Thousands of Canadian websites offline over cybersecurity threat

Eric Caire, Quebec’s minister of digital transformation, said the province has since been working to identify which websites are at risk, one by one, before putting them back online.Graham Hughes/The Canadian Press

Amid warnings from Ottawa of a global online security issue, Quebec said Sunday that it has shut down almost 4,000 government websites as a preventative measure after receiving a cyberattack threat.

At a news conference, Quebec’s minister of digital transformation said the province was made aware of the threat on Friday and has since been working to identify which websites are at risk, one by one, before putting them back online.

“We’re kind of looking for a needle in a haystack,” Eric Caire said, in Quebec City, “Not knowing which websites use the [affected] software, we decided to shut them all.”

He added, “Once we make sure the system is operational, it gets back online.”

Mr. Caire said the provincial vaccine passport system was never at risk, saying it doesn’t require the software that has been the focus of attention.

Canada Revenue Agency goes offline as a precaution, citing global ‘security vulnerability’

Defence Minister Anita Anand said the federal government is aware of a “vulnerability” in a software product called Apache, “which has the potential to be used by bad actors in limited and targeted attacks.”

Ms. Anand said in a statement Sunday that the Canadian Centre for Cyber Security is calling on Canadian organizations of all types to pay attention to this “critical, internet vulnerability affecting organizations across the globe.”

The centre leads the government’s response to cybersecurity events, combining expertise from Public Safety Canada, Shared Services Canada and the Communications Security Establishment (CSE) to work with private and public sectors.

Asked for more details on the reference to Canadian organizations of all types, the CSE said Sunday that it was referring to small, medium and large organizations/enterprises, but did not provide any further details.

The Canada Revenue Agency said Sunday that it became aware on Friday of a security vulnerability.

“As a precaution, we proactively decided to take our online…