CRA Shuts Down Online Service After Being Hit By TwoΒ  Cyberattacks

16 84
Avatar for Secure
Written by
4 years ago

Update from the Canada revenue agency it has shut down it's online completely although temporarily following a series of cyberattacks.

CRA service will be offline until further notice according to the CRA not giving any indication on whether that means days, weeks or a matter of hours but if you did try to login here is a look of what you will see is simply an error message at the moment saying

"Some services are unavailable at this time. We regret the inconvenience."

If you try to login into My Account, My Business Account or Represent a Client function after his two data breaches confirmed by the CRA a week ago.

The RCMP nation division said they are actively investing the cyberattacks against the government of Canada and is working close collaboration with its partners but didn't specify who those partners are and sais they cant not give any more details to protect the integrity of their investigation. They where 5500 accounts were targeted in these two breaches and we have heard from multiple people but got an alert notifying them their login details have been changed specifically their address on their direct deposit details.

Some of them said that someone had applied for the Canada emergency response benefit through their account using that fraudsters address to receive those checks and that what CRA is now investigating.

CRA has not announced how much money has been taken and we don't know exactly the period over which this was happening though we heard reports that it started as early as June potentially up until August.

CRA said the two ways this data breach must have happen is when people reusing usernames and passwords on the CRA website from another website which that has been breach or the government of Canada Key which is an authentication tool you can log in across government website.

We sent CRA official a message about whether if other government website has being compromised in these same braches but they haven't responded to our email yet.

Daniel Toback a cybersecurity expert described this type of attack has Credential stuffing. Credential stuffing is a technique used by threat actors where they reuse password and usernames from previous breaches that have occurred. Let go back in time, shall we and look at the past 12 months from financial institutions, government and banking data breaches passwords and usernames to try and reuse them in this particular attack. He explains that the line between organised crime and state-sponsored attacks have become so thin that we don't even know who is doing what anymore it's like they joint forces.

When the threat actors are able to compromised account and get in they can get unlimited information about their victims like their names; address, social security information and a bit of financial data that they can withhold from the actual account and very scary because they know your history, potential tax returns and a lot of information the attacker can grab by compromising an account.

From one side they are able to redirect a set payment to other accounts and can use your profile now to actually perpetrate other types of fraud suck has banking fraud and applying for mortgages using some of their connections in other banks.

DONT REUSE SAME CREDENTIALS ON MORE THAN ONE WEBSITE

25
$ 0.00
Sponsors of Secure
empty
empty
empty
Avatar for Secure
Written by
4 years ago

Comments

This is what im doing im using all same credentials of my any account but sometimes the email address is not.. But im so much thank full for your article this lines here really captured my attention pls keep on posting writing articles that full of information like tbis one you make for us to learn something new

πŸ‘‡πŸ‘‡πŸ‘‡πŸ‘‡πŸ‘‡πŸ‘‡πŸ‘‡πŸ‘‡πŸ‘‡

From one side they are able to redirect a set payment to other accounts and can use your profile now to actually perpetrate other types of fraud suck has banking fraud and applying for mortgages using some of their connections in other banks. DONT REUSE SAME CREDENTIALS ON MORE THAN ONE WEBSITE

$ 0.00
4 years ago

Thanks for reading @Kloverztel28

$ 0.00
4 years ago

Its my pleasure my friend

$ 0.00
4 years ago

This is dishearten and I pray they are able to find those cyber attacker and improve their cyber security system that will either stop or minimize cyber attacker...thanks for this information

$ 0.00
4 years ago

Thank for reading @freak check back on my profile for more

$ 0.00
4 years ago

It's a very good information

$ 0.00
4 years ago

The cyber attacks on the world is growing even more than the rate of technological growth

$ 0.00
4 years ago

That is 100% true That why we need more cyber security researchers in the world πŸŒŽπŸ”’

$ 0.00
4 years ago

It is the good post to read about and i lived this post a lot...content if the post is awesome πŸ’œπŸ’œπŸ’™πŸ’™ The Canada Revenue Agency is the revenue service of the Government of Canada. The CRA collects taxes, administers tax law and policy, and delivers benefit programs and tax credits for the federal government and most provincial and territorial governments. It also oversees the registration of charities in Canada.During the 2017 tax year, the CRA collected approximately $430 billion in revenue on behalf of federal and provincial governments, and administered nearly $34 billion in benefits to Canadians. Before 2003, the Agency was known as the Canada Customs and Revenue Agency, and prior to 1999, was organized as a department under the title Revenue CanadaπŸ’œπŸ’œπŸ’œThis is what i understamd about CRA❣❣so keep uploading more dude πŸ’œπŸ’œπŸ’œ

$ 0.00
4 years ago

Thanks for reading but why do you have to record all what I posted in the comments

$ 0.00
4 years ago

Nice

$ 0.00
4 years ago

Nice story

$ 0.00
4 years ago