“Oh, they’re busy. I’ll wait to cyberattack them until after tax season,” said no hacker ever.
Hacking runs rampant every tax season. But this busy season was one for the books. Get the gist of what happened this past month in our accounting news recap. (And get a few tips about how to protect yourself from looming threats.)
‘Tactical Octopus’ Spreads Malware with Phishing Scams
therecord.media | April 2, 2023: A group known as TACTICAL#OCTOPUS has its tentacles in tax season.
Just a few weeks back, cybersecurity experts at Securonix noted that they had been tracking the group for weeks. Posing as valid employees, the group of hackers has been sending tax-related emails containing password-protected .zip files to unsuspecting users.
And because these unsuspecting users expect to receive emails during tax season—emails that contain tax document attachments—they open them. Once opened, malware is installed on the victim’s device and the hackers have access to their system.
Securonix notes that the hackers have been using tools to capture clipboard data and track keystrokes.
IRS commissioner Danny Werfel reminds us all to be extra vigilant when opening attachments this season (and I’ll add: all the time).
“Email and text scams are relentless, and scammers frequently use tax season as a way of tricking people…With people anxious to receive the latest information about a refund or other tax issue, scammers will regularly pose as the IRS, a state tax agency, or others in the tax and accounting space through emails and texts. People should be incredibly wary about unexpected messages like this that can be a trap, especially during filing season.” IRS commissioner Danny Werfel
Learn more about this complex scam here.
eFile.com Serves JS Malware
bleepingcomputer.com | April 4, 2023: Hacking is rampant during tax season, in part because hackers know how busy tax preparers are. Firms are concentrating on completing filing while facingin the face of the looming deadline, all the while keeping trying to keep their clients happy.
It’s no surprise, then, that the popular tax preparer software eFile was targeted this year. According to a thread posted on Reddit, eFile was hacked nearly two weeks before the vulnerability went public—at least.
Users noticed a message pop up when they visited various pages of the site. The notice requested the user update their browser to continue working on eFile. Here’s a picture, courtesy of Reddit user SaltyPotter:
What happens after the update is installed? After trying (and failing) to translate the technical jargon of the experts at MalwareHunterTeam and BleepingComputer, here’s the gist of what they said: “It is a backdoor malware that allows the threat actor to remotely access an infected device.”
That’s all we needed to know.
The good-ish news? Some antivirus programs sniffed out the threat and flagged the executables as trojans. (Would your security systems have caught it? Get an overview about how products like Managed Security hunt out threats.)
For bleepingcomputer.com’s extremely thorough and expert column, click here.
Optimal Equipment for Today’s Accounting Firm Tech Stack
rightnetworks.com | April 10, 2023: The headline may sound like it’s for fancy firms. But really, this post is just some advice about the most popular tools and tech we’re seeing today. (In case you’re in the market for an upgrade…or want to make your work life easier and more secure.)
And during Roman’s webinar and companion blog post, he does just that. Expect information about:
- The most popular laptop models and configurations.
- Remote work digital collaboration tools (like webcams and microphones).
- How to prioritize cybersecurity within your tech stack.
- So much more!
To get Roman’s advice, read his blog post or watch him present his findings in this on-demand webinar.
Accounting Firm News: 4 Best Practices for Online Security
rootworks.com | April 13, 2023: Online security: You never don’t need it. In fact, it’s become the center of nearly every job that requires you to be online. You need to stay safe and secure because you need your job. And you don’t want to be the cause of a major cybersecurity event (like the few mentioned above).
Don’t turn from target to victim—there are ways to stay safe.
Start by checking out the recent Rootworks article about how firms and individuals stay safe online. In the article, they dive into detail about the four broad steps to implement at your firm:
- Limit data access to only those employees who need it.
- Tighten practices for password management and user authentication.
- Secure your devices.
- Train your employees to avoid security threats.
Read the article today. (And stay safe out there!)
4 Best Application Security Tools
rightnetworks.com | April 13, 2023: Multifactor authentication. Device security. Employee security. Backup software. You’ve heard it all before—you may have even already read about it in this article—but do you actually practice security? Or are you simply informing yourself and noting it as an “I’ll get to that in the future” task.
Stop delaying. Stop thinking that you’re invulnerable to attacks. You’re not.
Just last year, Sophos’ The State of Ransomware report noted that 66% of organizations were hit with ransomware. (And ransomware is just one type of attack.) That’s 2 out of 3 organizations. It’s not just a matter of “if” anymore—it’s a matter of “when.”. Ensure you’re establishing a secure culture at your business using this blog post as a guide. And if it’s all too much, consider a managed security approach instead.
2023 Readers’ Choice Awards: The Votes Are In
cpapracticeadvisor.com | April 17, 2023: A round of applause for the winners of CPAPA’s 2023 Readers’ Choice Awards!
Now in its 19th year, the awards surveyed more than 5,000 professionals about everything from research and accounting systems to apps for collaboration—even down to printers.
The Readers’ Choice Awards “give professionals the chance to see which technologies and workflow systems their peers are using and trust, which can help them build more efficient and profitable workflows for their own practice.”
Notably, Drake Software cleaned up. (Congratulations, Drake!) There were many stand–outs this year. Get the full list of winners and runners up here.
Accounting News: Coming in May
Be on the lookout for upcoming webinars, new eBooks and more by visiting our resource library. And keep a lookout for next month’s accounting news recap. Expect all the noteworthy news from the accounting and finance profession right here on rightnetworks.com/blog—don’t forget to subscribe today!