Canadian government agencies shut down online services due to critical software vulnerability

Security experts believe Log4Shell affects hundreds of millions of devices around the world.

In light of the discovery of the vulnerability, the Canada Revenue Agency (CRA) last week shut down several of its online services, preventing users from accessing their accounts.

“The ARC has become aware of a security vulnerability affecting organizations around the world. As a precaution, we have proactively decided to take our systems offline while we work to secure our systems, ”a CRA notice said, adding that the agency has no indication that its systems have. compromised, or any indication that a taxpayer’s information had been viewed by an unauthorized person.

Over the weekend, the Quebec government also shut down nearly 4,000 of its websites as a precaution against the exploit. Websites related to education, health and public administration were affected by the shutdown.

Quebec government’s Digital Transformation Minister Eric Caire said there was no indication the government was the victim of a successful cyberattack, CBC News reported.

Experts recalled that private companies are also vulnerable to the same software exploit.

Patrick Mathieu, co-founder of the Quebec computer security event Hackfest, told The Canadian Press that he was concerned about the lack of communication from large companies such as banks on how they are working to address the vulnerability.

“Yes the [Quebec] the government shut it down, but what about big institutions, finance, insurance, mortgages, medical companies? Are they working on the problem? »Says Mathieu. “The lack of transparency right now is dangerous.”

Sumit Bhatia, director of Rogers Cybersecure Catalyst at Ryerson University, explained that even if small and medium-sized businesses don’t develop frameworks using log4j, they could still use products and services from developers who do.

“And it is important for them to contact their service providers and ask them what action has been taken,” noted the academic expert.

Source link

Veronica J. Snell