ZOOM Technologies Missing Link in ENTERPRISE NETWORKING

Cybersecurity Blog

Government is warning you about 'dangerous' Income Tax emails

Government is warning you about 'dangerous' Income Tax emails

Government of India’s nodal cybersecurity body, CERT-In, has issued a warning to citizens about a dangerous online campaign involving fake emails appearing to be sent from Indian Income Tax Department. As emails from the Income Tax department are taken seriously by citizens, hackers are trying to take advantage of this by pushing malware disguised as an email from the Income Tax department. Here is everything you need to know about these ‘dangerous’ emails

Government is warning you about 'dangerous' Income Tax emails

These Income Tax emails have subject lines related to IT returns or statements

According to Cert, in order to lure people these fake emails have these subject lines: ‘Important: Income Tax Outstanding Statements A.Y 2017-2018’ or ‘Income Tax statement’.

Government is warning you about 'dangerous' Income Tax emails

These ‘dangerous Income Tax’ emails started circulating around September 12

Government is warning you about 'dangerous' Income Tax emails

The fake income tax emails are usually sent from domain named ‘incometaxindia[.]info’

Government is warning you about 'dangerous' Income Tax emails

Two variants of these fake emails: Attachment with extension ‘.img’ and ‘.pif’ file

CERT-In has found two variants of fake emails. The first variant includes an attachment with extension ".img" which contains a malicious ".pif" file. The second variant lures the users to download a malicious ".pif" file hosted on a Sharepoint page via a link of fraudulent domain incometaxindia[.]info

Government is warning you about 'dangerous' Income Tax emails

Emails are aimed at stealing personal information, warns CERT-In

According to CERT-In, the malicious attachments containing ".pif" files contact a Command and Control server to modify the Windows registry and try to steal user’s personal information.

Government is warning you about 'dangerous' Income Tax emails

The campaign is similar to the "Ave-Maria" malware observed earlier

This campaign is particularly dangerous because it has similarities with the “Ave-Maria” malware which came with DLL hijacking capability that allowed it to get advanced admin access and bypass traditional detection methods. This malware can also secretly download other plugins and malicious content.

Government is warning you about 'dangerous' Income Tax emails

It is highly recommended not to open documents from untrusted emails, also disable running macros in MS Office by default

Government is warning you about 'dangerous' Income Tax emails

CERT-IN is suggesting businesses to do these changes to prevent unauthorised access

CERT-In suggested users to restrict execution of Powershell /WSCRIPT in enterprise environment. Ensure installation and use of the latest version of PowerShell with enhanced logging enabled, script block logging and transcription enabled. Send the associated logs to a centralized log repository for monitoring and analysis. Enforce application whitelisting on all endpoint workstations. This will prevent droppers or unauthorized software from gaining execution on endpoints.Implement application whitelisting/strict implementation of Software Restriction Policies (SRP) to block binaries running from %APPDATA% and %TEMP% paths.

Our Special Offers
Exclusive Premium Packages for Classroom Training Only

MCSE + Linux Package
INR. 5,500 / USD 80
CCNA + CISCO Security
INR. 5,500 / USD 80

Copyright © 1996 - 2019 ZOOM Technologies. All Rights Reserved.