The Gately Report: Webroot on Tax Scams, 'Shields Up' Warning on Russian Hacks, Securonix Funding
Every organization in the United States is at risk from Russian cyber threats.
![Taxes Taxes](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt9fb7618ce73e9e38/6524357e57fabd36704061be/Taxes.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock
Channel Futures: What sorts of scams have cybercriminals initiated during previous tax seasons?
Webroot’s Grayson Milbourne: The types of scams are really numerous. One of the things we see are phone-based scams. The IRS is unlikely to call you, and if they call you, they’re certainly not outsourcing that call center to India or anywhere outside of the United States. [Scammers] will sometimes collect public records and then they’ll see who owes money, or sometimes they will just go after people and claim you owe money. Another more devious one is looking at people who have recently received their refund and then targeting those people. They’ll call them saying, “You actually received an erroneous refund and you need to send that money elsewhere, and we’re going to send you the proper refund.” So a lot of it’s really social engineering.
We’ve even seen things that come through snail mail, not necessarily even email. And then the last one that we see a ton of is just [text]-based. You’ll get a text message claiming to be from the IRS saying that you need to visit this website and fill out a form, and submit information. The creativity never ceases to amaze me, unfortunately.
CF: Do many of these scams succeed? If so, why?
GM: It’s basically just a law of averages. If I send out and attack 1 million people and I get 1%, that’s 10,000 people who have fallen for my trick and probably the odds are lower than that. There are close to 200 million people who file tax returns in the United States each year. So the pool of opportunity is really vast.
The goal of of these types of scams is money. And when you think about the human psyche … there’s fear and there’s greed. These are two of the most powerful human emotions. So scammers look to exploit and take advantage of your fear and greed. There are the fear-based scams where you owe back taxes and “we’re going to garnish your wages. We’re going to do bad things to you.” And then greed is kind of the more insidious one because when you’re feeling greedy, you bring your guard down. So greed-based scams are like, “Hey, we’ve just given you your refund and it turns out there was an error. We need to fix it. We’re on your side. We’re your friend.”
Combating those emotions is a really tough thing to do. And this is why scams get worse every year. A lot of people are making a lot of money doing this.
CF: Why are tax-related scams profitable? Do you have to fool a lot of people? Can you get a lot of money from an individual?
GM: It could be thousands of dollars from tricking one person. And if you think about where a lot of these scams originate, they’re much less affluent than the United States. These are not homebrewed attacks in the vast majority of cases. These are external attacks looking at our wealthy economy and population, and seeing that there’s an opportunity there. That’s not to say there aren’t the same types of tax scams being launched from within the United States. But if $1,000 a month is a good living where you’re from, all you need to do is trick maybe one or two people a month.
CF: Are businesses also targeted?
GM: It’s much more in the SMB space. The smaller a business you are, the less likely you are to have a dedicated tax person or somebody in your organization whose full responsibility is that. I’m talking the smaller of the small businesses, those with maybe like 20 employees or [fewer], which makes up an enormous portion of our economy. Often they have the the CEO, who’s the founder of the business, who does payroll, taxes and finance. It comes down to whom you trust. And I think another area of scams that we’ve not talked a lot about, but it’s certainly very prevalent, is the quality of your tax accountant. There are some people out there who feast on the unwitting. So it’s important to vet whoever you work with. A business is its own individual tax entity, and as such, it can fall victim to the same types of scams.
CF: Are cybercriminals likely to be using new tools and scams during this tax season? Does every tax season bring new tactics?
GM: It absolutely does. What it focuses on is the current event culture and what’s going on. For the last few years, COVID-19, the pandemic and stimulus payments have all been fantastic new bait that these scammers have been using to perpetuate their their scams. How is society reacting or what is society reacting to? That’s where their opportunity lies. And very often we see attacks that piggyback off of any sort of major news event.
For this tax season, a lot of people have gotten a stimulus. The government appropriated a lot of money to help the people who needed it. [And scammers] look at this as an opportunity to exploit a system that they think doesn’t have proper oversight. The best way to defend against this and to protect against this is visibility. You should be checking your credit report. You cannot expect to be protected from something without paying any attention to it.
CF: As far as SMBs, are there ways that cybersecurity providers can help them to not become victims during tax season?
GM: This applies to tax season, but it also goes above and beyond that. One of the things I’ve been really passionate about for several years now is security awareness training. It’s important that we know that this is the way you’re supposed to handle important financial information. Cybersecurity is becoming the same in that people need to be educated about the types of risks that they face.
We see a lot of business email compromise (BEC) types of attacks where somebody pretends to be somebody they’re not and tricks somebody. So you can have just simple protocols in place to say, if we’re going to be transferring money, I need to talk to you on the phone or FaceTime with you. If I got an email, let me call you. If I got a text message, let’s get on the phone. Getting on the phone a great way to thwart a lot of these things. There are a lot of great training platforms out there that provide the ability to educate your workforce and yourself about the the types of scams that are ongoing.
CF: If you’ve been victimized, is there anything you can do in the aftermath?
