ISA is committed to keeping the security community up to date with the latest cybersecurity news.
Canada Revenue Agency disables services after cyberattacks
The Canada Revenue Agency (CRA) has temporarily disabled its online services following news of two separate cyberattacks that compromised some 5500 accounts.
In a statement August 16, the CRA confirmed that online services, including the “My Account”, “My Service Canada”, “My Business Account”, and “Represent a Client” links were being disabled as an “additional precaution” against further attacks like the ones on August 14. According to a statement about the first incident from the Office of the Chief Information Officer of the Government of Canada, “the passwords and usernames of 9,041 users were acquired fraudulently and used to try and access government services, a third of which accessed such services and are being further examined for suspicious activity.” The additional few thousand compromised accounts were hacked in the second incident.
In a separate statement from CRA spokesperson Christopher Doody, “The CRA quickly identified the impacted accounts and disabled access to these accounts to ensure the safety and security of the taxpayer’s information… The CRA is continuing to analyze both incidents. Law enforcement assistance has been requested from RCMP and an investigation has been initiated.”
While all 30 of the CRA’s online services are affected by the intentional shutdown, the timing is particularly difficult for those looking to apply for, or check the status of, the Canada Emergency Response Benefit (CERB) or the Canada Emergency Student Benefit (CESB). There is no word on when the CRA will be able to resume normal operations – the website advises “This service is not available at this time. This service disruption is temporary. We regret the inconvenience.” However, the Treasury Board of Canada Secretariat will be holding a press conference on Monday, August 17 to provide more information.
This incident serves as a reminder to always use different passwords for each of your online services or accounts: the CRA attack is believed to have started with a so-called “credential stuffing” exercise, in which hackers use passwords and usernames collected from other successful hacks, looking for people who have reused passwords with the CRA.
Check Point releases 2020 cloud security report
Check Point Software, in partnership with Cybersecurity Insiders, released the 2020 edition of their annual global Cloud Security Report on August 10. The survey, conducted through the course of July 2020, reflects the results of a comprehensive online survey of 653 cybersecurity and IT professionals. The data reflect significant concerns about public cloud security – concerns heightened by the COVID-19 pandemic, as many organizations feel additional pressure to move services to the cloud.
The report reveals that some 3/4 of those surveyed stated that they were “very concerned” or “extremely concerned” about public cloud security. Over 2/3 of respondents confirmed that their organizations use two or more public cloud providers, creating additional complexity and knowledge gaps for IT administrators.
The top concern about cloud security was identified as misconfiguration of cloud services (including simply leaving “default” settings enabled). The 2019 report suggested that system misconfiguration was the third leading threat, also indicating that complexity may be overwhelming some organizations today.
Unauthorized cloud access, insecure interfaces, and account hijacking rounded out the top four areas of primary concern for respondents.
Those surveyed also expressed concern about traditional security tools, feeling that they may only be able to provide limited protection in today’s complex, hybrid cloud environments. “The report shows that organizations’ cloud migrations and deployments are racing ahead of their security teams’ abilities to defend them against attacks and breaches. Their existing security solutions only provide limited protections against cloud threats, and teams often lack the expertise needed to improve security and compliance processes,” according to TJ Gonen, Head of Cloud Product Line at Check Point Software. “To close these security gaps, enterprises need to get holistic visibility across all of their public cloud environments, and deploy unified, automated cloud-native protections, compliance enforcement and event analysis. This way, they can keep pace with the needs of the business while ensuring continuous security and compliance.”
Data leaks, some systems still down after ransomware attack at Canon
On August 5, Canon Electronics suffered a ransomware attack believed to be organized by the cybercrime group known as “Maze”. Many of Canon’s American websites and operations were disrupted by the incident. In addition to locking up their systems, Maze also exfiltrated a significant amount of data: this week, that data is slowly being published on a “leak site” organized by the cybercriminals. While the information released so far does not appear to contain any personally identifiable information or corporate secrets, it is thought to represent only about 5% of the total data stolen during the early August attack. There is no confirmation on whether Canon paid any initial ransom to restore operations (the American Canon website and subsites now appear to be operational, but the Canadian site remained down as of August 17) or if the giant in optical, imaging and industrial products giant is considering payment to secure the rest of its stolen files. This incident will certainly extend the ongoing debate about paying ransomware demands vs. the risks of downtime and data loss in restoring systems.
Coincidentally, fellow imaging company Konica Minolta suffered an unrelated ransomware attack at the end of July which shut many of its operations down for almost a week.
“Female Trailblazers in Cybersecurity” virtual panel roundtable just a week away
Response has been outstanding for ISA Cybersecurity’s live virtual roundtable: Female Trailblazers in Cybersecurity on August 25 at 1:00 p.m. EDT. Held in partnership with CyberArk and Tenable, the event brings together leading women in cybersecurity to address today’s pressing industry issues by highlighting women’s vital roles through powerful stories. Register today for this must-see event! All registrants will receive a link to the recorded presentation.