The IRS cyberattacks may have affected more than 300,000 taxpayer accounts – and more than 600,000 breaches were attempted. Ken Westin, senior security analyst for Tripwire commented on the recent massive cyber attacks.
“This is a perfect example of how unrelated data breaches imperil us all. Cybercriminals have identified ways to correlate and aggregate data compromised in other breaches to increase their profits. The information that was used such as Social Security numbers, date of birth, tax filing status (married or not) and street address is the same type of information that we have seen compromised by Anthem and a handful of other breaches.
“When a breach of a system like this occurs, it is always a challenge to identify the scope. The entire database itself was not compromised directly. Instead, the data was harvested from legitimate website forms making it more difficult to identify which requests were fraudulent and which were legitimate.
“This attack highlights the fact that Big Data isn’t just something utilized by legitimate businesses, but also cyber criminals and fraudsters. The data used to perpetrate this attack was originally harvested from multiple sources, including open source data and data from other breaches. In this case, the criminals were able to quickly correlate disparate data sets to create complete profiles; once this was completed, they then automated the IRS ‘Get Transcript; form submission to extract additional information that can then be used to file fraudulent tax returns.”
Tripwire is a leading provider of advanced threat, security and compliance solutions that enable enterprises, service providers and government agencies to confidently detect, prevent and respond to cybersecurity threats. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence combined with business-context and enable security automation through enterprise integration. Tripwire’s portfolio of enterprise-class security solutions includes configuration and policy management, file integrity monitoring, vulnerability management and log intelligence.