GM: You have to report it. There’s no fault to you. It’s in your best interest to report it to your local authorities. I would start there and they will help you direct it upward. They’ll have the right way to communicate and collect the necessary next pieces of information that could ultimately lead to you recovering some of your money. And at least you want to show your insurance companies that you took initial steps. So it’s really always best to disclose these things when they happen. Nobody likes it when it happens. But the sooner you disclose it, the more capable the protective services are able to do that job.
In other cybersecurity news …
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a “shields up” warning that American companies should be extra cautious about potential hacking attempts from Russia as tensions with the country rise.
“Every organization in the United States is at risk from cyber threats that can disrupt essential services and potentially result in impacts to public safety,” it said. “Over the past year, cyber incidents have impacted many companies, nonprofits and other organizations, large and small, across multiple sectors of the economy.”
Notably, the Russian government has used cyber as a key component of their force projection over the last decade, the CISA said. That includes previously in Ukraine in the 2015 timeframe.
“The Russian government understands that disabling or destroying critical infrastructure, including power and communications, can augment pressure on a country’s government, military and population, and accelerate their acceding to Russian objectives,” it said.
While there are not any specific credible threats to the U.S. homeland, there is potential for the Russian government to consider escalating its destabilizing actions in ways that may impact others outside of Ukraine.
CISA recommends all organizations, regardless of size, adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets.
Sandy Dunn is BreachQuest‘s CSO. She said the shields-up message is a call to action to every business leader, CISO and cybersecurity team.
“A CISO should act on the [message] the same way a person listens and acts when the weatherman warns of a hurricane may be headed to the area you live in,” she said. “For a hurricane, you check the windows, the pantry for food supply, buy extra water and batteries for a working flashlight. A cybersecurity team needs to double down on their environment. Call a team meeting, make sure people on the team are on high alert, review the incident response plan and have it available. Send a message out to the users in your organization to watch for suspicious activity. Also, send a message to the executive leadership in the organization that the shields up message is a call to action, and you are prepared.”
Gadi Naveh is cyber data scientist at Canonic.
“The CISA alert reminds business leaders that the global economy is connected, even if no organizations that conducted business with Ukraine suffered from previous attacks,” he said. “Many local companies have customers and even employees to support in Ukraine. This helps to develop a mindful view of geopolitical events and their potential impact on your own security posture.”
The San Francisco 49ers NFL team isn’t the only victim of the BlackByte ransomware gang. The gang has compromised entities in at least three U.S. critical infrastructure sectors, according to a joint warning issued by the FBI and the U.S. Secret Service
As of November 2021, BlackByte ransomware had compromised multiple U.S. and foreign businesses, including entities in at least three U.S. critical infrastructure sectors. Those include government facilities, financial, and food and agriculture.
BlackByte is a ransomware as a service (RaaS) group that encrypts files on compromised Windows host systems, including physical and virtual servers.
Erich Kron is KnowBe4‘s security awareness advocate.
“The critical infrastructure sector has been plagued by ransomware attacks, as the criticality of the systems makes quick recovery vital, which increases the likelihood that the victims will pay the ransom,” he said. “This same criticality also makes law enforcement attention much more likely. However, given the low success rate of law enforcement busts, this is often a chance the groups are willing to take.”
Critical infrastructure and many government entities are especially vulnerable to ransomware attacks as limited budgets, aging equipment and shortages in cybersecurity staffing all pose significant challenges for the defenders of these networks, Kron said.
“These groups must focus on the top attack vectors used in ransomware attacks, usually email phishing and attacks on remote access portals,” he said. “Training the users to spot and report phishing emails and improving the organizational security culture, along with ensuring remote access portals are monitored for brute force attacks and that credentials being used have multifactor authentication (MFA) enabled are some top ways to counter these threats.”
This week, Securonix, the threat detection and response provider, announced it has received more than $1 billion in growth investment funding.
Vista Equity Partners led the Securonix funding with participation from Volition Capital and Eight Roads Ventures. Securonix will continue its hypergrowth trajectory while meeting record customer demand.
David Wagner is Securonix’s vice president of global MSSPs and SIs. He spoke with us about what partners can expect from this funding.
Channel Futures: What will this investment mean for Securonix’s partners?
David Wagner: It means we will increase our leadership in innovation by allowing us to hire more personnel targeting different areas of our platform from extended detection and response (XDR) to security orchestration, automation and response (SOAR), to Threat Labs and more. It will create all sorts of new opportunities for our partners as we continue to innovate the platform and roll out new offerings, extending our analytics-driven approach to threat detection and response to the application, OT and IoT layers.
Companies want to make sure that the underlying technologies that power their MSSP have the most capability now and can grow to meet everchanging needs in the future. This funding provides them the confidence that Securonix will be the leader for many years to come as our main goal is to continually innovate our technology to better serve our global partner and customer base. This, combined with our increased marketing spend, will bring more prospects to all of our MSSPs.
CF: What role do partners play in Securonix’s continuing growth?
DW: Our partner ecosystem is the centerpiece to our go-to-market (GTM) strategy. We expect our MSSPs to lead the way to continued exponential growth for Securonix. Our MSSP program is still only two-and-a-half years old. We expect our top MSSPs to start growing by 50%-100% or more in their third and fourth years in the program.
