It’s hunting season for tax fraudsters. Judge rules against class action lawsuit for CareFirst breach. Top FBI official speaks out in support of Section 702.

Summary

By the CyberWire staff

At a glance.

It’s hunting season for tax fraudsters.
Judge rules against class action lawsuit for CareFirst breach.
Top FBI official speaks out in support of Section 702.

It’s hunting season for tax fraudsters.

It’s the height of tax season in the US, and as usual, cybercriminals are finding ways to take advantage of businesses and individuals who are focused on filing their taxes in a timely and lawful manner. The researchers at Trustwave SpiderLabs offer a breakdown of some of the most common trends in tax scams so far this year. The top two file extensions used in tax season email scams are .htm and .html (62%), likely because they allow fraudsters to create convincing fake web pages with diverse content. As for the most popular schemes, IRS impersonation tops the list, with cybercriminals posing as Internal Revenue Services representatives sending phishing emails or text in an attempt to trick targets into handing over confidential information.

Another popular tactic is using tax documents to deliver malware. In one recently observed scam, the attacker sent the target an email including a .docx file called ‘W2-2022.docx,’ stating the document contained important tax info. Instead, opening the file connects the victim to a malicious website that installs infostealer malware. Other scams attempt to convince targets they’re wanted for tax evasion, and some fraudsters even resort to old-school methods like snail mail or even faxing in order to communicate with potential victims. In order to protect yourself, experts recommend that users always verify the authenticity of any sender’s email address and refrain from clicking on any suspicious links. As well, avoid sharing any personal information, especially Social Security numbers, and stay educated about the latest scams.

Judge rules against class action lawsuit for CareFirst breach.

Earlier this week a Washington, DC Circuit Court judge determined that three data breach lawsuits being filed against CareFirst will not be consolidated into a class action filing. After a phishing scam successfully duped a CareFirst employee into handing over his credentials, the health insurance giant experienced a 2014 cyberattack that potentially exposed the data of 1.1 million patients, SC Media recounts. The lawsuits claim that “CareFirst committed a host of errors that allowed the hackers to access the company’s data and remain undetected for a prolonged period of time, including failing to reset passwords on certain company accounts, disable local administrator accounts, perform a password reset… install two-factor authentication,” among other accusations. The judge in question, however, declined the effort to consolidate the cases, stating “it would impermissibly sweep” individuals into the suit who have not experienced actual harm.

Top FBI official speaks out in support of Section 702.

As we’ve previously discussed, Section 702, a US that authorizes government surveillance, permitting warrantless collection of data on foreign targets, is poised to expire at the end of the year. As a result, there has been much debate over whether the program should be extended, and the Washington Post reports that a top Federal Bureau of Investigation (FBI) official voiced her support for the program earlier this week. Speaking at the Aspen Verify conference on Wednesday, assistant director of the FBI’s directorate of intelligence Tonya Ugoretz stated, “It really is one of our most important national security tools for not only cyber, but really any type of national security threat.”

Among other things, opponents of Section 702 note that the data of American citizens often get swept up in investigation queries, which could be considered a violation of privacy rights. Ugoretz noted that introducing barriers preventing search queries would impede necessary investigations. She backed up her claim by describing a theoretical scenario in which preventing the issue of a warrant for Section 702 could prevent intelligence officials from obtaining the data necessary to catch the perpetrators of a ransomware attack. She explained, “We often see that foreign cyber actors conduct extensive research, reconnaissance, etc., when they are targeting in the U.S. that in the times when that information becomes known to use through 702 collection, but because the information is US personal information that we are querying is not the target of investigation, we would not be able to meet the standard for a warrant.” Jeff Kosseff, an associate professor in the US Naval Academy’s Cyber Science Department, recently argued in support of such warrant standards. “While the intelligence community is correct that such requirements can slow down intelligence operations or criminal investigations, the same can be said of nearly any restriction on government surveillance,” he stated.

Selected Reading

3CX DesktopApp Security Alert - Mandiant Appointed to Investigate (3CX) Early this morning we informed our partners and customers that our electron windows app shipped in Update 7, version numbers 18.12.407 & 18.12.416, included a severe security issue. We since learned that Electron Mac App version numbers 18.11.1213, 18.12.402, 18.12.407 & 18.12.416 have also been affected. Fortunately, anti-virus vendors flagged the executable 3CXDesktopApp.exe and

Information on Attacks Involving 3CX Desktop App (Trend Micro) In late March 2023, security researchers revealed that threat actors were actively abusing a popular business communication software from 3CX.

3CX Confirms Supply Chain Attack as Researchers Uncover Mac Component (SecurityWeek) 3CX confirms investigating a security breach as the cybersecurity community is sharing more information on the supply chain attack.

There’s a new supply chain attack targeting customers of a phone system with 12 million users (TechCrunch) North Korean hackers are using a trojanized version of 3CX’s VoIP client to install info stealer malware on corporate networks

2023 Tax Scam Emails Exposed: Unmasking Deceptive Trends (Trustwave) Tax season is a busy time of year for taxpayers and threat actors. Consumers and businesses focus on filing their taxes and getting excited over possible refunds, while cybercriminals roll out both their tried-and-true tax scams along with implementing new efforts.

Consulting company for Vines Hospital suffered a data breach (WCJB) Patients of Vines Hospital are being notified about a data breach at their consulting company.

DarkBit puts data from Israel’s Technion university on sale (CSO Online) DarkBit had previously demanded 80 bitcoins as ransom, and said it would sell the data within five days if the ransom went unpaid.

Dozens of universities affected by campus ticketing software cyberattack (Record) Students at dozens of the biggest universities and colleges in the U.S. and Canada have been affected by a cyberattack targeting an online ticketing platform.

CareFirst decision cites 'actual harm' requirement in data breach lawsuits (SC Media) In a March 28 filing, a D.C. Circuit Court judge refused to join three data breach lawsuits against CareFirst into a class action.

3rd Circ. Mulls Fairness Of Fee Award In Wawa Breach Case (Law360) Counsel for a Wawa shopper part of a settlement stemming from the data breach litigation against the convenience store chain told a Third Circuit panel that the $3 million in attorney fees for class counsel in the case were greater than the compensation the plaintiffs received.

U.S. warrant requirement for surveillance program could hamper cyber cases, FBI official warns (Washington Post) Debate heats up over requiring some warrants under surveillance program