A recent attack upon a Statistics Canada server resulted in the federal data agency having to take it’s website offline for several hours on March 9th. The attack had prevented the agency from releasing its monthly Labor Force Employment statistics, which is one of their most important economic releases. Fortunately, government officials have stated that there is no evidence of any of any personal privacy breaches.
The incident had occurred within 24 hours of officials finding out that an update to a web application framework could be vulnerable to exploit. Once it had been discovered that the system had been penetrated, they quickly took their website offline. According to a statement from Statistics Canada, “Due to a recent vulnerability impacting specific computer systems worldwide, we took our website offline and are working in close collaboration with Shared Services Canada to address this issue and are resuming services as we are assured that information and systems are safe.”
How the Attack Happened
The vulnerability involves an open source framework that uses Java to develop web applications, called Apache Struts 2. According to officials, this software is used in a multitude of Canadian government servers. The server that was penetrated contained general public information such as publications and data tables, said the director general for communications, Gabrielle Beaudoin. Fortunately, “systems that house personal information were not reached by this issue,” she said. But the fact that there was an attack was enough to cause officials to take it offline.
The attack inspired a hunt across other government systems, which resulted in the Canada Revenue Agency taking their online tax filing system offline as well. Though this is not expected to impact tax refunds this season, and they do not intend to extend the filing deadline. The system was taken offline around midnight on March 10th, restored for around 12 hours, and then taken offline again until Sunday evening due to another security warning. Francois Dicaire, Deputy assistant commissioner for IT, had said that there was “no reason to believe there was unauthorized access to taxpayer information.”
At this time, there are no leads or evidence as to who was behind the attack. It appears that the attack was handled quite appropriately, as at this time it has been said that the vulnerabilities have been fixed. It can be difficult at times to determine the motivation behind attacks like this. Whether there was specific information being targeted, or the attack was simply to maliciously cause a shutdown seems to be uncertain and has not been commented upon. Cyber attackers can have a wide variety of motives and purposes behind their attacks, and discerning the reason can be quite complex.
How Threat Intelligence Feeds Can Help to Prevent Breaches
The range of vulnerabilities that can exist within cyber technologies can be extremely large. There a multitude of different systems, peripherals, and applications that can all have their own vulnerabilities. This is why it is critical that an organization ensure proper defense and patching of these various components. Cyber security must always be an adaptable scene in the event that a new vulnerability is discovered. Threat intelligence feeds can allow an organization to stay updated upon different actors and vulnerabilities. When a new exploit or threat enters the scene, there are patterns and indicators of it around the web. Threat intelligence feeds allow this information to be relayed to an organization so that they can then ensure that proper defenses are in place. Massive Alliance can provide comprehensive threat intelligence feeds that can help to protect your organization from cyber attacks.