threat updates
NORTH AMERICA
The Government of Canada announced it was taking
action in response to ‘credential stuffing’ attacks mounted
on its GCKey service and CRA accounts.
These attacks, which used passwords and usernames
collected from previous hacks of accounts worldwide, took
advantage of the fact that many people reuse passwords
and usernames across multiple accounts.
GCKey allows Canadians to access government services
online. Of the roughly 12 million active GCKey accounts in
Canada, the passwords and usernames of 9,041 users were
acquired fraudulently and used to try and access government
services, a third of which accessed such services and are
being further examined for suspicious activity.
GLOBAL
Cruise line operator, Carnival Corporation & Carnival plc, has
announced that one of its brands suffered a ransomware
attack that accessed and encrypted a portion of IT systems.
The unauthorised access also included the download of
certain data files.
In a statement, the company said that, based on a preliminary
assessment and the information currently known, it expected
that the security event included unauthorised access to
personal data of guests and employees.
The firm has launched an investigation and notified law
enforcement and engaged legal counsel and other incident
response professionals.
24 Issue 29 | www.intelligentciso.com