Government invests in programmers to identify vulnerabilities in system, says expert
Global Affairs Canada (GAC) is looking into a cyber attack that has affected its system for over a month, according to reports.
On Tuesday, the department said that “an unplanned IT outage is currently affecting remote access to GAC’s network in the country,” Global News reported, citing a memo.
“This partial outage was intentionally activated on Jan, 24 to address the discovery of malicious cyber activity,” the statement said.
In internal communications with employees, GAC said it fell victim to a data breach when one of its Virtual Private Networks (VPN) was “compromised” for over one month.
Canada-based workers use the said VPN to securely connect to GAC’s Ottawa headquarters. It has likely been compromised since Dec. 20, but GAC only discovered the breach on Jan. 24, the National Post reported, citing an internal memo.
“There has been unauthorized access to personal information of users including employees,” said spokesperson Marilyne Guèvremont in a statement.
“The department is contacting those affected with mitigation measures to ensure that sensitive and personal information is secure.”
GAC also told its employees that it disclosed the breach to the Federal Privacy Commissioner last week “as required when a privacy breach of this nature occurs,” noted the National Post.
GAC is working with Shared Services Canada and the Canadian Centre for Cyber Security – part of the Communications Security Establishment – “to restore full connectivity as soon as possible,” the department said, according to Global News.
The department had also asked staff to “pay close attention to all broadcast messages on this topic, ensure that all steps are followed.”
Recently, Toronto Public Library (TPL) said that it has restored to network connectivity more than 3,000 staff computers, which paves the way for reconnecting more than 2,000 public computers to the network. That came after the library fell victim to an Oct. 28, 2023 cyberattack.
One month is “a long time” for a system to be compromised, said cybersecurity expert Steve Waterhouse in the National Post report.
The severity of the attack, however, depends on how deep into GAC’s protected networks hackers managed to get.
There have been a few “zero-day vulnerabilities” in popular VPN hardware products that have come to light in the last month that could explain the breach, said Waterhouse.
He added that it’s time the government invests in programmers who will look for vulnerabilities in their own systems. That will allow the departments to address vulnerabilities and prevent further breachers, he said.
GAC was also a victim of a breach in 2022. Early that year, a still-unidentified foreign state actor shut down numerous GAC internal systems over a number of days.
In the first half of 2023, Trend Micro blocked more than 85.6 billion cyber threats globally, consisting of email threats, malicious files and malicious URLs. That marked a 27% year-over-year increase.