Welcome to Codebook, the cybersecurity newsletter that doesn't understand what Britain's problem is. The European Union met all of our demands to get us to leave.
Illustration: Sara Grillo/Axios
With tax day rapidly approaching, it's beginning to look like this tax season will show a sharp decline in breaches swiping data used to file fake tax returns. Risk Based Security (RBS), a cybersecurity group that monitors breach notifications, has tracked only 5 reports of theft of tax data this season, down from around 40 in the whole of last year's tax season and 230 the year before.
Why it matters: While the number of tax-document-related breaches has been on the decline for a while, it's still surprising to see such a rapid drop, even after the number had plummeted into the double digits.
Details: The RBS numbers are interesting.
By the numbers: RBS isn't the only group seeing a downward trend. The IRS hasn't released information for this season yet, but noted in 2018, through October:
The intrigue: Typically, when one type of cybercrime goes down, another type goes up — if you prevent one way of exploiting people, hackers move on to another. But RBS hasn't found a corresponding rise in any other field.
Experts don't see a clearcut reason for the decline, but there are some spitball-able theories.
To be sure: None of this is an excuse to stop protecting yourself or your employees.
Hackers modified a Pakistani government website where citizens can request passports to spy on visitors, according to researchers at Trustwave. The infection is still active.
The big picture: The code added to the website, known as Scanbox, performs reconnaissance on visitors and has been associated with espionage attacks in the past. Other actors use it too, and Trustwave is not attributing the attack to any government or criminal groups.
Details: Scanbox logs keystrokes, providing hackers with users' login information, and it also sends back information about the user's system.
Researchers at Cisco Talos discovered a new credit card system malware, GlitchPOS, being sold on hacker forums, that's notable for how easy it is to use, even for non-technical users.
Why it matters: GlitchPOS invites a whole new class of criminals to enter the point-of-sale terminal hacking game.
What they're saying: "If you can install a video game, you can now install a sophisticated POS malware empire," said Craig Williams, director of outreach at Talos. "If Apple was going to make POS malware, this is what it would look like."
You can't trust anyone: Talos notes that one of the early purchasers of GlitchPOS has begun selling it on his own, claiming to be the original author. And if you can't trust credit card thieves, who can you trust?
Meanwhile: While some people like Volvos, other people like Ferraris. Researchers at Flashpoint discovered POS malware in use since 2016 with a unique, powerful feature not usually seen in its ilk.
Photo: Jaap Arriens/NurPhoto via Getty Images
Not everything is a cyberattack. Facebook fended off rumors that an outage of its products, including Facebook and Instagram, was the result of a DDoS attack.
Senators Ron Wyden (D-Ore.) and Tom Cotton (R-Ark.) asked the Senate security staff to start issuing reports about breaches on the Senate network.
The big picture: "According to media reports, Russian and Chinese hackers have in recent years breached the White House, Pentagon, State Department, and other agencies in the executive branch. Yet, the last publicly disclosed breach of congressional computers was in 2009," the senators wrote in a letter dated Wednesday.
Codebook will be back next week.