Minister Éric Caire, responsible for Access to Information and Protection of Personal Information, confirmed the existence of this situation during a press conference.
” To date, we have no indication that we have been the victim of a successful attack. “
A previous version of the article suggested that cyberattacks had taken place, in particular against Hydro-Québec. This was not the case, the closures of government websites were preventive.
Mr. Caire nevertheless specified that “we were facing a critical threat of 10 out of 10”. It is now a question of analyzing each site to see if the attacker (s) are using the vulnerable system.
If the sites are online, they have been verified, said Cairo.
Thus, for example, the site for making appointments for vaccination, Clic Santé, is functional. On Sunday, however, the government was unable to indicate when everything could return to normal.
Like a needle in a haystack
allows an attacker to break into a server to then introduce a malicious code and thus
take control of the server and all the data it contains.
” We must scan all of our systems, said Minister Cairo. We’re looking for a needle in a haystack. “
Since Friday evening, the Canada Revenue Agency has stopped its online services. The Agency indicates that it is aware of a
security vulnerability. His site is now available. Revenu Québec did the same on Saturday evening.
Similar attacks have been recorded elsewhere in the world.
Vulnerability in the Log4j library
The Canadian Center for Cyber Security
strongly recommends that organizations review potentially affected applications internally.
The institution warns that
Due to the widespread use of the Log4j library in popular infrastructures, many third party applications could be vulnerable.
We urge Canadian organizations of all types to follow recommendations and promptly report any incidents to the Cyber Center., for her part declared the Canadian Minister of National Defense, Anita Anand.