Threat Watch

GCKey and Canada Revenue Agency Accounts Targeted in Attack

Canada’s GCKey service and the Canadian Revenue Agency were targeted in a cyber-attack recently, according to authorities. More than 9,000 usernames and passwords for GCKey user accounts were obtained by attackers and used to attempt to log in to other government services. Since this discovery, any account that may have been affected has been shut down. Additionally, around 5,500 Canada Revenue Agency accounts were potentially compromised in two separate attacks. These accounts have been taken offline temporarily in an effort to protect Canadian taxpayer information. Investigations have begun to determine if any information was able to be obtained by the attackers. Some Canadians have reported that their banking information on file with the Canada Revenue Agency has been tampered with, likely with the goal of diverting deposits to a different bank account to steal money. Another situation involving stimulus payments being issued without the consent of the person receiving it have been reported.

ANALYST NOTES

Important accounts, especially those that give access to financial transactions, should be protected with Multi-Factor Authentication (MFA) instead of simply passwords alone. Any person who believes they may have been affected should keep a close eye on their accounts. Any unknown transaction or one that they believe to not be one that they made should be reported immediately. If passwords for these accounts were used on any other site, they should be changed immediately.

Source: https://www.securityweek.com/thousands-canadian-government-accounts-hacked?&web_view=true