Cybersecurity Today: Episode Summary

Title: Tax Time Accelerates Phishing Attacks and Cybersecurity Expert Falsifies Credentials
Host: Jim Love (Hosted by David Shipley)
Release Date: April 7, 2025

1. Surge in Tax-Themed Phishing Attacks

As tax deadlines approach in the United States and Canada, cybercriminals are intensifying their phishing campaigns targeting taxpayers. David Shipley opens the episode by highlighting Microsoft’s latest report on the evolution and sophistication of these threats.

Key Points:

• Sophisticated Techniques: Attackers are utilizing QR codes and URL shorteners to conceal malicious links. Microsoft's Threat Intelligence team has documented various baiting strategies, including emails that mimic IRS communications.

  Quote:

  “Microsoft’s Threat Intelligence team is reporting that they've seen campaigns using QR codes and URL of web link shortener services...” [02:15]

• Phishing Platforms: The campaigns often employ platforms like racoon O365 phishing as a Service and leverage remote access Trojans (RATs) to infiltrate systems.

• Common Email Subjects: Examples include:

  • "Notice IRS has flagged issues with your tax filing"
  • "Unusual activity detected in your IRS filing"
  • "Important action required IRS audit"

• IRS Communication Protocol: Shipley emphasizes that the IRS never initiates contact via email, text, or social media to request personal or financial information.

  Quote:

  “It's crucial to note that the IRS does not initiate contact with taxpayers by email, text or messages on social media to request personal or financial information.” [05:30]

• Phishing Simulations Caution: While simulating phishing attacks can educate employees, the IRS prohibits using its name or logos in such simulations. Violating this can lead to legal repercussions.

  Advice:

  "If you are determined to do a tax themed phishing simulation, avoid using government agency real names or logos." [09:45]

• Educational Alternatives: Instead of direct simulations, organizations should deploy educational modules, conduct virtual or in-person training sessions, and share real examples to raise awareness.

2. Credential Scandal Surrounding a Minnesota Cybersecurity Expert

The episode delves into a shocking revelation uncovered by cybersecurity journalist Brian Krebs. A prominent Minnesota cybersecurity and computer forensics expert, Mark Lanterman, is under scrutiny for falsifying his credentials.

Key Points:

• Background of the Expert: Lanterman founded Computer Forensic Services (CFS) and has supposedly testified in over 2,000 cases over three decades, covering a wide array of criminal and civil matters.

  Quote:

  “Mark Lanterman...founded the Minneapolis consulting firm Computer Forensic Services, or CFS.” [12:20]

• Falsified Credentials: Allegations surfaced that Lanterman lied about his academic qualifications, claiming degrees from Uppsala College and postgraduate work at Harvard University, which are unverifiable.

  Quote:

  “Harrington alleged that Lanterman had lied under oath in court... he had completed his postgraduate work in cybersecurity at Harvard University.” [16:10]

• Consequences: The CFS website removed references to Lanterman’s extensive career following inquiries from Hennepin County’s Attorney's office and an FBI investigation. This breach of trust raises concerns about the validity of his past testimonies, potentially reopening numerous cases where his input was pivotal.

• Ethical Concerns: The scandal underscores the necessity for strict professional standards and reliable accreditation in cybersecurity roles, especially those involved in legal proceedings.

  Quote:

  “At a minimum, certain highly specialized roles like cyber forensics should absolutely be held to the same high professional standards as other fields.” [22:05]

• Implications for the Industry: The incident may prompt the formation of professional associations and regulatory bodies to ensure the credibility and ethical conduct of cybersecurity experts.

3. Cyber Attacks Targeting Australian Retirement Funds

The episode shifts focus to a significant cyberattack affecting Australia’s largest superannuation providers. The breach resulted in substantial financial losses for members and has raised serious questions about the security measures in place.

Key Points:

• Scope of the Breach: Targets included major funds like Resthost + Insignia, Australian Retirement, and Australian Super, with the latter experiencing losses totaling approximately AU$500,000 (US$305,000).

  Quote:

  “Actors had timed the account takeovers to occur in the early morning hours when people would be asleep...” [25:40]

• Attack Strategy: Cybercriminals exploited the vulnerability of account security during off-peak hours, maximizing the chances of undetected unauthorized access and fund transfers.

• Response and Compensation: Australian Super is collaborating with authorities to recover the stolen funds but has not yet committed to fully compensating affected members.

• Multi-Factor Authentication (MFA) Concerns:

  • Lack of MFA Implementation: A pivotal question remains whether compromised accounts had MFA enabled. Financial institutions often hesitate to implement MFA due to fears of reducing customer convenience and potentially losing clients to competitors.

  Quote:

  “Financial services providers must be required to offer MFA and ideally they should only allow customers to choose from MFA methods...” [29:15]

  • Shared Responsibility Model: Emphasizes that both financial institutions and customers share the burden of securing accounts. Institutions should enforce MFA, and customers must stay vigilant against social engineering attempts.

• Regulatory Recommendations: The episode advocates for mandatory MFA in financial services and comprehensive security awareness training for customers to mitigate risks.

  Advice:

  “Customers must be required to take basic security awareness about their financial services account...” [33:50]

Conclusion

David Shipley wraps up the episode by reiterating the critical importance of staying informed about evolving cyber threats, maintaining stringent security protocols, and upholding professional integrity within the cybersecurity field. He encourages listeners to reach out with their opinions and experiences to foster a community resilient against cyber adversaries.

Final Quote:

“I'm always interested in your opinion...” [38:00]

This episode of Cybersecurity Today provides a comprehensive overview of the latest threats and challenges in the cybersecurity landscape, emphasizing proactive measures and ethical standards to safeguard against escalating cyber risks.