Insights: Article

Cyber Security Brief

Current Cyber News & What it Means for you

By   Karen Andersen

February 21, 2018

Overhead View of Designers

Looking to make sense of the fluid nature of cyber security? 

Each month we strive to bring you the hacks, the vulnerabilities and the challenges of securing your day to day habits and work environment.  This brief is intended to help you make sense of the ever-changing world of cyber security and to help you avoid similar scenarios. 

Read on for the latest breaking stories.



February 2018


Brian Krebs writes a security blog, KrebsonSecurity.com, which recently shared details of tax preparer fraud to help people be aware: 

"On Feb. 2, 2018, the IRS issued a warning to tax preparers, urging them to step up their security in light of increased attacks. On Feb. 13, the IRS warned that phony refunds through hacked tax preparation accounts are a “quickly growing scam.” "

Basically, identity thieves focused on tax fraud, hack online accounts at tax preparers, and file phony tax returns.  Clients receive tax refunds they were not expecting.  Then the victim receives notification from a fraudster, posing as a debt collector or even as the IRS, stating they have received funds in error, and demanding that the funds are repaid immediately.  The scam may also include a website with a posted video, explaining the error and how to return the funds via wire transfer along with instructions. Some scams even assign a case worker along with telephone number and email address, to “help resolve the issue.”  The hackers provide the social security number of the targeted individual along with other personal information such as date of birth, address, to make the scam appear official.

“Thieves know it is more difficult to identify and halt fraudulent tax returns when they are using real client data such as income, dependents, credits and deductions,” the agency noted in the Feb. 2 alert. “Generally, criminals find alternative ways to get the fraudulent refunds delivered to themselves rather than the real taxpayers.”

One last note of caution, if you go to file taxes and receive a notice that your taxes have already been filed, it is a good indicator that a scam artist may have beat you to it.  Tax fraud is so prevalent, the IRS provides documentation "Taxpayer Guide to Identity Theft" along with a form to file in the event you are a victim.

Brian's original blog can be found here.

If you suspect you are a victim of tax fraud contact your Eide Bailly team immediately.

January 2018


A team of researchers from Google, who refer to themselves as Project Zero, have released information regarding two significant vulnerabilities in the Central Processing Units (CPUs) – the primary computer chips – produced by all major chip manufacturers. Referred to as Meltdown and Spectre, these vulnerabilities threaten almost all personal computers, laptops, tablets, and smartphones produced in the past 20 years. Once a hacker has access to a computer or device, they can exploit these vulnerabilities to extract data from that system’s memory, including even sensitive personal information or passwords.  Many software vendors have released patches (updates and instructions) to help prevent hackers from exploiting these vulnerabilities; however, the fixes can be very complex.  It has been determined that specific versions of anti-virus software prevent the patch from being applied.  The result is a “blue screen of death” which renders a computer unusable without further recovery efforts. In addition, because these vulnerabilities are so deeply embedded in processes a computer chip uses to manage data, it is unclear how long it will take to truly develop a complete solution.

These new revelations of flaws that reside at the very heart of our systems provide a timely reminder of the importance of cyber security.  Organizations need additional emphasis and due diligence on basic security activities, including:

  • security awareness training and education
  • network vulnerability and penetration testing
  • monitoring and detection activities
  • incident response planning

The Cyber Security Team at Eide Bailly helps clients navigate the often complex process of implementing critical software updates to mitigate the Meltdown and Spectre vulnerabilities.  In addition, we help organizations establish the basic security practices and activities that will strengthen their internal culture of security.

If you have any questions about these services, please contact Anders Erickson, Director of Cyber Security Services, at aerickson@eidebailly.com or (208)383-4731.

December 2017


Email spoofing is a trick that has been employed by hackers for a long time. The hacker alters the “From” field in an email so that it appears to originate from someone other than the hacker. The objective is to trick the recipient into believing the email is from a trusted source, such as a friend or coworker.

Security researchers recently discovered a set of vulnerabilities that could be exploited to perform email spoofing on several widely-used email applications. They have called this collection of email vulnerabilities MailSploit. Recently, a number of organizations and individuals have been victims of MailSpoit attacks.

