SF W18

Security Fridays: Week 18

MFA: Defending your data from cyber attacks

This security breach in Canada is most troubling. The Canadian Treasury Board released a statement that some 9000 accounts were compromised, but the number could be much higher. The attack method used was credential stuffing, which means that the attackers already had a list of account names and passwords, possibly from a sister agency or the dark web. The process is different than other attacks, because the attackers believe that they have valid credentials and are trying them out to see how many are in fact, accurate. The attack is not brute forcing these credentials. In this case, more than 9000 were accurate. A simple multifactor check at the time of authentication would have provided the additional security needed to thwart off these would-be attackers.

This is one of those articles where the reader needs to know a little something about how these attacks work and a little bit about how government systems work. The article puts out a complaint that Canadians lost COVID-19 payments as a result of the attack, which is a nice buzz word to use and draws the reader’s attention from fear. They fail to mention that the Canadian Government will get the correct payments out to these people with only a few days delay. The issue really, is the embarrassment, time and money put into doing all that recovery – which could have been avoided if they simply kept systems relevant and current.

 

Read the article that was analysed here https://www.infosecurity-magazine.com/news/canadian-citizens-credential/

Category: Industry News

Michael

Michael Urgero, Pre-Sales Consultant

Senior subject matter expert with almost 30 years in the field. Deep knowledge in the areas of networking, security and data centre transformation. A respected leader and trusted advisor from bench-tech to boardroom.

Identity Access Management

Identity and Access
Management

(IAM)

Making the complex simple.

Effective, secure IAM for all your business challenges.

Learn more about SecurEnvoy IAM
 
Cyber Security Blog

Hear more from
our security
experts

Sign-up today

What to read next...