A cyberattack directed at two dozen Canadian government platforms forced the shutdown of most of its online portals over the weekend.
CNN reported Canadian officials detected as many as 300,000 attempted attacks to access accounts.
“Early on Saturday morning a CRA (Canadian Revenue Agency) portal was directly targeted with a large amount of traffic using a botnet to attempt to attack the services through credential stuffing,” Marc Brouillard, a Canadian government spokesman told the network referring to an attack where stolen usernames and passwords are gathered to fraudulently access personal accounts. “Out of an abundance of caution the CRA portal was shut down to contain the attack and implement measures to protect CRA services.”
The CRA plays multiple roles. It collects taxes, administers tax law and policy and oversees charities.
As a result of the breach, the CRA said more than 11,000 of 12 million personal accounts were compromised, including online portals accessing tax payer data and COVID-19 relief programs.
Online services are expected to be fixed by Wednesday (Aug.19), officials told CNN.
“The credentials used in the attack came from previous, non-government of Canada data breaches,” said Scott Jones, head of Canada’s Centre for Cyber Security, the agency that leads the government’s response to cybersecurity attacks. “They were effective because Canadians reused old passwords on government of Canada systems, the accounts that used unique, strong passwords remain secure.”
Last month, a national survey found more than 80 percent of U.S. medical practices have been the victims of cyberattacks.
More than half of the hospital and medical facilities reported patient safety concerns from the data breaches, and 20 percent said that their business had been interrupted for more than five hours, the survey said, according to USA Today.
“That can be the difference between life and death,” Wendi Whitmore, vice president of IBM X-Force, a New York-based commercial security research team, told the newspaper.
In March, a cyberattack was leveled at the U.S. Department of Health and Human Services (HHS) amid the agency’s role in the COVID-19 mitigation.
The attack didn’t have any dire effects like a data breach, officials said. Few details were provided on what happened, but the attack was noticed because of a “significant increase” in activity on the server, according to a spokeswoman.