How can you help protect yourself from email spoofing? Here are five helpful tips:

  1. Proceed with caution if you don’t recognize the sender of an email. Check to see if the email address matches the signature line or is a trusted email address. 
  2. Be suspicious of emails with language that contains misspellings or that doesn’t “sound” right. 
  3. Hover over hyperlinks (don’t click on them) and look closely to see if they appear legitimate – with some fonts, the letter ‘r’ next to ‘n’ can look like the letter ‘m’. 
  4. Never use a hyperlink in an email to provide credentials and personal information. Instead, open your web browser and go directly to the application or website. 
  5. Avoid accessing free or unsecured wireless networks unless utilizing a virtual private network (VPN). 

If you are concerned that you may have already been the victim of email spoofing, please contact your local IT team immediately. They can help to identify and limit the impact of any data breach that may have occurred.

September 2017


The credit monitoring service Equifax experienced a data security breach that could affect as many as 143 million people. Hackers exploited a flaw on the Equifax website to gain unauthorized access to files that contained consumer identity and credit card information.

The breach provides us with two important reminders:

  1. Individuals must remain vigilant in monitoring and protecting our own identities. This Consumer Reports article provides details on how to monitor for fraud and take action should you see that something has taken place.
  2. Organizations should be prioritizing the development of a culture where cyber security is seen as an element critical to success. Leaders and executives should promote strong cyber security practices and ensure that activities like the following are addressed on an ongoing basis:
    • Security Awareness Training
    • Vendor Management
    • Event Detection and Response
    • Incident and Contingency Planning

The firm offers a foundational risk assessment – Cyber Security Compass® – that provides non-IT leaders with an overview of how their organization has addressed these and other cyber security risks. This assessment also outlines recommendations and priority projects to help direct risk remediation efforts.

If you have any questions about these services, please contact Anders Erickson, Director of Cyber Security Services, at aerickson@eidebailly.com or (208)383-4731.

August 2017


Google recently notified its employees and the state of California that they had been victims of a cyber security breach. One of their travel agencies, Carlson Wagonlit Travel (CWT), utilizes the system called SynXis Central Reservation System (CRS), which is owned and operated by Sabre Hospitality Solutions.  Sabre discovered that hackers had gained unauthorized access to SynXis CRS. The hackers had taken travel reservation data including names, contact information, and payment card information. Google is now managing the impact and cost of a security breach that occurred at a vendor (Sabre) used by their vendor (CWT). This story highlights a significant challenge all organizations face as they enter into vendor relationships – how to ensure they partner with organizations who treat their data in a secure manner.

We live in an increasingly outsourced world. Organizations are eager to capitalize on the cost savings that result from contracting with third-parties to perform anything from payroll processing to software development.  The common thread throughout all these outsourced activities is the sharing of data, and if those third-parties don’t have adequate security practices, then that shared data is at risk of being compromised.  Cyber Security experts at Eide Bailly recently conducted a risk assessment at a manufacturing client where they identified over five vendors who had significant access to the company’s systems or data with little or no oversight. The team is now assisting this client in establishing a vendor management program to regulate the data and access provided to third-parties and to hold vendors accountable for the security of data with which they are entrusted.

June 2017


A plastic surgery clinic in Lithuania recently had their customers’ personal health records stolen in a phishing attack conducted by a group of hackers who call themselves “Team Tsar”. These records included personal information along with images of patients from both before and after their surgery. The hackers threatened to release these sensitive health records to the general public if the clinic didn’t pay a ransom. Once this clinic refused to pay the ransom, the hackers followed through on their threat and released the records. As could be expected, the fallout was swift and heavy, resulting in significant loss of consumer trust and revenue. The experience of this clinic demonstrates an important cyber security principle – Much, if not all, data can be exploited to create value. In this instance, the hackers used extortion in an attempt to increase the value of data.

