CRA Paid Millions in Bogus Refunds as Tens of Thousands of Tax Accounts Hacked, A Report Reveals The Riskiest Connected Medical Devices And A New Report from Trustwave Details Critical Cybersecurity Challenges Retailers Face In What They Call The E-commerce Boom
This is Cyber Security Today. I”m your host, Jim Love
CRA Paid Millions in Bogus Refunds as Tens of Thousands of Tax Accounts Hacked
A new investigation by CBC’s The Fifth Estate and Radio-Canada reveals that the Canada Revenue Agency (CRA) has been repeatedly compromised, leading to tens of thousands of taxpayer accounts being hacked and millions in fraudulent refunds paid out. Between March 2020 and December 2023, over 62,000 Canadian tax accounts were compromised, with the CRA admitting to vastly underreporting these breaches to Parliament.
The investigation found that hackers obtained confidential data, including credentials from one of Canada’s largest tax preparation firms, H&R Block, to access CRA accounts, change direct deposit information, and submit false returns. In one instance, scammers used these credentials to make unauthorized changes to hundreds of tax accounts, filing fraudulent tax returns and pocketing more than $6 million in bogus refunds.
Despite these breaches, the public was not alerted to the extent of the compromises. Revenue Minister Marie-Claude Bibeau declined to provide comments on the issue. The CRA also admitted it failed to identify the hackers or determine if the breach was internal or external. H&R Block, however, denies any wrongdoing, stating that its systems had not been compromised.
The Fifth Estate and Radio-Canada’s investigation also revealed that the CRA is overwhelmed by the scale of cyber threats, with a lack of adequate detection and prevention measures allowing scammers to thrive. The CRA has faced over 31,468 “material” privacy breaches, affecting 62,000 individual taxpayers over the past three years, a figure that is much higher than what was previously reported to Parliament.
Tax experts like André Lareau have called for a parliamentary inquiry to assess the magnitude of these privacy breaches and to hold the CRA accountable for the millions of taxpayer dollars paid out in fraudulent refunds. Lareau criticized the CRA for failing to “lock the door” and prevent these breaches from occurring in the first place.
The CRA has a policy referred to internally as “pay and chase,” in which refunds are issued quickly, and discrepancies are addressed later. This approach has left the agency vulnerable to fraudsters who exploit the system to receive refunds using compromised credentials. Sources revealed that CRA officials initially became aware of the breach after seeing postings on the dark web selling illegally obtained H&R Block data.
In response to the increase in cyber threats, the CRA claims it is working on improving its processes to quickly mitigate threats to taxpayer information. However, the lack of transparency in reporting and the substantial volume of fraudulent refunds paid out raises questions about the agency’s readiness to protect Canadians’ sensitive information.
Sources include: CBC News
https://www.cbc.ca/news/canada/canada-revenue-agency-taxpayer-accounts-hacked-1.7363440
Forescout Vedere Labs Unveils Riskiest Connected Medical Devices
Forescout Technologies’ Vedere Labs has released a new report titled “Unveiling the Persistent Risks of Connected Medical Devices,” revealing critical vulnerabilities in healthcare settings that could expose patient data, disrupt operations, and pose risks to patient safety. Analyzing over 2 million devices across 45 healthcare delivery organizations, the report identifies 162 vulnerabilities affecting Internet of Medical Things (IoMT) devices, making connected healthcare systems a prime target for cybercriminals.
Top Vulnerable Devices: The report highlights Digital Imaging and Communications in Medicine (DICOM) workstations, Picture Archiving and Communication Systems (PACS), pump controllers, and medical information systems as the most at-risk devices. DICOM workstations and PACS, with 32% critical unpatched vulnerabilities, are particularly vulnerable, potentially leading to data breaches, remote denial of service, or even remote code execution.
Rising Attacks Against DICOM Servers: Cybercriminals are increasingly targeting DICOM servers, often exploiting unencrypted communications to steal or tamper with medical images. From May 2023 to May 2024, Forescout observed 1.6 million attacks on these servers, averaging one attack every 20 seconds. These attacks are often automated, seeking to exploit standard services like HTTP to gain unauthorized access to sensitive data.
