IRS cyber attacks may have affected more than 300,000 taxpayer accounts

Last night, The Wall Street Journal reported that the IRS cyber attacks may have affected more than 300,000 taxpayer accounts – and more than 600,000 breaches were attempted. Various expert comments on this news are;

Gavin Reid, VP of threat intelligence, Lancope:

“The IRS would have much preferred to get all the bad news out in one shot. This new revelation shows that the IRS still is working out / learning the details of the attack. The fact they are forced to reveal new exposures highlights the lack of good logging and monitoring of network telemetry. Understanding the total extent of an attack is doable with tools and processes well understood and available. Why they are not more widely deployed and used, along with how that is going to change in the near future,  will hopefully soon also be in the news.”

Simon Crosby, co-founder and CTO, Bromium:

“The IRS was the last “big piece in the puzzle” for nation state actors seeking to construct a detailed map of US society.  It seems they partially succeeded in this attack. But they will be back.  When will political leaders learn that it is possible, and even straightforward, to make enterprises secure by design against such attacks – and save money doing so?  Virtualization based security is the answer.”

Leo Taddeo, CSO, Cryptzone:

“This case highlights how easy it is for criminals to find, steal or guess information necessary to bypass perimeter protections.  Even security questions, such as “what was your high school mascot?” pose no real security challenge in an era where many people are posting the details of their lives on social media.  It definitely shows the need for network defenders to go beyond user names and passwords to protect sensitive data.”