The Indiana Department of Revenue ( DOR ) and the Internal Revenue Service ( IRS ) are warning folks of fraudulent emails impersonating Attack.Phishing either revenue agency and encouraging individuals to open files corrupted with malware . These scam emails use tax transcripts as bait Attack.Phishing to entice Attack.Phishing users to open the attachments . The scam is particularly problematic for businesses or government agencies whose employees open the malware infected attachments , putting the entire network at risk . This software is complex and may take several months to remove . This well-known malware , known as Emotet , generally poses as Attack.Phishing specific banks or financial institutions to trick Attack.Phishing individuals into opening infected documents . It has been described as one of the most costly and destructive malware to date . Emotet is known to constantly evolve , and in the past few weeks has masqueraded as Attack.Phishing the IRS , pretending to be Attack.Phishing “ IRS Online. ” The scam email includes an attachment labeled Attack.Phishing “ Tax Account Transcript ” or something similar , with the subject line often including “ tax transcript. ” Both DOR and IRS have several tips to help individuals and businesses not fall prey to email scams : Remember , DOR and the IRS do not contact customers via email to share sensitive documents such as a tax transcript . Use security software to protect against malware and viruses , and be sure it ’ s up-to-date . Never open emails , attachments or click on links when you ’ re not sure of the source . If an individual is using a personal computer and receives Attack.Phishing an email claiming to be Attack.Phishing the IRS , it is recommended to delete or forward the email to phishing @ irs.gov orto investigations @ dor.in.gov Business receiving these emails should also be sure to contact the company ’ s technology professionals .

A wave of cyberattacks is targeting organisations ' financial departments with a social engineering and phishing campaign Attack.Phishing designed to trick Attack.Phishing victims into downloading credential-stealing malware and other threats . Detailed by researchers at Barracuda Networks , the invoice impersonation attacks aim to persuade Attack.Phishing the victim that the messages are from trusted sources , or to act on impulse -- planting the idea that the target has lost money is a common tactic in phishing emails , as it creates panic for the user . The victim thinks they are reacting to an important request when all they 're doing is playing right into the hands of the attackers . A new wave of these attacks Attack.Phishing involves attackers sending Attack.Phishing status updates for invoices -- but these do n't just involve threat actors firing off millions of messages at random and hoping for the best ; they 're specially crafting the attacks Attack.Phishing to look authentic and crucially , from someone the target might trust . In one example of this attack Attack.Phishing , the target receives Attack.Phishing an email asking for a reply to a query about the payment status of an invoice . A legitimate-looking invoice number is provided in the subject line and the sender 's name is chosen to be Attack.Phishing someone the recipient knows . Mimicking Attack.Phishing someone the victim knows suggests the attackers are already familiar with the target and their network -- this information could simply have been scraped from a public profile such as LinkedIn or it could indicate that the attackers already have a foothold in the network which they 're looking to exploit for further gains . The message might look legitimate at first glance -- especially for someone quickly scanning emails in a high-paced financial environment -- but the invitation to click on a link to respond to the supposed status should be treated with suspicion . But if a recipient does click through , the link will download a Word document supposedly containing the invoice -- which then goes onto install malware onto the system . It could be subtle , like a trojan or the victim could recognise their error immediately if faced with ransomware . The attackers are n't just using a single template in the campaign , researchers have spotted other lures used in an effort to distribute a malicious payload . A second invoice impersonation attack uses the subject 'My current address update ' and claims to contain Attack.Phishing information from a trusted contact about a change of address , along with details of a new invoice . Once again , the victim is encouraged Attack.Phishing to click through a link to download the document from a malicious host with the end result again being an infection with malware , credential theft or a compromised account . The attacks might seem simple , but those behind them would n't be deploying them if they did n't work . `` Impersonation is a proven tactic that criminals are regularly using to attract Attack.Phishing victims into believing that they are acting on an important message , when that could n't be further from the truth , '' said Lior Gavish , VP at Barracuda Networks . When it comes to protection against this type of attack , employee training can go a long way , especially if they 're provided with a sandbox environment .

