Security & Fraud

The Canadian Government Has Been Hacked, And Experts Say Many More Hits Are Coming

The Canadian government was forced to pull the plug on its website for filing federal taxes after it became clear that cybercriminals had broken into the statistics bureau last week. The hack was reportedly made possible by a newly-disclosed bug in the software.

Statistics Canada says the good news is that the intrusion was stopped before any data when out the door.

The bad news is this is the first major hack attributable to a bug in Apache Struts 2 — software that is often used on government, bank and retail websites. Or, at least, this is the first known hack — various security firms believe more of these are coming because the exploit in Apache Strut 2 is easy to tap into and widely publicly known since word of it started appearing on security and hacking websites last week.

Techs are now working double-time to patch that hole around the world, Chris Camacho, chief strategy officer with cyber intelligence firm Flashpoint, told Reuters.

He said the vulnerability was actively being exploited by hackers, though offered no additional details.

The vulnerability was first found a week ago when the Apache Software Foundation released an update to fix the bug, saying it could enable hackers to gain remote control of a web server. Once the server is controlled via the bug, hackers can steal data, access the victim’s website or just crash the site entirely.

“This vulnerability is super easy to exploit,” Chris Wysopal, chief technology officer with security software maker Veracode, said. “You just point it to the web server and put in the command that you want to run.”

——————————

PYMNTS LIVE TV: POWERING THE DIGITAL SHIFT | MAY 18-22, 2020

Five days of intimate interviews and streaming TV shows ‘starring’ the smartest people in payments.
The economy is slowly reopening on a changed world where “business unusual” is now just “business.” Tune in as PYMNTS CEO Karen Webster and special guests from across the payments universe ditch “digital optional” and bring on the digital-first engagements buyers and sellers really want. Join experts in a series of live conversations rethinking business models, customer experiences, payments choice, verticals…everything.

Click to comment

TRENDING RIGHT NOW