Malicious spam campaigns targeting businesses increase tenfold in a month, spreading Qbot and Emotet malware. Instead of 3.000 emails, 30.000 infected emails were now intercepted. Time to protect yourself.
Kaspersky experts have observed a significant increase in complex spam emails targeting organizations in different countries. The number of these malicious emails increased from around 3000 in February 2022 to around 30.000 in March 2022. So far, malicious emails in English and almost all other European languages have been detected.
This is how cyber criminals infect their victims' devices
Cyber criminals seem to intercept active email correspondence about business matters and send recipients an email with a malicious file or a link to infect their devices with a banking Trojan. Such a scheme makes these messages more difficult to detect and increases the likelihood that the recipient will fall for the trick.
Some of the emails cyber criminals send to recipients contain malicious attachments. Others include a link that leads to a file hosted on a legitimate, popular cloud hosting service. Malware is often contained in an encrypted archive with the password mentioned in the email body. In order to convince users to open the attachment or download the file from the link, the attackers usually indicate that it contains important information, such as a commercial offer.
The experts concluded that these emails are distributed as part of a coordinated campaign aimed at distributing banking Trojans to corporate users.
What malware are the attackers using and how dangerous is it?
In most cases, when the victim opens a malicious document, the Qbot malware is downloaded and executed. In some cases, however, Kaspersky experts were also able to observe the download of Emotet malware. Both malware strains are capable of stealing user data, collecting data on an infected corporate network, spreading further on the network and installing ransomware or other trojans on other network devices. In addition, Qbot can access and steal emails.
Now protect against Qbot and Emotet
To protect against attacks from Qbot and Emotet (or other malware that spreads via email), Kaspersky recommends the following:
- Install a reliable gateway-level security solution — this way, spam and malicious messages are automatically filtered out before end-users even have a chance to make a mistake.
- Educate your team on cybersecurity hygiene — so employees can spot cybercriminal behavior and know, for example, that a password paired with an encrypted archive can only serve one purpose — to fool antimalware technologies.
- Run simulated attacks to ensure your employees know how to distinguish phishing and malicious emails from authentic messages.
- Use a security solution on all endpoints that are connected to the Internet. Should your employees fall victim to an attack under these circumstances, it may be possible to prevent the opening of a malicious file or link.
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/