By 
After a pause, a malicious campaign targeting organisations with the dangerous Qbot malware is returning. Kaspersky has detected a new wave of activity targeting users all around the world.
According to Kaspersky telemetry, United Arab Emirates and Egypt are among the TOP 10 affected countries globally. Corporate users from the META region (Middle East, Türkiye, Africa) countries account for approximately 20% of all corporate users affected globally.
RELATED: Kaspersky uncovers spam email campaign targeting businesses worldwide
Qbot is a notorious banking Trojan, capable of stealing users’ data and emails from infected corporate networks, spreading further in the network, and installing ransomware or other Trojans on other devices in the network. Cybercriminals allegedly intercept active email conversations on business matters and send the recipients a message containing a link with an archived file with a password to download to infect their devices with a banking trojan.
To convince users to open or download the file, the attackers usually state that it contains some important information, such as a commercial offer. Such a scheme makes these messages harder to detect and increases the chances that the recipient will fall for the trick. Kaspersky have detected more than 400 infected sites spreading Qbot so far.
“Imitating work correspondence is a common trick employed by cybercriminals; however this campaign is more complicated as the attackers use an existing and previously stolen conversation to send a deceptive message as if in continuation of the correspondence. This method increases the chances of the recipient opening the files. Therefore, we advocate that employees should be especially careful now when communicating in business correspondence so as not to accidentally open a malicious file with Qbot,” says Victoria Vlasova, senior security researcher at Kaspersky.
In order to stay safe from attacks by Qbot, Kaspersky recommends the following:
- Installing a reliable security solution on a mail gateway level – it will automatically filter out spam and malicious messages before end-users even have a chance to make a mistake.
- Providing your staff with basic cybersecurity hygiene training – it can teach them to spot cybercriminal behaviour (for example to know that password in the same email with the encrypted archive can serve only one purpose — to deceive antimalware technologies).
- Conducting simulated attacks to ensure that your employees know how to distinguish between phishing and malicious e-mails and genuine ones.
- Using a security solution on every endpoint that is connected to the Internet. In this case if your staff fall victim to an attack, it can prevent a file from opening or a malicious link from working.
