Cybersecurity Roundup September 2023

Related Content

Want to keep learning?

Subscribe to SSL.com’s newsletter, stay informed and secure.

irs-digitalization-plan

Tax Time Updates: IRS Plans for Fully Digital Processing by 2025   

The IRS is set to digitize all taxpayer documents by 2025, with the US Treasury Department announcing a paperless option for IRS correspondence in the 2024 filing season. By 2025, the IRS plans to process all tax returns digitally, although paper documents will still be accepted and immediately digitized to expedite processing and refunds.  

This transition aims to simplify access to taxpayer data, reduce errors resulting from manual data entry, and improve customer service. Taxpayers will soon have the option to e-file commonly used forms, with over 94% of individual taxpayers expected to avoid mailing paper documents to the IRS by 2024. By 2025, additional non-tax forms will be available in mobile-friendly formats.  

While some may be hesitant about the shift to a paperless system, the Treasury Department believes that it will help data scientists detect tax evasion by combining digitization with an improved data platform. Treasury Secretary Janet Yellen emphasized the importance of updating IRS technology to reduce the tax gap and ensure equitable taxation, providing assurance of data privacy and security for taxpayers. 

SSL.com’s Takeaway: Data security remains paramount as the IRS shifts to digital tax processing. Tax forms contain highly sensitive personal and financial data. The IRS must rigorously enforce protection standards across all online platforms to maintain privacy. Regular third-party audits should verify proper protocols are followed. Taxpayers can also enable multi-factor authentication and use password managers to generate strong, unique passwords for each e-filing service. With paper trails disappearing, auditing digital transactions could help ensure data integrity. Strict access controls and encryption are essential safeguards as well. Maintaining trust through vigilant security measures will allow taxpayers to realize the full benefits of faster refunds and simplified tax filing.

Digital signatures, facilitated by document signing certificates and a cloud-based signing service like SSL.com eSigner, can help the IRS in their digitalization plan, particularly in the context of non-repudiation and authenticating the signer to help address tax fraud and fraudulent communication. 

  • Authentication: Document signing certificates serve as a robust tool to establish the authenticity of the signer. They ensure that only legitimate and authorized individuals or entities can sign digital documents, significantly reducing the risk of fraudulent submissions or communications. This capability safeguards against unauthorized access, enhancing the overall security of tax-related transactions. 
  • Non-Repudiation: Non-repudiation, a key attribute of digital signatures, means that the signer cannot deny their involvement. For the IRS, this feature is essential, as it holds individuals and organizations accountable for the information they submit. It acts as a deterrent against fraudulent claims or attempts to disown signed documents, reinforcing the integrity of the tax process. 
  • Data Integrity: Document signing certificates maintain the integrity of digital documents, ensuring they remain unaltered after signing. This level of assurance is critical for tax returns and financial documents, as any unauthorized changes are immediately detected. With digital signatures, the IRS can be confident that the documents they receive have not been tampered with. 

For organizations that need to digitally sign a high volume of tax-related documents for submission to the IRS, SSL.com enables an Organization Validation (OV) document signing certificate to be converted to an eSealing certificate which can then be used for high volume, automated signing through eSigner. Please visit our dedicated page to learn more about eSealing: High-volume Document Signing with Digital Signature eSealing. 

Along with cloud-based document signing, S/MIME (Secure/Multipurpose Internet Mail Extensions) certificates can significantly assist the IRS in its digitalization plan for tax documents by enhancing the security, integrity, and authenticity of electronic communications. 

S/MIME certificates offer robust protection against potential phishing campaigns where hackers could impersonate the IRS. These certificates would enable the IRS to digitally sign their emails containing digital tax documents, thus proving their identity. Additionally, S/MIME ensures end-to-end email encryption, making it exceedingly difficult for unauthorized individuals to intercept or access the content. This layered security approach would not only maintain the privacy and confidentiality of sensitive tax-related information but also guarantee the authenticity of IRS communications, safeguarding taxpayers from fraudulent impersonation.

Join the digital transformation with SSL.com’s eSigner cloud document signing service! Embrace efficiency and enhanced security.  

