Minister says 'no systems under attack' in Quebec following cybersecurity threat - Action News
Home WebMail Friday, November 22, 2024, 11:53 AM | Calgary | -10.8°C | Regions Advertise Login | Our platform is in maintenance mode. Some URLs may not be available. |
Montreal

Minister says 'no systems under attack' in Quebec following cybersecurity threat

Some Quebec governmentwebsitestaken down Sunday due to a massive software vulnerability are back online.

Nearly 4,000 websites targeted but some coming back online

A person types at a keyboard
After a major cybersecurity threat, some of the nearly 4,000 Quebec government websites that were taken offline are now back up. (Trevor Brine/CBC)

Quebec's digital transformation minister said despite a widespread threat to government websites in the province and across the world, Quebec systems and user data donot appear to have been affected.

"From what we know now, no systems were under attack," Caire said in an interview with CBC Monday.

"Our teams were quick to react, very quick to solve the problem and put in place proceduresto solve the problems."

The province did the right thing in taking nearly 4,000 government websites down temporarilyin the face of a serious cybersecurity threat, according to one expert.

"I'm really happy to see that the Quebec cyber-defence centre was quick to alert authorities, as well as the private and public sectors, to block access to those sites," said Mourad Debbabi, the dean of Concordia University'sGina Cody School of Engineering and Computer Science.

Some Quebec governmentwebsitestaken down Sunday due to the massive software vulnerability are back online.

Thewebsitesof power utility Hydro-Qubecand the Health Ministrywere restored today, while the Education Ministry and some university services remain unavailable.

Patrick Mathieu, co-founder of Hackfest, a large annual hacking event in Quebec City, said it might take a while until all services are secured and restored.

"This is one of the biggest vulnerabilities from the last 10 or 15 years,'' Mathieu said.

Quebec shutdown close to 4,000 governmentwebsitesfollowingthe threat of an internationalcyberattackon a widely used logging system.

Mourad Debabbi is the dean of the Gina Cody School of Engineering and Computer Science at Concordia University. (Radio-Canada)

Some 3,992 provincial governmentwebsiteswere deemed to beat risk, according toricCaire, Quebec'sminister for government digital transformation.

The government doesn't keep an inventory of which websites use the Apache software which Mathieu called a technical challenge. Part of the problem, he added, is that government websites may use other software programs that include the vulnerability.

"They need to have a full inventory of all their systems everything that is installed on it,'' he said. "Are we even vulnerable to this? Instead of waiting a week or a month to figure it out, it's easier to shut down and not be vulnerable.''

Mathieu said the government may be able to fix its most visible sites by the end of the week, but he said he believes it could take up to six months before the government manages the vulnerability completely.

Learning to live with the risk of cyber threats

Debabbi says the threat has affected millions of servers around the world, and that we can expect more like it in the future.

"Just like we are learning to live with COVID-19, we have to learn to live with the risk of these [cybersecurity] threats," Debabbi said.

The software flaw allows an unauthorized user to easily gain access to a vulnerable system over the internet.

Cybersecurity experts praised Quebec's decision to take the websites down, however, they warned that getting all government systems back online could take weeks or months.

Experts say Canadians should be careful online in light of a massive software flaw that has resulted in the precautionary shutdown of thousands of websites.

The Canadian Centre for Cyber Security issued an alert on Dec. 10 about the recently discovered software vulnerability in a Java-based library of an Apache product known as Log4j.

Quebec Minister for Government Digital Transformation ric Caire said in a news conference Sunday that an unsuccessful cyberattack targeted 3,992 government websites. (Graham Hughes/The Canadian Press)

Experts describe the software flaw as an "open back door"that could give cyber criminals access to thousands of organizations that use the Apache program.

The flaw may be the worst computer vulnerability discovered in years. It was uncovered in a utility that's ubiquitous in cloud servers and enterprise software used across industry and government.

Unless it is fixed with a patch Apache created for the program, it grants criminals, spies and programming novices alike easy access to internal networks where they can loot valuable data, plant malware, erase crucial information and much more.

The government of Quebec and the Canada Revenue Agency are among the organizations that have already suspended website operations as a precaution.

Experts say there is no way for the average Canadian to know whether a website they use has the software vulnerability or not.

That means Canadians need to more careful than ever about safety online, including watching out for suspicious emails and refraining from clicking on unknown links.

With files from The Canadian Press, Associated Press and Cathy Senay