Clinics and smaller medical practices carry a heavy burden when it comes to cyber security. They operate under the same risks as larger hospitals and medical institutions but often don’t have the resources to implement sound cyber security practices. Cyber security experts at Eide Bailly recently completed Cyber Security Compass risk assessments at six local access hospitals in South Dakota. These professionals brought extensive healthcare experience to these engagements and helped these institutions identify risks that could place their patient’s personal health records at risk. The reports from these assessments provided non-IT executives and board members with a clear understanding of their organization’s cyber security risks and outlined recommendations for remediation. Using our recommendations, these organizations are now prepared to make strategic cyber security investments.

May 2017


On Friday, May 12, organizations all around the world were victims of ransomware attacks. Cybersecurity experts tracked more than 75,000 coordinated ransomware attacks in 99 countries. Ransomware locks the files on an infected computer rendering them inaccessible.  The victim is then instructed to pay the hackers a “ransom” before the files can be unlocked. The British National Health System was one of these victims, causing hospitals across the United Kingdom to turn away patients. Other victims included Russia’s Interior Ministry and Telefonica (one of the largest private telecommunications companies in the world). The attackers demanded ransoms of only $300, indicating that their goal was to infect as many organizations as possible – irrespective of size. Even small and mid-sized organizations were targeted.

Organizations face ever-increasing risk of attacks to their computer systems and networks. Without appropriate preparation, monitoring, and response, their operations could be negatively impacted or their critical data lost.  Eide Bailly’s Cyber Security team has the experience and tools necessary to prepare and educate clients so they are not the next victim of ransomware. If an organization has experienced a ransomware attack, we can provide response management and risk assessment services to give clients peace of mind.


You may recall the 1983 movie “War Games” in which Matthew Broderick plays a high school student who, at one point, uses a stolen password to hack into the school’s computer system to change his grades.  Just recently this scene played out in real life.  A high school sophomore attending a Spring Branch Independent School District school in Houston, Texas was arrested on March 31, 2017 and charged with a felony for hacking the District’s computer system with the purpose of changing student grades.  Just like in the movie, this student used a stolen password to hack into the system and took it even a step further by offering to change other students’ grades for a fee.

School systems and higher education face a significant challenge when it comes to cyber security.  Their young students know as much or more about their computer systems than those charged with administering them. Eide Bailly’s Cyber Security team recently completed a Cyber Security Compass assessment at a school district in Idaho.  With over 14,500 students, 1,500 employees, and thousands of computers and tablets, the district’s leadership was seriously concerned about their organization’s cyber security readiness.   The Cyber Security Compass provided them a clear understanding of their cyber security risks and gave recommendations to help them begin strategically tackling these risks.

April 2017


In the most recent Threat Intelligence Report publish by Nokia, researchers found that software viruses or malware infecting mobile devices (e.g., cell phones and tablets) had increased 83 percent in the second half of 2016.  The report suggests that this increase represents a shift from hackers targeting traditional computers to going after mobile devices.  One of the most common methods of infecting mobile devices is through “Trojan” apps.  Like the Trojan Horse of Greek mythology, these apps look like a game or something harmless but when they are installed on a mobile device, they execute malware that allows a hacker to access or steal data from that device.  One thing users can do to protect themselves from these types of viruses is to avoid downloading apps from locations other than the Apple or Android app store. 

Most organizations allow their employees to access organizational data through their mobile devices.  Whether that’s emails, files, or the corporate directory, the access they provide to their employees represents a significant business risk.  If not properly protected, malware infecting an employee’s mobile device can place our client’s data in jeopardy.  Eide Bailly’s Cyber Security team can assist your clients in protecting their data on mobile devices by:

  • Helping establish a secure mobile device policy;
  • Implementing mobile device management (MDM) software, which allows our clients to safeguard corporate data on their employees’ mobile devices; and
  • Educating employees on the dangers of mobile devices and how they can help protect themselves and their organization.

If you have any questions about these services or would like to better understand how we help our clients feel more confident about their cyber security, please contact Anders Erickson, Director of Cyber Security Services, at aerickson@eidebailly.com or (208)383-4731.