topic Hackers attack Canada Revenue site in Tech Talk https://community.isc2.org/t5/Tech-Talk/Hackers-attack-Canada-Revenue-site/m-p/52839#M3618 <P><A href="https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020" target="_blank">https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020</A></P><P>&nbsp;</P><P>During the COVID crisis, the Canadian government offered a program to assist Canadians that lost their jobs.&nbsp; It was intended to provide monies to allow them to pay rent/buy food/ etc.&nbsp; The program was called Canada Emergency Response Benefit (CERB).&nbsp; Seems that two separate cyber attacks compromised user credentials using "Credential Stuffing".</P><P>&nbsp;</P><P>Thoughts?</P><P>&nbsp;</P><P>d</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 30 Aug 2022 22:21:06 GMT dcontesti 2022-08-30T22:21:06Z Hackers attack Canada Revenue site https://community.isc2.org/t5/Tech-Talk/Hackers-attack-Canada-Revenue-site/m-p/52839#M3618 <P><A href="https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020" target="_blank">https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020</A></P><P>&nbsp;</P><P>During the COVID crisis, the Canadian government offered a program to assist Canadians that lost their jobs.&nbsp; It was intended to provide monies to allow them to pay rent/buy food/ etc.&nbsp; The program was called Canada Emergency Response Benefit (CERB).&nbsp; Seems that two separate cyber attacks compromised user credentials using "Credential Stuffing".</P><P>&nbsp;</P><P>Thoughts?</P><P>&nbsp;</P><P>d</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 30 Aug 2022 22:21:06 GMT https://community.isc2.org/t5/Tech-Talk/Hackers-attack-Canada-Revenue-site/m-p/52839#M3618 dcontesti 2022-08-30T22:21:06Z Re: Hackers attack Canada Revenue site https://community.isc2.org/t5/Tech-Talk/Hackers-attack-Canada-Revenue-site/m-p/52848#M3619 <P><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/715155969">@dcontesti</a>Obviously they had not read SP800-207 Zero Trust security and had not even commenced that journey in terms of detecting and responding to such compromises.&nbsp;&nbsp; It appears their maturity level was at level 0.</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P> Wed, 31 Aug 2022 04:37:44 GMT https://community.isc2.org/t5/Tech-Talk/Hackers-attack-Canada-Revenue-site/m-p/52848#M3619 Caute_cautim 2022-08-31T04:37:44Z