Learn more about SSL.com eSigner!

chinese-apt

Chinese APT Exploiting Router Firmware to Infiltrate Corporate Networks  

A Chinese state-sponsored threat group called BlackTech has been observed hacking into edge network devices like routers to move within corporate systems secretly. The hackers modify router firmware to hide their activity and pivot from branch offices to headquarters. Compromised routers are leveraged for proxying traffic and pivoting to other victims. Targets in the U.S. and Japan are government, military, tech, and telecom entities. 

BlackTech uses custom firmware backdoors and downgrades devices to install older vulnerable firmware. Recommendations include monitoring device connections, upgrading routers, and watching for unauthorized changes. While vendors claim attacks need stolen credentials or remote code execution, experts say downplaying vulnerability severity delays patching. 

Cisco has responded that compromised credentials enabled the configuration changes, not vulnerabilities, and affected legacy devices only. The campaign highlights that legacy network security is ineffective against advanced attackers targeting infrastructure supply chains. 

SSL.com’s Takeaway: The BlackTech campaign highlights risks from advanced threats targeting network edge devices like routers. Routers can access sensitive data and deeper network infiltration if compromised. Organizations should harden these critical entry points, like updating firmware regularly and requiring strong credentials. Enabling logging and monitoring for unauthorized firmware changes is also key. Encrypting network traffic and remote access prevents data compromise even if routers are breached. With robust device security, organizations can reduce the attack surface exploited by sophisticated nation-state groups like BlackTech. 

Internet of Things (IoT) solutions from a certificate authority like SSL.com can play a crucial role in addressing the security issues caused by threat actors like BlackTech. 

IoT solutions provided by certificate authorities ensure that only authorized devices are allowed to connect to the network. By issuing digital certificates to IoT devices, these devices can be securely authenticated, preventing unauthorized devices from accessing the network. This would help in reducing the risk of attackers gaining access through stolen or weak credentials. 

IoT solutions can also include continuous monitoring of device connections and network traffic. SSL.com’s certificates can be used to establish secure communication channels for real-time data transmission, making it easier to detect unauthorized changes or unusual behavior. Any suspicious activity can be quickly identified and acted upon.

Take proactive measures to safeguard your network with SSL.com’s robust IoT solutions. Our industry-leading certificate authority services ensure the highest level of security for your IoT devices.

Protect Your Network from Advanced Threats – Secure Your IoT Devices Today!

philhealth-data-breach

Hackers Demand $300K Ransom from PhilHealth After Database Breach  

PhilHealth systems have been down since Sunday and are still undergoing over-the-counter processing. Authorities advise not paying ransoms as there are no guarantees hackers will comply. The Medusa ransomware is an active global threat. 

Investigations revealed the ransomware has been present in PhilHealth systems since June, spreading to hide its source. Some employee data was leaked, but officials say member databases remain secure. PhilHealth aims to restore online services within days. 

The Philippines’ Department of Information and Communications Technology has provided guidelines on Medusa protection and called for budget increases to boost cybersecurity. Reported cyberattacks rose sharply this year, highlighting vulnerabilities. 

Organizations are urged to take proactive ransomware precautions like staff training, software updates, restricting permissions, monitoring for anomalies, and maintaining backups. As threats increase worldwide, building cyber resilience is essential. 

< p align=”justify”>
SSL.com’s Takeaway: The PhilHealth breach reveals how ransomware continues to threaten organizations globally, including healthcare entities handling sensitive patient data. Under HIPAA rules, organizations must take reasonable and appropriate measures to protect against ransomware and other cyber threats. Proactive precautions like training staff, restricting user permissions, and monitoring network activity can reduce the attack surface.  

Maintaining robust backups ensures access to PHI without paying ransoms. As cyberattacks rise worldwide, investing in cyber resilience helps healthcare organizations uphold data privacy while delivering quality care. Strict compliance with HIPAA and cybersecurity best practices is key to safeguarding patient information from emerging threats like ransomware. 

