There are indications that the vulnerability has affected other countries as well. Last week, networking company Cisco Systems also issued an advisory which warned about the bug in the Apache Struts 2 code which the CRA encountered, could have affected some of the company’s products.
Over the weekend, the revenue agency halted its online services, including electronic filing and conducted necessary maintenance security patches. Services were restored by 5 p.m. Sunday, however, forensic examination of CRA’s servers are still being done.
The CRA made it clear that it believes taxpayer’s information is safe
“We took this action as a precaution, not as the result of a successful hack or breach,” a statement from the CRA said. “We are now confident that the solution has been rigorously and successfully tested and services returned online.”
The CRA was not the only government agency that experienced service disruption. Shared Service Canada also reported that an attacker gained access to some of its servers for a brief moment.
The vulnerability was traced to a bug found in an open source software used called Apache Struts 2, which was being used by the CRA and SSC to create Web applications. The vulnerability opened up the system to remote code execution.
During a press conference in Ottawa yesterday afternoon, Treasury Board of Canada Secretariat deputy chief information officer Jennifer Dawson said cyber attacker only managed to access information from the CRA Web site that was already publicly available.
Affected CRA services
“Due to our quick and proactive approach, we’re confident that we’ve prevented government information, including the personal information of Canadians, from being breached. We’ve seen no evidence of this information being compromised,” she said in an interview with the CBC.
Among the affected services were MY Account, My Business Account, Represent a Client, MyCRA mobile app, MyBenefits mobile app, Netfile, EFILE and Auto-Fill My Return.
John Glowacki, chief operations officer of SSC, said Monday that forensic examinations are still being carried out to analyze systems logs.
“We will not speak for other countries, but we will say we have information that some other countries are having greater problems with this specific vulnerability,” The Register UK, quoted his as saying.
Cisco says some of its products could be affected
On March 10, Cisco issued an advisory which warned the Apache Struts 2 bug affected certain Cisco products.
“On March 6, 2017, Apache disclosed a vulnerability in the Jakarta multipart parser used in Apache Struts2 that could allow an attacker to execute commands remotely on the targeted system using a crafted Content-Type header value,” according to Cisco.
Here’s a list of the Cisco products currently “under active investigation” by the company:
- Cisco Unified MeetingPlace
- Network Management and Provisioning
- Cisco Prime License Manager
- Routing and Switching – Enterprise and Service Provider
- Cisco Universal Small Cell 5000 Series – Running Releases 3.4.2.x
- Cisco Universal Small Cell 7000 Series – Running Releases 3.4.2.x
- Cisco Universal Small Cell Iuh
- Voice and Unified Communications Devices
- Cisco Emergency Responder
- Cisco Packaged Contact Center Enterprise
- Cisco Unified Attendant Console Advanced
- Cisco Unified Attendant Console Business Edition
- Cisco Unified Attendant Console Department Edition
- Cisco Unified Attendant Console Enterprise Edition
- Cisco Unified Attendant Console Premium Edition
- Cisco Unified Message Gateway
- Cisco Unified Workforce Optimization – Quality Management Solution
- Cisco Unified Workforce Optimization
- Video, Streaming, TelePresence, and Transcoding Devices
- Cisco MXE 3500
- Cisco Mobility Services Engine
- Cisco Hosted Services
- Cisco Data Center Analytics Framework
- Cisco Network Performance Analysis
- Cisco Universal Small Cell CloudBase Factory Recovery Root Filesystem – Releases 2.99.4 and later
Cisco said the bugs are accessible through the Cisco Bug Search Tool and contain additional platform-specific information, including workarounds (if available) and fixed software releases.
SAMSUNG GALAXY S8 PLUS
The Samsung Galaxy S8 Plus is a beautifully crafted smartphone with nearly no bezel, curvaceous in design and reflects a…
How to: Connect to Exchange Online Using Multi-Factor Authentication
Using PowerShell to manage your Microsoft cloud services like Exchange Online and using multi-factor authentication (MFA) separately is awesome. Using…