The Canadian government said it was forced to shut down most of its online portals on the weekend after a sustained cyberattack over the last several days.
At one point over the weekend, Canadian officials disclosed they detected as many as 300,000 attempted attacks to access accounts on at least 24 government systems.
“Early on Saturday morning a CRA (Canadian Revenue Agency) portal was directly targeted with a large amount of traffic using a botnet to attempt to attack the services through credential stuffing,” said Marc Brouillard, acting Chief Information Officer for the government of Canada. “Out of an abundance of caution the CRA portal was shut down to contain the attack and implement measures to protect CRA services.”
A “credential stuffing” attack is one in which stolen usernames and passwords are mined to fraudulently access personal accounts.
In total, more than 11,000 out of 12 million personal accounts were compromised, including tax accounts and online portals accessing Covid-19 relief programs. Government officials say they hope to have online services restored by Wednesday.
“The credentials used in the attack came from previous, non-government of Canada data breaches. They were effective because Canadians reused old passwords on government of Canada systems,” said Scott Jones, head of Canada’s Centre for Cyber Security, adding, “the accounts that used unique, strong passwords remain secure.”
Jones noted it is rare for his agency to either confirm or comment on the existence or nature of such a security breach.
Officials stressed that this was what they characterize as a “front door” attack, in which Canadian account holders’ usernames and passwords were compromised because they were previously stolen from other non-government accounts.
“This is not an attack where hackers are trying to do [it] through the backdoor. They are going into the system just like normal users, they are applying credentials just like normal users, so it’s very hard to detect that pattern from all the good traffic,” Brouillard said.
However, officials acknowledged a vulnerability in government security software that has since been detected and repaired.
The RCMP is now investigating and officials said they could not comment on whether the attack originated inside or outside of Canada.
A record number of Canadians were accessing Canadian government online portals in order to apply for and receive government aid during the pandemic.