Client Authentication certificates can enhance the security of critical systems and help prevent ransomware attacks. Here’s how they can mitigate the situation: 

  • Enhanced Authentication. Client Authentication certificates add an additional layer of authentication to the login process. These certificates are issued to specific individuals or devices and are used to verify the identity of clients connecting to a server. In this case, employees or authorized users trying to access the critical would need to present a valid client certificate in addition to their username and password.
  • Secure Communication. These certificates enable secure end-to-end encryption and authentication of both the client and the server, protecting data in transit. This would make it difficult for hackers to intercept and compromise the data being transmitted between clients and an organization’s server.

Elevate Your Organizational Security with SSL.com’s Client Authentication Certificates – Safeguard Your Critical Systems Effectively!

Try SSL.com Client Authentication Certificates!

canadian-airport-cyberattack

Cyberattack Disrupts Border Checkpoints at Canadian Airports

Canada’s border agency confirmed that a DDoS cyberattack caused recent connectivity issues affecting airport check-in kiosks and electronic gates. The outage disrupted border processing for over an hour at multiple airports. Authorities quickly restored systems but are still investigating. 

A Russian hacking group claimed responsibility, but the agency hasn’t officially attributed the attack. It’s unclear how a DDoS disrupted closed check-in systems. The hackers say they targeted Canada over its Ukraine support and euthanasia law. 

Another Russian group reportedly attacked a joint U.S.-Canada border organization separately. Authorities urge vigilance as cyber campaigns aimed at critical infrastructure continue. Ensuring resilience against disruptive attacks remains crucial. 

SSL.com’s Takeaway: The cyberattack on Canadian airports underscores the growing threat of disruptive DDoS incidents against critical infrastructure organizations. While temporary, these outages can significantly impact operations, revenue, and public trust. 

Resilience starts with prevention – load balancing, suspicious traffic filtering, increased capacity, and robust DDoS protection help mitigate impact. But organizations can’t prevent all attacks. Comprehensive incident response plans allow for rapid detection, coordinated team response, and swift recovery. 

Exercises that simulate realistic attacks are invaluable – they reveal plan gaps and build muscle memory for smooth execution. Public affairs strategy is also key to communicating transparency during disruptions and maintaining user confidence. 

For essential services like airports, even small delays are unacceptable. Priority investments in hardening defenses across the enterprise stack are warranted. Moreover, cooperation with government cyber agencies can bolster threat intelligence sharing and collective resilience. 

With politically motivated cyberattacks increasing, organizations must prepare to be targeted. Those who build robust resilience can better withstand inevitable disruptive incidents.

SSL.com Announcements

Automate Validation and Issuance of Email Signing and Encryption Certificates for Employees 

Bulk enrollment is now available for Personal ID+Organization S/MIME Certificates (also known as IV+OV S/MIME), and NAESB Certificates through the SSL.com Bulk Order Tool. Bulk enrollment of Personal ID+Organization S/MIME and NAESB Certificates has the additional requirement of an Enterprise PKI (EPKI)  Agreement. An EPKI Agreement allows a single authorized representative of an organization to order, validate, issue, and revoke a high volume of these two types of certificates for other members, thereby enabling a faster turnaround in securing an organization’s data and communication systems.    

New Key Storage Requirements for Code Signing Certificates 

As of June 1, 2023, SSL.com’s Organization Validation (OV) and Individual Validation (IV) Code Signing Certificates must be issued either on Federal Information Processing Standard 140-2 (FIPS 140-2) USB tokens or used with our eSigner cloud code signing service. This change is in compliance with the Certificate Authority/Browser (CA/B) Forum’s new key storage requirements to increase security for code signing keys. The previous rule allowed OV and IV code signing certificates to be issued as downloadable files. Since the new requirements only allow the use of encrypted USB tokens or other FIPS-compliant hardware appliances to store the certificate and private key, it is expected that instances of code signing keys being stolen and misused by malicious actors will be greatly reduced. Click this link to learn more about the SSL.com eSigner cloud code signing solution.

We’d love your feedback

Take our survey and let us know your thoughts on your recent purchase.