Scammers will use anything to target businesses, including tax forms. A new phishing campaign is spreading a malicious program disguised as documents from the IRS. With the tax season in full swing soon, business owners must take extra precautions to protect sensitive company data.

Emotet Phishing Campaign Targets Taxpayers

Emotet is one of the most widespread malware programs in recent years. The latest emotet phishing campaign targets taxpayers. It impersonates the IRS and other private organizations, sending emails containing phony Form W-9 attachments.

When someone falls for the scam and installs the emotet on their computer, the malware will steal data and take control of their email. It will send spam emails using the target’s account to spread other malicious programs.

Obvious Emotet Phishing Signs to Look Out For

The Emotet phishing emails may seem legitimate, but some telltale signs give them away. The malicious emails have an attached Zip file. It contains a Word document that is supposedly the Form W-9. But you can tell it is fake because it is over 500 megabytes. No ordinary Word document is ever that big.

In addition, Microsoft has disabled macros from operating on the system. A security warning will appear when a user tries to open a malicious Word document, saying it contains blocked macros. That is the ultimate warning sign of a phishing scam, so don’t enable the content.

Emotet is trying to circumvent Microsoft’s solution by sending OneNote files instead. When a user opens the attachment, it will say the document is protected and that they must click the “View” button. Once they do, it will cause the embedded VBScript to run. OneNote will display a warning about the potentially malicious script, but inattentive users will launch it anyway.

It is essential to note that legitimate tax documents are usually in PDF form. Be cautious about opening Word, OneNote, and other file types from dubious sources.

How to Minimize Your Risks 

The Emotet phishing campaign can have disastrous outcomes for companies. But you can minimize risk by knowing the warning signs. The same goes for other malicious schemes. If business owners and employees learn about these techniques, they can prevent data loss and stop the spread of malware.

Used with permission from Article Aggregator

Cerebral, an online platform that offers mental health care services, recently suffered a data breach that may have affected up to 3.18 million users. According to its report, the breach was due to the company’s use of third-party pixel trackers.

Cerebral did not say the exact number of users affected. However, the company said it had taken steps to ease the breach’s impact.

What Exactly Are Tracking Pixels?

Tracking pixels are tiny pieces of code that businesses can embed on their websites, online ads, or marketing emails.

Whenever you use a webpage, ad, or email that contains a tracking pixel, it sends a message to a server. This message can collect data about the users, including their behavior and activity.

But criminals can use these pixels maliciously, posing a significant risk to users’ privacy.

Cerebral has been using pixels since it started in October 2019. By using third-party pixel
trackers, Cerebral left themselves open to illegal access to their system.

Consequently, the hackers were able to get their hands on users’ personal information, including their names, medical histories, and health insurance plans.

What Are the Consequences of a Data Breach?

Data breaches can have far-reaching effects on both individuals and companies. Identity theft, financial losses, and reputational damage are just a few of the dangers.

It was on Jan. 3, 2023, that Cerebral uncovered the breach. The company found out it had
mistakenly shared sensitive user information with other companies, including mental health evaluations, findings, and treatment plans.

The breach also exposed user subscription plans. Unfortunately, this put Cerebral in violation of HIPAA regulations to safeguard people’s private health information.

How Can Businesses Avoid a Data Breach?

To prevent data breaches, you must understand the potential risks of using third-party trackers. Protecting your customers’ data and being wary of data breaches is essential.

To keep your business safe from a data breach:

• Check for weak spots and threats to your business.
• Use passwords and access controls to protect critical information.
• Keep an eye out for any suspicious activity or unauthorized access.
• Train your employees to spot and deal with security problems.
• Have a plan in case there is a security breach.

The Cerebral breach highlights the importance of keeping users’ information safe. As a business, you must remain proactive in securing your data and staying updated with the latest security measures.

Used with permission from Article Aggregator

There is a new malware campaign targeting business-grade routers. It is called Hiatus, a complex operation that deploys the HiatusRAT malware. It is a kind of Remote Access Trojan (RAT) that cybercriminals use to gain remote control over a target system.

Hiatus is the first of its kind. Lumen’s security experts say it has been around since July 2022 and is still active. It gives business owners another reason to tighten cybersecurity. To help you protect your organization, here’s everything you need to know about the malicious campaign.

How Does the Hiatus Campaign Work?

The Hiatus campaign uses three components, namely a bash script, HiatusRAT, and a tcpdump variant. The threat actor will breach the target device and deploy the bash script. That will download and trigger the HiatusRAT. Next, the malware will steal the following: network data, system data, process data, and file system data.

The HiatusRAT malware will maintain communication with the C2 server. That way, the threat actor can keep watch over the target network. The bash script will also set up a packet-capturing program to monitor activity in TCP ports. The data there is unencrypted, so it is easy for hackers to steal.

Who Is the Hiatus Campaign Targeting?

The Hiatus campaign targets DayTrek Vigor VPN routers nearing the end of their lives. These are the 3900 and 2690 models with the i386 architecture. Businesses use these high-bandwidth routers to provide VPN support to their remote employees.

Small to medium-sized companies are the common users of these routers, so they are at high risk for attack. As of February, researchers said around 4,000 machines are vulnerable. They suspect the threat actors are spying on their targets and building a proxy network. The affected regions include Europe and North and South America.

However, the attackers are keeping a low profile to avoid detection. Out of all the routers they can attack, they have only breached 2%. That’s around a hundred compromised routers. The strategy also allows them to focus on the most critical profiles.

The Bottom Line

The HiatusRAT malware can harvest all kinds of data and communicate with remote servers. The Hiatus campaign is ongoing, and no one knows how many it will victimize. That is why business owners should not let their guard down. Not only can you lose money and intellectual property in a data breach, but you will also break your customers’ trust. Invest in your organization’s security before it is too late.

Used with permission from Article Aggregator