Threat HUNTing Platform
Credential Risk Assessment and Remediation
ORKOS: Preventing the 9 steps to domain collapse
R9B understands the cognitive aspects of cyber operations. Our curriculum provides the hands-on technical skills students require to attain a variety of advanced cybersecurity qualifications. We instill the knowledge, skills, and abilities necessary for our students to defeat the adversary. Below are our available courses. Please check back often as our course offerings are updated regularly. Government organizations, please contact R9B directly via training@root9B.com for pricing and purchasing information.
The 2018 tax season is officially underway and so too are malicious hacking campaigns aimed at stealing your business’s sensitive tax-related data.
R9B’s Vice President of Threat Intelligence, Keith Smith, sat down to highlight the threat of tax related scams using compromised business email accounts. He also offers some proactive steps your business can take to prevent security breaches and protect sensitive information during this year’s tax season.
PHISHING EXPLOITS POSE A SERIOUS THREAT TO ALL BUSINESSES FOR TWO REASONS: EVERYONE USES EMAIL AND PHISHING EXPLOITS WORK.
Business Email Compromise (BEC) is a technique in which cybercriminals use bogus employee email messages to collect a business’s sensitive employee or financial information. BEC is most often used in conjunction with spearphishing (phishing emails that are well crafted and customized to deceive targeted readers) of executive leaders, financial and payroll staff, or HR employees.“
Malicious hackers use social engineering exploits to take advantage of human interactions, weaknesses, and nature to trick people into performing a task. Time and again this has proven to be an effective tactic, especially when combined with phishing,” said Smith. “Here at R9B, our red team operators have over a 90 percent success rate using social engineering exploits in penetration tests.”
BEC attacks most often involve cybercriminals impersonating legitimate executives within the targeted organization to trick unwitting employees into trusting the email sender and fulfilling the cybercriminal’s request.
All industries are at risk of BEC and its popularity among cybercriminals has grown in recent years
ACCORDING TO A MAY 2017 FBI PUBLIC SERVICE ANNOUNCEMENT, THERE WAS A 2,370% INCREASE IN ACTUAL AND ATTEMPTED LOSSES RELATED TO BUSINESS EMAIL COMPROMISE SCAMS IN THE UNITED STATES AND 131 COUNTRIES1.
BEC campaigns are more advanced than general phishing, requiring elements of both social engineering and footprinting (open source research of the targeted individual and organization) to discover key names and positions of employees with authority to either financial or tax information. Cybercriminals then use this information to craft personalized messages for targeted individuals. According to Smith, “It’s not uncommon to see highly crafted emails that reference key proprietary or sensitive data points such as project names, customers, or known company procedures. All of this is done to convince the target that the message is legitimate.”
“Messages that leverage fake or compromised executive accounts are often written in a style that creates a sense of urgency and stress,” Smith said. “For example, cybercriminals send messages to targeted employees late in the work day, after hours, or request an immediate response or action. This stated urgency, combined with legitimate internal data points, and the belief that the request is coming from the CEO or another executive, creates an opportunity for compromise and increases the likelihood that the target will execute the cybercriminal’s request.”
Most attacks using business email compromise will attempt to lure targets into completing one of four actions:
The information found in tax forms such as the standard W-2 is highly valuable to cybercriminals who are motivated by the prospect of financial gain. For example, W-2 tax forms include sensitive employee information such as name, home address, Social Security number, and salary. “Cybercriminals will use this information to further profile victims and enhance the content of future spearphishing emails or to attempt identity theft. We have also seen evidence of the sale of this data on dark web market places and forums,” said Smith. “The potential for a greater yield of stolen information also increases when an organization is targeted for compromise. Successfully phishing one individual will provide one W-2; a single successful phish of an organization may lead to dozens or even hundreds of W-2s.
HERE AT R9B, OUR RED TEAM OPERATORS HAVE OVER A 90 PERCENT SUCCESS RATE WHEN USING SOCIAL ENGINEERING EXPLOITS IN PENETRATION TESTS.” RECALLED SMITH.
According to Smith, the consequences of falling victim to BEC vary greatly by attack and industry, but are always serious. “In general, businesses can expect some financial loss, either through fines, lawsuits, fraudulent wire transfers, or post- attack investigation. Security breaches also have the ability to damage the trust and reputation that businesses work so hard to establish. Employees and customers trust and expect a high level of security when it comes to safeguarding their personal data. Forfeiting data, knowingly or not, erodes that trust and will require the organization to invest time and capital into rebuilding it,” said Smith.
“Unfortunately, phishing attacks are a reality of doing business today, therefore all organizations must accept some level of risk. However, an organization’s chances of preventing a serious breach of information are greatly improved by encouraging employees to take proactive and defensive steps when dealing with email,” said Smith.
The IRS has acknowledged the problem of tax-related cybercrime and is taking steps to prevent attacks. The IRS encourages you to report any suspected tax-related phishing to firstname.lastname@example.org.
BACK TO NEWSROOM