Email Phishing Soars: Report, Google: Ukraine Phished, QBot Email Malware – Cybersecurity News

Emails are the top mode of corporate communication often targeted by threat actors and cybercriminals. Here are the latest email security news and updates for April 2023. 

Phishing Attacks Soar by 569%, According to the State of Email Security Report

Cofense released its latest email security report shedding light on the alarming increase in phishing attacks.

The 2023 Annual State of Email Security Report highlighted that phishing attacks experienced a 569% surge in the past year. The statistic came as a result of data received from 35 million individuals worldwide. The report also shared that malware is becoming more common in phishing attacks, with Emotet and QakBot becoming the top malware reported in phishing emails.

Image sourced from cybercrimeinfocenter.org

The Vice President and CISO (Chief Information Security Officer) at Cofense, Tonia Dudley, commented that there is a significant spike in nation-state cyber attacks, saying, “The increase in nation-state attacks and major incidents overall continues to apply pressure to drive visibility of an organization’s security program by boards, corporate executives and cyber insurers.”

Phishing is one of the most common cyberattacks, which is becoming easier to conduct with AI technology and ChatGPT. You should stay vigilant and follow the latest developments to keep safe. 

Russian Phishing Attacks: Ukraine Bears Brunt of 60% Targeting in 2023, says Google

Google’s TAG (Threat Analysis Group) has reported that Ukraine was the victim of nearly 60% of Russian phishing attacks, making the country the prime target of Russia. 

TAG has been monitoring and disrupting the malicious activities of Russian state-backed actors trying to collect intelligence, disrupt operations, and leak sensitive data. Google’s TAG listed three Russian and Belarusian threat actors being most prominent against Ukraine, including: 

• Sandworm, which has been focusing attacks on the European energy sector since November 2022.

• APT28, which is utilizing mass phishing campaigns targeting Ukrainian citizens luring victims to fake government websites.

• And Pushcha, a threat actor group that uses webmail providers to steal login credentials via phony websites. 

Google also reported that TAG has been observing and taking down IRA-linked accounts on YouTube, and all Gmail and Workspace users will keep receiving alerts about all malicious communications. 

QBot Email Attacks Employ PDF and WSF Combo to Install Malware, Warns Report

The QBot malware is being distributed via phishing emails employing PDFs and WSF (Windows Script Files) to infect Windows PCs. 

QBot is a banking trojan-turned-malware that provides threat actors access to corporate networks and allows them to drop additional malware or ransomware payloads like Cobalt Strike and Brute Ratel. The threat actors use QBot to move laterally through networks, making away with sensitive information and deploying ransomware for extortion.

Threat actors distribute QBot via reply-chain phishing emails with attached PDFs that download ZIP files containing WSFs. The WEF executes a PowerShell script to download a DLL (Dynamic Link Library) that downloads the malware on the victim’s system. 

The QBot malware is a significant threat capable of taking down entire networks, so organizations and individuals should be on their guard. 

Microsoft Reveals Plans to Introduce DMARC Aggregate and Policy Handling Updates in 2023

Microsoft has implemented many of DMARC’s (Domain-based Message Authentication, Reporting, and Conformance) products and services for several years and encourages other organizations to do the same to address email security needs. 

Microsoft recently announced that it would roll out a DMARC aggregate and policy handling features to highlight the organization’s commitment to email security. With the new policy, Microsoft will go with a cautious approach and quarantine all emails that fail DMARC authentication, even if the sender is using the reject policy. Microsoft has adopted this approach to reduce the risk of false positives so Microsoft users can review all emails and check whether they are authentic. 

Rejecting emails failing DMARC authentication is essential to fight email fraud and phishing attacks. However, the latest approach will provide protection and allow users to reduce false positives so no critical emails are rejected. 

US Financial Firms Targeted with Tax-Themed Phishing Emails

GuLoader, a novel malware, targets the US financial sector with specially crafted phishing emails with tax themes. 

Security researchers at eSentire analyzed the malware and highlighted that the malware contains multiple shellcode stages and has advanced anti-analysis techniques. The attack starts with a phishing email with links to Adobe Acrobat files that are disguised as PDFs. These PDFs download payloads from the Internet, load them into the system, and achieve persistence.

The threat actors employ tax-themed phishing emails that impersonate legitimate tax authorities like the IRS (Internal Revenue Service), creating a sense of urgency using messages about tax refunds or payments. 

Once the malware is installed, the threat actors gain access to the system and user data. If you get a similar email, best double check on authentic websites or the agency contact mentioned on genuine sites.