Canada Revenue Agency shuts down after cyberattack – hacked login credentials at fault

Canada has been dealing with cyber-attacks recently, and this is the third attack on the Canadian Revenue Agency, which in addition to collecting taxes provides urgently needed access to COVID-19 relief programs, veteran’s programs, and a broad array of services to citizens.

Canada has a strong history of infosec responsibility. The most recent attack resulted from a software vulnerability that ....
[Read More >>]

Canada has been dealing with cyber-attacks recently, and this is the third attack on the Canadian Revenue Agency, which in addition to collecting taxes provides urgently needed access to COVID-19 relief programs, veteran’s programs, and a broad array of services to citizens.

Canada has a strong history of infosec responsibility. The most recent attack resulted from a software vulnerability that let attackers bypass security questions, which was fixed almost immediately upon notification of the problem.

In this third attack, a credential stuffing attack deployed a botnet in an attempt to access and compromise the accounts of some 12 million Canadians, using previously exposed, stolen passwords and usernames. It’s a “front door” attack - using information that’s already out there. The ability of attackers to use the same usernames and passwords that were harvested previously is a key factor. The good news is that of the 12 million ID-and-password combinations the attackers attempted to use, some 98% or more were no longer valid.

It’s important that everyone understands they’re a potential target for cybercriminals, whether or not they believe they’re likely to be. The important steps that every consumer should take: a) use a password manager and create unique, non-intuitive and lengthy passwords – preferably 30 characters or more; b) use 2FA wherever it’s available, and unfortunately, many government services have been slow to offer 2FA and allowing more than 30 character passwords; and c) never reuse a password, and change existing password frequently. Also, anyone directly affected by this breach should reach out to the CRA immediately either by phone or email – they’ll re-authenticate you and restore services.