• Blog
  • Partners
    • Overview
    • Partner Resource Center
  • Customer Login
    • North America
    • Europe
  • Support
Alert Logic
  • Why Alert Logic
    • Overview
    • Full Stack Security
    • Experts Included
    • Built For Cloud
    • Success Stories
    FEATURED CASE STUDY
    Wealth Wizards Featured Case Study - Customers Nav
    WealthWizards

    "We chose Alert Logic because we can be safe in the knowledge that we've got experts looking at our network activity 24/7 when we're not able to do it."

    Richard Marshall
    Head of Platform

  • Solutions
    • Solutions
    • Solutions Overview
      Security-as-a-Service Offerings
    • Cloud Defender
      Managed Cloud Security
    • Cloud Insight Essentials
      AWS Vulnerability Management
    • Log Manager & Log Review
      Log Correlation & Analysis
    • Web Security Manager
      Web Application Firewall
    • Threat Manager
      Network Intrusion Detection
    • ActiveWatch
      Managed Services
    • Use Cases
    • Assess
    • Detect
    • Block
    • Comply
    • Environments
    • Amazon Web Services
    • Microsoft Azure
    • Google Cloud Platform
    • Hybrid

    Full-Stack Security.
    Experts Included.
    Built For Cloud.

    Schedule Demo
  • Resources
    • Resource Library
    • Blog
    • Industry Reports
    • Cloud Security Report 2017
    • Case Studies
    • Security Checklists
    • Datasheets
    • ActiveIntegration API
    • Infographics
    • Webinars
    • Whitepapers
    • Videos
    • Help Center
    Alert Logic CLoud Security Report 2017 - Download Here
    Download Report
  • About Us
    • OVERVIEW:
    • About Us
    • Leadership
    • Board of Directors
    • Investors
    • Awards
    • Corporate Compliance
    • MEDIA & EVENTS:
    • Press Releases 
    • Media Coverage
    • Events
    • Cloud Security Summit
    • SUPPORT:
    • Community
    • Alert Logic Docs
    • Learn
    • Knowledge Base
    • CAREERS:
    • Alert Logic Careers
    • Alert Logic Jobs
Contact Sales

Close
  • Home
  • Why Alert Logic
    • Overview
    • Full Stack Security
    • Cyber Security Experts Included
    • Built For Cloud
  • Solutions
    • SOLUTIONS
    • Alert Logic® Cloud Defender®Managed Cloud Security Solution
    • Alert Logic® ActiveWatch™ActiveWatch Managed Detection & Response
    • Alert Logic® Web Security ManagerManaged Web Application Firewall (WAF)
    • Alert Logic® Threat Manager™Network Intrusion Detection System (IDS)
    • Alert Logic® Cloud InsightAWS Vulnerability Scanning
    • Alert Logic® Log Manager™Log Management Software
    • Compliance
    • USE CASES
    • Assess
    • Detect
    • Block
    • Security Compliance
    • ENVIRONMENTS
    • AWS Security
    • Microsoft Azure Security
    • Google Cloud Security
    • Hybrid Cloud Security
  • Partners
  • Resources
    • Resource Library
    • Blog
    • Industry Reports
    • Cloud Security Report 2017
    • Case Studies
    • Webinars
    • Whitepapers
    • Security Checklists
    • Datasheets
    • ActiveIntegration API
    • Infographics
    • Videos
    • New Economics of Cloud Security
    • Support
  • About Us
    • About Us
    • Leadership
    • Board of Directors
    • Investors
    • Awards
    • Corporate Compliance
    • Press Releases 
    • Media Coverage
    • Events
    • Alert Logic Careers
    • Alert Logic Jobs
    • Cloud Security Summit
    • LEARN
  • Support
  • Contact Us
  • Home
  • Unauthorized Parties Gain Access to Tax Database

Unauthorized Parties Gain Access to Tax Database

This week, we hear the latest on the TaxAct data breach and new developments in the BlackEnergy malware story.

Breach

Unauthorized Parties Gain Access to Tax Database 

TaxAct, tax software maker, informed its customers that an unauthorized third party gained access to their TaxAct accounts in late 2015.  According to a letter released by TaxAct, accounts created between November 10, 2015 and December 4, 2015 may have been compromised by a cyber criminal. There is evidence the attacker viewed and possibly copied or printed stored tax returns and gained access to social security numbers, addresses, names, driver’s license numbers and bank account information. 

