ISA is committed to keeping the security community up to date with the latest cybersecurity news.
Update: Canada Revenue Agency breach more extensive than originally reported
In a statement from the Office of the Chief Information Officer of the Government of Canada, the Canada Revenue Agency (CRA) now acknowledges that the user account breach it suffered in August was more serious than originally reported. Initial statements in mid-August pegged the breach at 5500 accounts, a number which was soon revised to 11,200. In this week’s statement, however, that number has nearly quadrupled to an estimate of 48,500, as Service Canada and the CRA have discovered concerns with the accounts held by this larger group of users.
According to the statement released on September 17, “As a result of ongoing forensic analysis of these cyber incidents, the CRA has identified suspicious activities occurring between early July and August 15 on approximately 48,500 of the more than 14 million CRA user accounts.”
The CRA has reportedly used letter mail to contact the affected users to inform them of the breach, and provide further instructions. The statement continued, “The CRA will work with individuals affected by identity theft or fraud to help ensure they are not held liable for fraudulent claims and payments made by fraudsters using their account. Individuals whose accounts have been compromised will be offered credit protection services free of charge.”
While there is still no word on the source or methodology of the attacks, the report assured readers that, “the Royal Canadian Mounted Police [RCMP] investigation is ongoing and affected departments are also conducting their own investigations.”
Participate in the annual SANS Security Awareness survey
The SANS (“SysAdmin, Audit, Network, and Security”) Institute is conducting its annual security awareness survey, and all interested parties are encouraged to participate. The survey, which takes about five minutes to complete, helps to gauge the security awareness of companies in today’s cybersecurity environment. All participants will receive a complimentary copy of the report, which promises to provide insights and data-driven action items that will help users improve their security programs.
SANS is a global leader in cyber security training programs and certifications. Their survey closes on October 13.
College of the Nurses of Ontario suffers suspected data breach
According to a September 17 statement on their website, the College of the Nurses of Ontario (CNO) suffered a “cyber security incident” on September 8 (the first business day after the Labour Day holiday). A number of systems supported by the CNO have been offline since that date, including the public register “Find a Nurse” feature, the nurse renewal portal “Maintain Your Membership”, as well as the portal for nursing applicants. The CNO website still describes the outage as being caused by a “significant technical infrastructure issue”.
The delay in releasing a statement gives credence to the claims by the hacker group Netwalker that they breached the CNO’s systems, and are prepared to post HR department data exfiltrated during the attack. A folder-structure screenshot of data allegedly stolen from the CNO was posted on Netwalker’s dark web portal, and the name of the college has been added to their roll call of victims. A CBC report on the incident presents a copy of the screenshot.
For their part, the CNO has not yet confirmed whether any data has been compromised. The delay and rumours are causing concerns to the many of Ontario’s 121,488 registered nurses, 59,967 registered practical nurses, and 3,864 nurse practitioners. Spokeswoman Angela Smith confirmed on September 18 that CNO computer systems had indeed been affected by ransomware, but “to date, we have not received a ransom demand amount, nor have we been in contact with the hackers.”
The various unions representing the nurses have also expressed anger about the delay and vagueness of the reports about the incident; the unions reportedly learned of the suspected ransomware attack through the media, and not through the CNO itself.
The Netwalker hacker group has been increasingly active in recent months, repeatedly targeting education and health facilities and groups.
ISA Cybersecurity virtual fireside chat on September 23
Guest speaker Gerry Owens, a cybersecurity executive with over 30 years of experience in a top Canadian bank, joins ISA’s Enza Alexander and CyberArk’s Chris Ruetz for an interactive, 60-minute fireside chat, where they will discuss strategies for securing and maintaining business operations in the face of an uncertain future – and present. The panel will discuss market trends and how the cybersecurity industry landscape has changed during the COVID-19 era, in addition to providing insights on building an effective cybersecurity strategy into a business continuity plan while protecting against cyber threats today.
Registration for the webinar is free, and interaction is encouraged. All pre-registered attendees will receive a link to a recording of the discussion afterwards.