Windows System Risks: Half of the top ten vulnerabilities are found in Windows systems, many of which can be exploited for remote code execution. Despite 52% of IoMT devices running on Windows, only 10% are actively running anti-malware protection, largely due to certification restrictions on embedded devices, making network security critical.
Challenges with Legacy Devices: Many medical devices in use today are over ten years old, making it challenging to patch or update them. Barry Mainz, Forescout CEO, pointed out that these devices can’t be secured like modern systems and are thus attractive targets for cybercriminals aiming to exploit these outdated technologies for ransom or data theft.
Essential Security Measures: The report advises that to address these challenges, healthcare organizations must focus on identifying and classifying connected devices, mapping communication flows, network segmentation, and continuous monitoring to secure their systems. Daniel dos Santos, Head of Security Research at Vedere Labs, stated, “A single weak point can open the door to sensitive patient data,” highlighting the importance of proactive defense strategies.
The report emphasizes that without comprehensive security practices, healthcare organizations risk exposing sensitive patient data and compromising patient safety. Strengthening cybersecurity measures for connected medical devices is crucial for protecting healthcare networks against evolving threats.
There’s a link to the report in the show notes.
Sources include:
https://www.forescout.com/resources/iomt-persistent-risk-report/
Retailers Face Critical Cybersecurity Challenges Amid E-commerce Boom, Trustwave Report Warns
The 2024 Trustwave Retail Risk Radar Report, released by Trustwave SpiderLabs, highlights the evolving cybersecurity challenges faced by retailers as cybercriminals leverage methods such as phishing, credential stuffing, and malicious code to exploit stolen login credentials, session cookies, and consumer payment details.
E-commerce Vulnerabilities: The increasing popularity of e-commerce platforms has made them prime targets for cyberattacks, with 47% of stolen user sessions leveraging Amazon domains.
Seasonal Fluctuations: Peak shopping periods, like Amazon’s Prime Day and the holiday season, see increased transaction volumes and customer traffic, which heightens cybersecurity risks. Phishing remains a major threat, accounting for 58% of attacks on retailers.
Third-Party Dependencies: Many retailers rely on third-party vendors, introducing additional vulnerabilities. Rigorous vetting and continuous monitoring of third-party security practices, along with regular audits, are crucial to mitigate these risks.
Physical Security Risks: Retailers face both cyber and physical threats, requiring an integrated approach, aligning physical access controls with cybersecurity measures .
Diverse Payment Systems: The use of multiple payment methods, including credit cards, mobile payments, and digital wallets, allows attackers a wide number of potential attack vectors, including stolen session cookies and credentials to bypass passwords and two-factor authentication (2FA).
Ransomware Threats: Ransomware remains a significant threat, with 15% of ransomware incidents linked to Play and LockBit groups, and 62% of incidents occurring in the U.S.
Fraud Targeting Retailers: Fraud schemes are on the rise, with 38% of retailers reporting financial losses from fraud last year. Enhanced fraud detection, employee training, and regular audits are essential to combat these schemes. Attackers are often using simple brute-force attacks—responsible for 92% of credential access attempts—underscoring the need for retailers to bolster defenses against automated hacking attempts.
Big Brand Breakdown: Major brands like Amazon, Walmart, Apple, and eBay have been primary targets of these attacks. The report provides a detailed breakdown of how user credentials are frequently stolen on each platform, emphasizing the need for increased vigilance and robust security practices across all major e-commerce sites.
As would be expected, the report underscores the importance of proactive security measures to stay ahead of evolving threats and safeguard the retail industry’s digital transformation.
The report contains much more information specific to the retail sector including a section on attack techniques by stage as well as some summaries of the big retail attacks in the past year.
There’s a link to the full report in the show notes.
Sources include: Trustwave
https://www.trustwave.com/hubfs/Web/Library/Documents_pdf/Trustwave_2024_Retail_Risk_Radar_Report.pdf
That’s our show for today. You can find links to reports and other details in our show notes at technewsday.com. We welcome your comments, tips and the occasional bit of constructive criticism at editorial@technewsday.ca
I’m your host, Jim Love, thanks for listening.