TaxAct did not give a figure for those affected; however, TaxAct suspended less than 0.25% accounts after identifying instances of suspicious activity. TaxAct suspects the information used to conduct the attack was obtained from an outside source. 

The company disabled affected accounts and has offered customers a year of free credit monitoring, a $1 million insurance reimbursement policy, and access to ID protection experts.  

References: TaxAct breached: Customer banking and Social Security information compromised | TaxAct Acknowledges Data Breach

Mitigation Strategies:

  • Network traffic analysis to detect data exfiltration
  • Intrusion detection system (IDS) signatures would detect intrusion and network anomalies.
  • Log management could detect any suspicious user account activity. 

Malware

Ukraine Power Outage Linked to Spear Phishing Attack 

A power cut in western Ukraine last month was caused by spear phishing, says the U.S. Department of Homeland Security (DHS).

The attack caused a blackout for 80,000 customers of western Ukraine's Prykarpattyaoblenergo utility. Experts have described the incident as the first known power outage caused by a cyber attack. Ukraine's state security service has attributed the attack to state-sponsored hackers from Russia.

DHS said the "BlackEnergy Malware" used in the attack appears to have infected Ukraine's systems via a corrupted Microsoft Word attachment. The same code was detected in 2014 within systems at U.S. facilities, but there was no known successful disruption to the U.S. grid.

Crimea, the region annexed from Ukraine by Russia, has suffered repeated power cuts since Russia seized the territory in March last year. Russia has blamed pro-Ukraine saboteurs for the outages.

Independent analysts have linked the recent spear phishing attack to Russia. iSight Partners, a U.S. security firm, said the probable culprit was the so-called "Sandworm Team," a Russian hacking group it has been tracking for more than a year. "We have linked the Sandworm Team to the incident, principally based on BlackEnergy 3, the malware that has become their calling card," John Hultquist, director of cyber espionage analysis at iSight Partners, said in a blog post.

A report released by SANS ICS over the weekend concluded hackers probably caused Ukraine's six-hour outage by remotely switching breakers in a way that cut power.

References: Hackers caused power cut in western Ukraine | Analysis confirms coordinated hack attack caused Ukrainian power outage

Mitigation Strategies:

  • Intrusion Detection System (IDS) signatures to detect the malware attempting specifically observed call back information
  • Netflow traffic may also reveal large data transfers and data leakage
  • Log management could detect external IP information from the attacker if logs are configured 

Top 20 IP Addresses

217.114.218.18 92.249.104.63
31.204.150.138 162.248.52.111
180.97.221.22 82.199.130.34
23.251.32.154 185.26.122.13
209.58.130.151 209.58.131.168
209.17.114.78 78.129.180.33
176.124.138.110 190.121.21.211
88.198.41.86 213.251.182.115
216.155.144.251 104.194.26.205
198.1.110.182 31.204.152.102

These IPs are collated from the most frequent IP addresses that are detected as having attempted to attack our customers. Occasionally this list may include the IP addresses of legitimate penetration testers who have been contracted to launch cyber attacks against an organization as part of an exercise. These attacks are identical to those sent from criminals. They are detected, blocked, and processed in the same way as any other cyber attack. We aim to remove the IP addresses from known penetration testing companies, even though they represent the source of some of our most frequent attacks. Occasionally such IP addresses escape our vigilance and are included in the list. Recipients of this list should take their own steps to verify the validity and relevance of the content before blacklisting.

 

Contact Alert Logic
Contact Us

SCHEDULE A DEMO

Want to learn about Alert Logic products in more detail? Call us direct at +1.877.484.8383, for the UK call +44 (0) 203 011 5533, or complete this form. An Alert Logic representative will contact you soon.

Alert Logic
  • Solutions
  • Customers
  • Partners
  • Resources
  • About Us
  • Toll Free: +1.877.484.8383
  • Corporate: +1.713.484.8383
  • UK: +44 (0) 203 011 5533
  • Fax: +1.713.660.7988
  • Email: info@alertlogic.com
Alert Logic

Contact Us

United States:
844.816.1051

United Kingdom:
+44 (0) 203 011 55331

Or fill out the form below and an Alert Logic represetitive will contact you shortly.

Copyright © 2010-2018 Alert Logic, Inc.
All rights reserved. Terms of Use | Privacy Policy