Ransomware authors are nothing if not persistent . They continue to try new evasion techniques , new programming languages , new naming conventions , and even more forceful demand Attack.Ransom tactics to pressure victims into paying Attack.Ransom . One new technique involves packaging ransomware in RarSFX executable files . Last week we talked about a multi-component variant of Cerber ( detected as RANSOM_CERBER ) found packaged in a SFX file , a feature that helps it evade machine learning . This week , we saw CrptXXX ( detected by Trend Micro as RANSOM_CRPTX.A ) also in a SFX package—most likely for the same reason . This particular ransomware can not execute fully without the correct parameters and other components inside its package . If CrptXXX successfully infects a system , the victim receives Attack.Ransom a relatively straightforward ransom note . They are instructed to go to a specific .onion site and input their unique ID , then follow the payment instructions . French Locker ( detected by Trend Micro as RANSOM_LELEOCK.A ) is a typical ransomware made by developers who want to get paid quickly . This ransomware displays a 10 minute timer and deletes one of the victim 's encrypted files for every 10 minutes that passes . It arrives through malicious sites or is dropped by other malware , and victims can choose between English or a French version . Initially , the ransomware will install an autostart registry for its dropped copy , which triggers its encryption routine once the machine reboots . Encrypted files are appended with the .lelele extension . SAMSAM has been updated with a new variant ( detected by Trend Micro as RANSOM_SAMAS.I ) .The previous version made waves in 2016 after it targeted vulnerable hospital servers . Traditionally , ransomware spreads through social engineering , malvertisments , or spam—SAMSAM set itself apart when it targeted the network infrastructure of certain healthcare facilities . The threat actors behind this ransomware gain access to the administrative rights of a network and pinpoint specific target hosts . They deploy to a sizeable portion of the victim ’ s network , causing essential systems and services to shut down , leaving the target facility little choice but to pay the ransom Attack.Ransom . This is one of the latest variants of SAMSAM , though this ransomware family constantly changes its behavior when its threat indicators or IOCs are made public . The first ransomware to be written in Google ’ s Go programming language was detected late last year , and now we have another to add to the list . Apart from the programming language used , BrainCrypt ( detected by Trend Micro as RANSOM_BRAINCRYPT ) is a relatively standard ransomware . There are no specific details in the ransom note , just simple instructions explaining the situation and telling the victim to email the threat actors . The continuing evolution of ransomware shows how cybercriminals quick to adopt the latest technology and techniques to make their malware more effective . Because of this , all users should stay vigilant and updated on the latest threat developments .

A new phishing campaign Attack.Phishing is using a fake iTunes receipt for movie purchases to compromise Apple users ' sensitive information . Fortinet researchers first spotted the phishing campaign Attack.Phishing over the weekend of 17 February . The attack Attack.Phishing begins when an Apple user receives Attack.Phishing a receipt that appears to have come from iTunes . In actuality , an email address based in Norway sent the message . The receipt lists purchases for a series of movies . These films ( which include `` Allied '' , `` Arrival '' , and `` Jack Reacher : Never Go Back '' ) debuted in theaters recently , which makes the ruse relevant and consequently more believable . This email is n't the first time phishers ( or smishers , for that matter ) have targeted Apple users . Users in the United Kingdom , Australia , and the United States have witnessed similar attacks over the past few years . This particular campaign targets Canadian users and seems to have improved upon earlier iterations of the scam . Of course , most users who receive the receipt will wonder why they 've been charged so much money for something they have n't purchased . Their attention will subsequently go to the link at the bottom of the email that claims they can obtain a full refund . But clicking on the link does n't help them in the slightest . As explained by Fortinet 's researchers : `` At the bottom of the receipt , there ’ s a link to request a “ full refund ” in case of an unauthorized transaction . Apple has no need for a user 's Social insurance number , which Canadians need to work for or to access government services , or their mother 's maiden name . But the phishers want their targets to overlook that fact and enter their details . Indeed , doing so would help the attackers assume control of their victim 's credit card and other financial information . This campaign , like so many others , demonstrates the importance of carefully reviewing suspicious emails . Users should look at the sending email address to see if it 's legitimate . If they come across an invoice or receipt for a credit card purchase , they should check their account history for such a transaction . If they do n't find anything , that means scammers are just trying to scare them into handing over their payment card details . Additionally , users might consider setting up transaction notifications on their payment cards . That way , if they have n't received an alert of a transaction , they 'll immediately know that an invoice such as the one above is a fake

More than 1,500 companies in over 100 countries have suffered an infection at the hands of the Adwind Remote Access Tool ( RAT ) . Discovered by researchers at Kaspersky Lab , this new attack campaign suggests that Adwind , a multifunctional backdoor which has targeted more than 450,000 individual users ( including Mac lovers ) since 2013 , has developed a taste for business victims . The Adwind malware ( also known as AlienSpy , Frutas , Unrecom , Sockrat and jRAT ) appears particularly drawn to retail and distribution , with approximately one-fifth of this operation 's victims falling under that category . It 's also preyed upon organizations in the architecture , shipping , construction , insurance , and legal sectors . An attack Attack.Phishing begins when a business receives Attack.Phishing an email from what appears Attack.Phishing to be HSBC , one of the largest banking and finance organizations in the world . The email originates from the mail.hsbcnet.hsbc.com domain that 's been active since 2013 . Its message says the corresponding attachment contains payment advice for the recipient . As Kaspersky explains in an alert : `` Instead of instructions , the attachments contain the malware sample . If the targeted user opens the attached ZIP file , which has a JAR file in it , the malware self-installs and attempts to communicate with its command and control server . The malware allows the attacker to gain almost complete control over the compromised device and steal Attack.Databreach confidential information from the infected computer . '' ( Just to be clear - opening the ZIP file itself does n't cause any harm , but opening the JAR file contained within the ZIP archive can infect computers ) Upon establishing a connection , attackers can use Adwind to steal Attack.Databreach confidential information from the infected computer . This includes critical data relating to the business . Organizations based in Malaysia have suffered the brunt of this attack campaign thus far . But entities in the United Kingdom , Germany , Lebanon , and elsewhere are not far behind . Given Adwind 's evolution ( as well as its commercial availability on underground marketplaces and other dark web forums ) , organizations should restrict their use of Java ( on which the malware is based ) to a select few applications that absolutely require this software in order to function properly . If possible , companies should take their security one step further and try to isolate these applications from their other endpoints