CF: Will this investment give Securonix and its partners a competitive advantage?
DW: Securonix is already a leader in the Gartner Magic Quadrant for the past three years, positioned furthest for completeness of vision this past year. We also scored highest across all three use cases in critical capabilities. This investment ensures that we will continue and even expand our lead over our competitors with the ability to accelerate product innovation and GTM efforts, building on recent innovation including flexible deployment models like “Bring Your Own Snowflake” and “Bring Your Own AWS” that align with customers’ cloud strategies and overall business needs, and new offerings including Securonix Open XDR, SOAR and Autonomous Threat Sweeper (ATS).
An Internet Society (ISOC) data leak exposed the personal data of more than 80,000 members. ISOC is a nonprofit dedicated to keeping the internet open and secure.
Clario and an independent researcher recently discovered an open and unprotected Microsoft Azure blob repository containing millions of files with personal and login details belonging to ISOC members.
The repository contained millions of files with personal and login details belonging to ISOC members and potentially putting their privacy at risk.
As soon as the sensitivity of the data and the owner of the repository were confirmed, an email alert was sent to ISOC. On Dec. 15, the repository was secured.
While many ISOC members are looking to support the organization in its mission, the exposure of their sensitive details could have put them at risk of being attacked by cybercriminals, according to Clario
Demi Ben-Ari is co-founder and CTO at Panorays.
“This is not the first time that we’ve seen massive data leaks as a result of third parties’ cloud misconfigurations, nor will it be the last,” he said. “In fact, recent research found that a full 5% of suppliers had public browsing for cloud storage buckets, indicating a significant problem that must be addressed. This is why it is so essential to use a solution that can evaluate how suppliers manage their data with cloud services. Specifically, it’s important to check whether cloud services reside in a single geographic region, host a website within a cloud storage bucket and whether they have a public listing enabled for a cloud storage bucket. All are red flags of possible cloud issues and misconfigurations that could result in data leaks or breaches.”
An Internet Society (ISOC) data leak exposed the personal data of more than 80,000 members. ISOC is a nonprofit dedicated to keeping the internet open and secure.
Clario and an independent researcher recently discovered an open and unprotected Microsoft Azure blob repository containing millions of files with personal and login details belonging to ISOC members.
The repository contained millions of files with personal and login details belonging to ISOC members and potentially putting their privacy at risk.
As soon as the sensitivity of the data and the owner of the repository were confirmed, an email alert was sent to ISOC. On Dec. 15, the repository was secured.
While many ISOC members are looking to support the organization in its mission, the exposure of their sensitive details could have put them at risk of being attacked by cybercriminals, according to Clario
Demi Ben-Ari is co-founder and CTO at Panorays.
“This is not the first time that we’ve seen massive data leaks as a result of third parties’ cloud misconfigurations, nor will it be the last,” he said. “In fact, recent research found that a full 5% of suppliers had public browsing for cloud storage buckets, indicating a significant problem that must be addressed. This is why it is so essential to use a solution that can evaluate how suppliers manage their data with cloud services. Specifically, it’s important to check whether cloud services reside in a single geographic region, host a website within a cloud storage bucket and whether they have a public listing enabled for a cloud storage bucket. All are red flags of possible cloud issues and misconfigurations that could result in data leaks or breaches.”
Tax-filing season is approaching, and cybercriminals are gearing up with their latest tactics to steal money from individuals and SMBs.
The Internal Revenue Service (IRS) is reminding taxpayers to protect their personal and financial information, and watch out for IRS impersonation scams, along with other schemes that try to trick people out of their money.
Experts anticipate this year to be the most lucrative for cybercriminals, with new points of entry and seemingly simple transactions. Those include phishing scams with QR codes, notifications dubbed as easy payment methods, double and triple ransomware, and insider threats.
Tax-Filing Season Scams Lucrative Business
To learn more about what’s in store for this tax-filing season, we spoke with Grayson Milbourne, security threat intelligence director at Webroot, an OpenText company.
Channel Futures: Why is this tax season shaping up to be the most lucrative for cybercriminals?
Webroot’s Grayson Milbourne
Grayson Milbourne: It’s almost like every year seems to be the most lucrative and next best year for cybercriminals. The reality is every year we become more of a digital society where we do things online. We file our taxes online and we shop online, and the pandemic only accelerated this transformation. We forced ourselves into doing everything online, sort of the new normal way that we interact with e-commerce or with banking, or with tax season. So because of that, we see every year a really huge spike in phishing activity directly correlated to the tax filing season.
Everybody knows they have to do this task and there’s a lot of complexity to it. It’s not just filing it. There are a lot of other types of scams that associate themselves to preparation. A lot of people had stimulus payments — and there are taxes associated with those. There’s unemployment and a lot of scams associated with tax season around that. So it’s kind of the first feast of the year for scammers … and then we get the end-of-the-year holiday season and we see huge spikes then as well.
Scroll through our slideshow above for more from Webroot and more cybersecurity news.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like