Taxed and Hacked: How Your Company Could Be at Risk This Tax Season

Accountants aren’t the only ones busy during tax season. It has become so common for hackers to ramp up their criminal operations with tax-related campaigns that the IRS issues warnings about tax-related scams targeting consumers every year. However, enterprises are also vulnerable to tax season threats. Researchers have even discovered hackers distributing the Trickbot banking trojan through malicious Excel documents while disguising themselves as accounting, tax and payroll service firms.

What’s new this season is the increase in file-sharing amongst enterprises, customers and partners. The global health crisis has shifted business operations to become more digital than ever and has made the exchange of documents a key component in everyday workflows. This includes the dissemination of tax forms internally within an organization or to third-party accounting professionals.

A majority of tax-related scams targeting businesses involve socially-engineered spear phishing attacks. With 45% of impersonation-related phishing attacks leveraging business applications and 39% of phishing attacks being missed, the odds are in the cyber-criminals’ favor. It only takes one individual to be tricked into engaging with a tax scam to infect an entire network. It's important for security professionals to understand the kinds of techniques being used and how to protect themselves proactively.

Leveraging Third-Parties and Cloud Environments to Share Infected Files

Large enterprises may have extremely robust security postures. However, they are only as secure as their weakest third-party. This includes the third-party accounting firms and external auditors to whom they choose to outsource tax-related activities. Typically, these entities leverage file share platforms to facilitate the secure exchange of tax-related documents between the enterprise and third-party. Yet, these platforms are not as secure as they are advertised and have been known to have critical vulnerabilities. These vulnerabilities have enabled hackers to compromise cloud environments and access sensitive documents and folders.

Unfortunately, compromised sensitive data is not the only concern these enterprises need to worry about, as files from the web are network assassins. Once a hacker has infiltrated an organizations’ cloud environment, they can upload a malware-laden file to the portal. When an individual engages with the infected document, they can trigger a malicious payload that can infect the network and spread malware or ransomware. As hackers get more sophisticated and knowledgeable, they are able to find ways to work around even the most secure cloud infrastructures.

Infiltrating Email Channels and Spoofing Employees’ Identities

A majority of data breaches are a result of social attacks, including phishing attacks and business email compromises. Hackers have perfected their ability to psychologically manipulate and trick victims into following through with an intended action—such as sharing sensitive data or clicking on a malicious link or attachment. Sophisticated cyber-criminals are able to impersonate individuals by making their email address appear to come from a legitimate sender and incorporating industry jargon and language specific to the individual they are impersonating into the body of the email. This technique can fool even the most security conscious and is a tactic that comptroller and accounting departments should expect to see used heavily during tax season. Cyber-criminals will likely impersonate employees or other company executives in an attempt to lure victims into engaging with fraudulent W-2 forms or other tax-related documents that are laden with malware. Traditional security solutions and strategies are not sufficient enough to protect organizations from these types of attacks.

Enterprises Need to Reprioritize Their Security Strategies

To make it through tax season seamlessly, organizations must create a bridge that allows for safe information to travel freely within an organization and among the third parties it works with. Unfortunately, this process is not easily secured and many security strategies rely on the end user to identify and report threats or on solutions that are only able to detect threats with known malware signatures—leaving the organization vulnerable to zero-day attacks. If you wait for detect and response actions, you are probably a statistic.

Enterprises need to go beyond phishing awareness and traditional detection-based solutions to adopt technology that is able to defend against both known and unknown threats and removes the end user from the equation entirely. No technology is one-size-fits-all, and enhancing security postures requires enterprises to incorporate various tactics that can be used simultaneously.

With file sharing being one of the biggest drivers of productivity, especially amongst tax professionals, enterprises need to enhance their security strategies to prioritize file security and productivity so that employees are empowered to conduct business operations securely. CFOs, accounting professionals, comptrollers and others rely on the exchange of documents to fulfil their job functions and should not be subjected to security tools or protocols—such as blocking or quarantining files—that negatively impact their productivity. With this in mind, it's imperative to implement security solutions that enhance the user experience and eliminate threats before they get to the network.

What’s Hot on Infosecurity Magazine?