain the attack and mitigate damage.
Researchers at BleepingComputer found that the CRA accounts using GCKey were not using multi-factor authentication, increasing their risk of compromise. Furthermore, the researchers discovered that security CAPTCHA were not used either. CAPTCHAs are often used as a method of preventing brute force attacks by verifying a user is human through a series of questions.
Preventive Measures to keep your account safe:
Ensure that all software is up-to-date with security patches
Ensure that users are using strong passwords that do not reuse the same credentials for multiple sites.
Employ additional security measures including MFA and CAPTCHA.
This will ensure that bots are less effective at infiltrating your organization’s secure networks. Malicious bots scan websites and networks for known vulnerabilities. This means that cyberattackers can identify weaknesses in thousands of networks almost simultaneously. By keeping your touchpoints up-to-date, you mitigate the threat of a bot discovering a weakness in your network to exploit.
Don’t fall victim to cyberattack. Call us at +1 888 366 4443 or email us at firstname.lastname@example.org for more information.