BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Cryptocurrency, S Corporations Make List Of New IRS Compliance Campaigns
IRS Closing Offshore Account Amnesty, Here's How To Cut Huge Penalties
Tax Lawyer Advises Jeff Bezos To Use Social Welfare Organization For His Philanthropy
Delaying Tax Refunds Constrains Spending On Daily Living Expenses
What Kids And Their Parents Should Know About Summer Jobs And Taxes
On July 4, How Taxes, Tariffs & Tea Led To American Independence
Edit Story
ForbesMoneyTaxes
Editors' Pick

Massive Cyberattack Traced To Tax Software

Kelly Phillips Erb
Forbes Staff
I write about tax news, tax policy and tax information.
Following
This article is more than 6 years old.
Tweet This

A worldwide cyberattack that affected companies in 64 different countries, including those in the United States, caused panic as security experts scrambled to find out how it happened. Microsoft now believes it can trace the origins of the cyberattack to a Ukrainian company's tax accounting software.

(For more on the attack, see this Forbes article.)

Microsoft has reported that "[i]nitial infection appears to involve a software supply-chain threat involving the Ukrainian company M.E.Doc, which develops tax accounting software, MEDoc." The software giant went on to say that although had been widely speculated, including from Ukraine’s own Cyber Police, there had previously only been circumstantial evidence - until now.

As Microsoft noted, other security experts had also suggested that M.E.Doc was the source of the attack. However, M.E.Doc denied those allegations yesterday, writing on its Facebook page, "The team development team denies this information and argues that such conclusions are clearly erroneous because the developer of m.e.doc, as a responsible supplier of the software, monitors the safety and cleanliness of its own code" (translated from the original).

However, researchers at ESET, a global security firm, also confirmed that "[a]ttackers have successfully compromised the accounting software M.E.Doc, popular across various industries in Ukraine, including financial institutions." The result? A fast moving cyberattack.

Here's what happened in more simple terms. The cyberattack involved malware. Malware does exactly what it sounds like: short for "malicious software," malware installs itself on your computer with the intent to cause some kind of harm. Malware can take many forms including viruses and worms, as well as ransomware and spyware. In this case, the malware attempted to infect the computer in an attempt to hold the computer hostage by encrypting its files.

What would cause someone to want to target so many computer systems? Likely money. This malware was a kind of ransomware. Unlike spyware which attempts to gain access to your computer's files to get information about your financial accounts, ransomware is typically a much more straightforward play for cash. In this case, computers affected by the attack reported that they received a message. The message read, "Ooops, your important files are encrypted. If you see this text, then your files are no longer accessible, because they have been encrypted." The message went on to say, "We guarantee that you can recover all your files safely and easily. All you need to do is submit the payment and purchase the decryption key." What followed were instructions how to make the payment of $300 in Bitcoin to the hackers.

The hackers allegedly got away with just $20,000 before the email address linked to the Bitcoin account was shut down. Bitcoin transactions are anonymous, which makes them appealing to hackers and scammers. However, Bitcoin transactions are publicly recorded on blockchain (think of it like a digital ledger open to everyone) and can be viewed even if the recipient can't easily be identified.

While malware is often spread via email - think of those scam emails that the Internal Revenue Service (IRS) has been warning taxpayers and tax professionals about - the latest attack has "wormlike" or lateral movement. That means, as Microsoft explains, "it only takes a single infected machine to affect a network."

The lesson to be learned? Criminals are becoming more sophisticated when it comes to ways they can steal and control information. And you don't have to be a global shipping company or national railroad to be a target. While you can't stop all of the bad guys, you can take some simple steps to secure your information:

  • Use secure passwords and two-step authentication when possible for email and other accounts.
  • Pay attention to security features put in place by the tech department at your place of work: they're there for a reason.
  • Don't respond to or click on a link in an email or attachment from a sender that you don't recognize.
  • Don't give out PINs or passwords over the phone or via email: a legitimate company will never ask you for this information.
  • Be on alert for phishing emails, calls or texts from scammers posing as banks, credit card companies, tax software providers or the IRS.

My advice? If in doubt, assume it's a scam.

For more tips on protecting yourself from identity theft, click here.

Follow me on Twitter or LinkedInSend me a secure tip
Kelly Phillips Erb
Kelly Phillips Erb