CRA Shuts Down Online Service After Being Hit By Two Cyberattacks

Update from the Canada revenue agency it has shut down it's online completely although temporarily following a series of cyberattacks.

CRA service will be offline until further notice according to the CRA not giving any indication on whether that means days, weeks or a matter of hours but if you did try to login here is a look of what you will see is simply an error message at the moment saying

 "Some services are unavailable at this time. We regret the inconvenience." 


If you try to login into My Account, My Business Account or Represent a Client function after his two data breaches confirmed by the CRA a week ago. 

The RCMP nation division said they are actively investing the cyberattacks against the government of Canada and is working close collaboration with its partners but didn't specify who those partners are and sais they cant not give any more details to protect the integrity of their investigation. They where 5500 accounts were targeted in these two breaches and we have heard from multiple people but got an alert notifying them their login details have been changed specifically their address on their direct deposit details. 

Some of them said that someone had applied for the Canada emergency response benefit through their account using that fraudsters address to receive those checks and that what CRA is now investigating.

CRA  has not announced how much money has been taken and we don't know exactly the period over which this was happening though we heard reports that it started as early as June potentially up until August. 

CRA said the two ways this data breach must have happen is when people reusing usernames and passwords on the CRA website from another website which that has been breach  or the government of Canada Key which is an authentication tool you can log in across government website.

We sent CRA official a message about whether if other government website has being compromised in these same braches but they haven't responded to our email yet. 


Daniel Toback a cybersecurity expert described this type of attack has Credential stuffing. Credential stuffing is a technique used by threat actors where they reuse password and usernames from previous breaches that have occurred. Let go back in time, shall we and look at the past 12 months from financial institutions, government and banking data breaches passwords and usernames to try and reuse them in this particular attack. He explains that the line between organised crime and state-sponsored attacks have become so thin that we don't even know who is doing what anymore it's like they joint forces.

When the threat actors are able to compromised account and get in they can get unlimited information about their victims like their names; address, social security information and a bit of financial data that they can withhold from the actual account and very scary because they know your history, potential tax returns and a lot of information the attacker can grab by compromising an account.

From one side they are able to redirect a set payment to other accounts and can use your profile now to actually perpetrate other types of fraud suck has banking fraud and applying for mortgages using some of their connections in other banks.


Previous Post Next Post

Found this article interesting? Follow Hackers Review on Facebook, Twitter  and Telegram to read more exclusive content we post.