A rash of cyberattacks has targeted government websites in Canada recently, with the latest one prompting several federal and provincial government agencies to shut down their systems.
On Dec. 10, the Canadian Centre for Cyber Security issued an alert about a “critical vulnerability” in Apache Log4j—a widely used logging software—which would allow an unauthorized actor to hack and access an affected device remotely.
“ Cyber Centre strongly encourages organizations internally review potentially impacted applications. While non-exhaustive, community sources are assisting in these efforts with the identification of impacted products,” the federal cyber security centre said.
Defence Minister Anita Anand issued a statement on Dec. 12 saying the government is aware of the security risk and reiterated the Cyber Centre’s call for all Canadian organizations to “pay attention to this critical internet vulnerability.”
Several federal and provincial government agencies heeded the advice and shut down their websites as a precautionary measure.
Canada Revenue Agency (CRA) said in a statement issued on Dec. 10 that it was aware of the security vulnerability and decided to take its systems offline. All digital services were later restored on Dec. 14.
“We want to assure you that this precautionary service disruption was done to protect taxpayer information and CRA systems,” the agency said in a Dec. 14 update.
“re is currently no indication that CRA systems have been compromised, or that there has been unauthorized access to taxpayer information because of this vulnerability.”
Quebec government also shut down roughly 4,000 government websites over the weekend as a preventative measure against a potential cyberattack.
Eric Caire, Quebec’s minister of digital transformation, said the government was unsure which website uses the Apache software, and had to shut them all down for inspection.
Ontario NDP MPP Chris Glover, his party’s critic for technology development and innovation, said the incident serves as a reminder of the importance of “being proactive against cybersecurity threats.”
“I urge the Ontario government to review our systems & processes to ensure we have the highest level of protection for public data and government administered websites,” Glover wrote on social media.
Other Government Cyberattacks
Rideau Hall is another high-level federal institution that was recently targeted by cybercrime.
A representative for Gov. Gen. Mary Simon confirmed in a Dec. 2 statement that there was “unauthorized access” into its internal computer network. Office of the Secretary to the Governor General said it was working with the Cyber Centre to both undertake an investigation and to strengthen its network.
Provincial administrations have also been targets of recent cyberattacks.
Newfoundland and Labrador suffered significant disruptions to its health-care system following a cyberattack on Oct. 30, which caused tens of thousands of medical appointments to be cancelled.
N.L. officials confirmed in November that both patient and employee data were stolen in the attack. province’s public safety minister, John Hogan, is expected to provide an update on Dec. 14 on the impact of the cyberattack.
Pezou : Wave of Cyberattacks Target Government Websites in Canada