Thank you for your reading and interest in the news In a month, sabotage emails rise 10 times and now with full details
Aden – Yasmine Abdullah Al-Tohamy – Sunday 24 April 2022
Follow-Up_Gulf 365
Kaspersky has revealed a significant increase in the activity of an email campaign spreading the Emotet and Qbot malware. The campaign targets businesses and organizations, and the number of malicious emails increased from about 3,000 in February 2022 to nearly 30,000 in March. The campaign is likely related to the increased activity of the Emotet botnet.
Kaspersky experts have found a significant growth in malicious emails targeting companies in different countries in a coordinated campaign aimed at spreading the Qbot and Emotet malware, which belong to the notorious banking Trojans operating within botnets. Spreading them on the network, and installing ransomware or other Trojans on network devices. One of the functions of Qbot is also to access and steal emails.
This campaign lasted for a few months, but its activity rapidly increased from about 3,000 emails in February 2022 to about 30,000 in March. The messages were in English, French, Hungarian, Italian, Norwegian, Polish, Russian, Slovenian and Spanish.
Cybercriminals intercept communications between parties and send to those parties an email containing a file or link that often leads to a known cloud hosting service. The goal of the email is to convince users to either follow the link and download an archived document and open it with a password mentioned in the email, or open an attached file. Attackers usually state that the file contains some important information, such as a commercial offer, to convince users to open or download it.
Kaspersky solutions can detect the archived document in the format HEUR:Trojan.MSOffice.Generic. In most cases, this document downloads and runs the Qbot library, but Kaspersky experts have also noted that some versions of this document download the Emotet malware instead of Qbot.
An email sent as a reply in the course of a correspondence says that the link, which is actually nothing but a malicious link, contains documents that the recipient needs.
Andrei Kovtun, a security expert at Kaspersky, said that imitation of business correspondence is a “common trick” used by cybercriminals, noting that this campaign is “more complex than usual”, as attackers intercept and immerse themselves in an existing conversation, making it difficult to detect such messages. . “While this scheme may resemble corporate email hacking attacks, in which attackers pretend to be colleagues and have conversations with victims, the difference here is that attackers do not target specific individuals, messaging is only a clever way to increase the likelihood that the recipient will open files attached to it,” he added. ».
Kaspersky recommends the following measures to protect against Qbot and Emotet attacks:
• Verify the sender’s address. Most spam comes from email addresses that don’t make sense and look like a random bunch of letters and numbers. You can hover over the sender’s name, which may be misspelled, to help see the full email address. If the address is unsure, it can be placed in a search engine for verification.
• Be wary of a message that creates a sense of urgency; Email senders often try to put pressure on the recipient of the message by creating a sense of urgency. For example, the subject line might contain words such as “urgent” or “immediate action required” to pressure the recipient into reacting to the message.
• Provide employees with basic safety training in digital security, and simulating a phishing attack helps ensure that employees are able to distinguish scam emails from genuine messages.
• Use a security solution for endpoints and email servers, such as Kaspersky Endpoint Security for Business, with anti-phishing capabilities, to reduce the chance of phishing emails getting infected.
• Install a reliable security solution such as Kaspersky Secure Mail Gateway, which automatically filters unwanted messages.