According to Cofense, Emotet is back in the news. Emotet is well-known for spreading malware via phishing emails. This latest phishing campaign shows them pretending to be the IRS.
Despite their appearances, these emails appear legitimate. The Emotet gang understands that potential victims won't pay attention to emails claiming to contain tax documents because they expect them anyway.
Although the details may vary from email to email, the basic idea of the emails associated with this campaign is the following. "Hi, we are the IRS and we are contacting your company with some completed tax forms." Or, in other variants, "We are contacting you with tax forms that you need to complete and return to us."
This isn't surprising considering the tax season. Surprisingly, a surprising number of email recipients open the attached attachments.
You won't be able to open the emails and it won't make you lose your mind. However, if you enter the password to unlock the file attached, you will be doomed. Emotet and any other malicious payloads that hackers may want to install in the background will be installed.
The malware can also scan your address book and steal your email addresses. This is done to extend the campaign's longevity by allowing it to use the addresses in future reply-chain attacks.
Vigilance is the best defense against this type of attack. These are the standard email defenses. Do not open attachments from people you do not know. If the sender appears to be a government agency call them to confirm that they have sent you an email.
Take care. Your employees are your best defense against cyber attacks. Integrated Technology Systems can train your employees to recognize phishing emails and other signs of possible problems.
Automotive Part Maker Denso Is Latest To Have Data Breached
The latest victim of a hacking attack is DENSO, an automotive parts company. This company supplies parts to many brands, including General Motors and Fiat. It has offices around the globe.
The company employs more than 160,000 people, and has revenues exceeding $44 billion USD in 2021.
The company had these words to say about the incident
"DENSO confirmed that the network of its group company in Germany was illegally accessed on March 10, 2022 by a third party.
After detecting the unauthorized access, DENSO immediately cut the network connection to devices that had been accessed and confirmed that no other DENSO facilities were affected.
Given the size of DENSO, it's fortunate that no production plants were shut down by the attack. We are still working to resolve the supply chain issues that caused the pandemic. This could have had a devastating impact on the entire automotive industry."
The Pandora Ransomware gang, which was launched in March 2022, is new. They are attempting to attack large corporate networks and steal data, before encrypting their files for profit.
Security researchers think that although the gang is relatively new, the malware isn't new. They believe it was simply rebranded because of its striking similarities with Rook ransomware.
Hackers are not afraid to rebrand. In an effort to continue evading law enforcement, many groups do this periodically. The jury is still out at this point. We aren't able to prove whether Pandora is a new gang, or an older one that has been rebranded.
Whatever the reason, they have seen great success with their data breaches. They are believed to have accumulated more than 1.4TB. This data includes technical schematics and purchase orders. It's only a matter time before the group strikes once again.
Data breaches are a threat to any business regardless of the size. Now is the time to call a security specialist like Integrated Technology Systems to keep your data secure.
Integrated Technology Systems
6 East 45th Street, Suite 400
New York, NY 10017
212-750-5420
https://www.itsnyc.com/
