A. Why Tax Authorities are Prime Targets for Cyber Attacks
Tax Authorities have critical roles in national financial systems, making them prime targets for cyber-attacks. Tax authorities manage huge amounts of funds and sensitive information and have a critical role in the operational activity of governmental services. In many cases, tax authorities rely on legacy IT systems, increasing their vulnerability to digital threats. Beyond the operational and financial damage cyber-attacks can inflict on tax authorities, successful disruption of tax authorities is seen as symbolic achievements for cyber-attackers. In this article, we will review the unique vulnerabilities of tax authorities, review examples of cyber-attacks on tax authorities in different countries from recent years and will conclude with recommendations on how tax authorities can improve their cyber resilience and readiness to cyber-attacks.
B. Sensitivity of Tax Authorities – Prime Targets for Cyberattacks
Tax Authorities are a crucial part of any national economic infrastructure and are lucrative targets of cyber attacker due to the assets they hold and the governments they represent. Some of the factors making tax authorities attractive targets for cyber-attacks include:
C. Examples of cyber-attacks on Tax Authorities
a. Attack Type: Distributed Denial-of-Service (DDoS) attack, causing disruption to the Polish national tax portal.
b. Impact: Short-term disruption, with the website crashing and blocking access to online tax for a day.
c. Resolution: No data breach occurred; authorities monitored and managed the incident without specifying further recovery details.
2. Costa Rica – Ransomware Attack on Government Systems – April-May 2022
a. Attack Type: A ransomware attack by the Conti Group, utilizing malware to encrypt government systems, demanding a ransom of $20 million.
b. Impact: Severe disruption of governmental services, including tax collection and customs, impacting Costa Rica's economy and public sector operations.
c. Resolution: The Costa Rican government declined to pay ransom, initiated recovery efforts with international cybersecurity assistance.
3. United States - Attack on the IRS Compromised in the SolarWinds Supply Chain Attack - December 2020.
a. Attack Type: The IRS was attacked by a supply chain attack with inserting a malicious code to an IT monitoring software named Orion, programmed by SolarWinds. The malicious code creates a backdoor through which hackers can access and impersonate users and accounts of victim organizations. The malware could also access system files and blend in with legitimate SolarWinds activity without detection, even by antivirus software. In simple terms, the attackers attacked the IRS by infiltrating a software it was using, by hacking its update. The backdoor inserted by the attackers was unrecognized to users and seemed identical to a legitimate update.
b. Impact: The attack potentially exposed sensitive taxpayer information and jeopardized government data integrity. It raised concerns about the breadth of access gained by the attackers to the federal systems.
c. Resolution: After the attack was uncovered by FireEye, The IRS cybersecurity and IT teams isolated the compromised Orion software, deployment of patches, and institution of additional rigorous security measures. Since the hack was active for over a year until it was detected, it required long ongoing efforts to resolve and assess the damages following the attack.
D. Recommendations for Tax Authorities to Enhance Cybersecurity: