A quick Saturday digest of cybersecurity news articles from other sources.
[IRS Alert] Three Tips To Protect Against Tax Season Refund Scams
Urging taxpayers and tax professionals to be vigilant, the U.S. Internal Revenue Service (IRS) provides some simple guidance on how to spot new scams aimed at being able to file fake tax returns.
Apparently, there are actually three certainties in life: death, taxes and scams revolving around taxes. This according to the IRS, as part of their annual Security Summit. As with any major event that has the attention of millions of people simultaneously, tax season is no exception.
We’ve seen in recent years a consistent surge in tax-related scams in the months before taxes are due in the United States. Here are three simple ways the IRS said you can spot scams:
- Given that many scams impersonate the IRS, the recommendation is to first realize that the method of communication should be scrutinized. Most scams start with an email or a text – communication mediums the IRS almost never uses. Official IRS communication is most often handled through the mail.
- I’d like to add that it’s not out of the realm of possibility for a scam to pretend to be a well-known tax preparation company or online service claiming to get you a refund… “guaranteed”. I’m calling it here… if it hasn’t already been done, we’ll see it next year!
- Those responsible for the organization’s finances could also be targeted in an attempt to solicit payments. Be sure those individuals remain vigilant as we move into the months leading up to April 15.
Blog post with links: https://blog.knowbe4.com/irs-warns-tax-scams
Attacks on Critical Infrastructure Are Harbingers of War: Are We Prepared?
Here is a great post by Morgan Wright, chief security advisor of SentinelOne. Here is a quick summary and a link to the full article is at the bottom. The recent attacks on water authorities like Aliquippa and St. Johns River have cast a spotlight on the vulnerability of critical infrastructure.
Such attacks are not just about causing physical damage; they strike at the core of society, threatening our basic needs for water, power, and safety. These incidents should be seen as potential precursors to larger conflicts, highlighting an urgent need for enhanced cybersecurity measures.
Why are these infrastructures targeted? The answer lies in their psychological and strategic importance. Unlike a temporary bank outage, disruptions in essential services like power and water supply immediately impact daily life, invoking a survival instinct among the populace. This was evident during the Colonial Pipeline ransomware attack, which led to widespread panic and hoarding of fuel, despite there being no actual fuel shortage.
This strategy of targeting critical infrastructure is known as Intelligence Preparation of the Battlefield (IPB), a concept originating from the Arab-Israeli War of 1973. It’s a method to anticipate and influence enemy actions. Major global powers like Russia, China, and Iran have different motivations for such attacks. While Russia and China focus on IPB for strategic positioning, Iran’s attacks, such as the one on Aliquippa, are more ideologically driven.
China’s extensive preparation for digital and physical conflict is evident from their activities, including cyber attacks on critical US infrastructure. The US Department of Justice has also indicted Russian nationals for targeting critical infrastructure, highlighting the global scale of this threat.
The use of ransomware in IPB is particularly concerning. The FBI’s 2022 report noted a significant number of ransomware attacks on critical infrastructure, often with the tacit approval of adversarial states. These attacks are not just financially motivated but serve broader strategic objectives.
As we approach the eighth anniversary of Russia’s BlackEnergy malware attack on Ukraine’s power grid, the lessons are clear. Understanding both the enemy and our own vulnerabilities is crucial, as Sun Tzu’s “The Art of War” advises.
These attacks are a stark reminder of the new battleground in cybersecurity: protecting the critical infrastructure that underpins our society. The urgency to fortify our defenses against such threats has never been greater. A critical element is preventing social engineering attacks.
Blog post with links: https://blog.knowbe4.com/sc-mag-attacks-on-critical-infrastructure-are-harbingers-of-war-are-we-prepared
ShareJAN
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com