US financial industry moves under a rising wave of Cyberattacks and Zero-Day threats on I.R.S Tax Returns

Pierluigi Paganini June 01, 2015

US financial industry is under persistent attacks, the number of incidents that compromised confidentiality, integrity and availability of data are increasing.

Financial industry in US maintains symptoms of persistent cyber-attacks among surprising cyber incidents and large-scale data breaches that compromised confidentiality, integrity and availability of user’s information. Several advanced hacking methods and the exploitation of zero-day flaws were used by criminals during the recent attack on the Get Transcript Application at the Internal Revenue Service (I.R.S).

IRS attacks financial industry

At least, more than 100,000 people in the US financial industry were victims of data thefts. Cybercrime practices were spread rapidly in 1Q and the beginning of 2Q of 2015. During a process of investigation that I.R.S has opened in the country, it counts more than 200,000 attempts of fraudulent returns, and about half processes completed successfully. Perhaps, criminal operations were developed simultaneously inside or outside of the United States.

The Zero-Day threats are useful for cyber-criminals to penetrate critical systems of the financial industry and exfiltrate sensitive data, these malicious agents are able to scan personal information of people, such as social security numbers, birth dates, street addresses, others. In addition, cybercrime organizations collect information from criminal websites where they usually buy user’s information.

Following the 2015 Security Threat Report (ISTR), and data from the Symantec Global Intelligence Network, confirm that “more than 317 million new pieces of malware created in 2014, meaning nearly one million new threats were released into the wild each day.” The Financial industry has never been an exception for cybercrime, criminals are developing more sophisticated solutions to attack banking & payment services.

The 2015 report by the Financial Stability Oversight Council expressed that new threats on banking and financial business services are defined as a potential “systemic danger”. It means that vulnerabilities are oriented through “interconnected systems” which are supporting function of “crucial infrastructure for the wider industry.”

The most recent examples of cyber-attacks in banking industry have affected around 100 banks worldwide. At least, $ 1 billion cost in total the effects of cybercrime for the financial industry. The production of malicious software is getting an exponential growth in cyberspace. Contributions from Heads of Federal Reserve –Chair Janet Yellen and Secretary of the Treasury –Jacob Lew were convinced to impel through Congress the best conditions of capital standards, in order to guarantee “financial stability

Therefore, the political decision from the Obama administration is vital to provide to the I.R.S the adequate resources, especially raising budget to guarantee protection of taxpayer information. At present, new strategies from I.R.S are oriented to deploy new technologies to detect potential suspicious activities. The idea from I.R.S is to prevent cyberattacks through “adding more features to authentication questions from the Get Transcript Application, by using a “so-called multifactor system that sends users a second password via their mobile phone.”

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment