Friday Five: 3/11 Edition
Friday is here! Catch up on this week's top information security headlines with our Friday Five.
The IRS suspended its service offering via the web for taxpayers to retrieve IP Protection PINs, which are the authentication codes originally developed to prevent over 2.7 million taxpayers from tax refund fraud. The move came shortly after KrebsOnSecurity wrote an article on how this system attracts ID thieves because it is highly susceptible to spoofing attacks. Until last week, taxpayer pins could be obtained via the agency’s website by answering four simple security questions. By using free online services such a Zillow and Peoplefinder, answers to the security questions can easily be located, allowing ID thieves to access taxpayers’ PINs. As a result, the IRS is now looking into strengthening security of the online retrieval system in addition to mailing the information out to taxpayers. Read the full article for more.
The publisher of business magazines Inc. and Fast Company, Mansueto Ventures just had a breach of sensitive employee data. The data included wage information as well as social security numbers. Hackers have already filed state and federal tax refunds for about 90% of the victims, who have raised frustrations about having to resolve issues on their own. Company founder and billionaire Joe Mansueto has notified law enforcement officials of the breach. Beyond not encrypting the sensitive data, Mansueto Ventures is not aware of how exactly the data was obtained. Read the article for more on this data breach.
PC users have long warned Mac users about a possible ransomware attack, saying it is not a question of if but rather when an attack occurs. Over the weekend Apple Inc. discovered that hackers infected Macs with an all-new ransomware strain called “KeRanger.” The ransomware - which is being called the first Mac ransomware ever discovered in the wild - was spreading itself through an infected version of Transmission, a popular torrenting client for Macs. The infected version of the software spread via the Transmission website after hackers compromised the site and replaced a legitimate Transmission release with a malicious version. The version that was infected with KeRanger was downloaded over 6,000 times before Apple and developers contained it and a new, legitimate version of Transmission was released. KeRanger affects the user by locking his/her access to the device, and requests the user to pay a ransom to the attacker to regain access. Although the number of downloads is relatively small compared to the average ransomware attack, Fidelis Cybersecurity Threat Systems Manager John Bambanek believes that these type of attacks can escalate and rise in numbers quickly. Read the article from Jim Finkle for more.
4. Bungling Seagate Staffer Leaked Coworkers’ Social Security Numbers, Other Info to Email Fraudsters by Iain Thomson
A phishing email that appeared to be an internal memo from Seagate’s CEO requesting employees’ W-2 forms succeeded in exposing W2 information on all Seagate employees. Seagate Technology discovered at the beginning of March that these W-2 forms were sent to an unauthorized third party and traced the loss back to the email phishing attack. Seagate has taken steps to remediate the scam, informing the IRS, American taxmen as well as providing staff with a two year credit fraud protection. Thus far the victims’ information does not seem to have been used for malicious activity. Read the full article for more on this tax fraud phishing attack.
21st Century Oncology Holdings has warned 2.2 million patients and physicians that their sensitive data may have been stolen. On March 4th the attack was revealed, although it occurred half a year before (the FBI had asked 21st Century Oncology Holdings to not publicize the information until their investigation was complete). The attackers accessed a key database that included patients’ names, social security numbers, physicians' names, and diagnosis and treatment information that included insurance records. The clinic made a statement saying no evidence exists that medical records were extracted. 21st Century Oncology Holdings is offering all victims a free year of credit monitoring. Read the full article for more on the data breach.