When you experience a breach, time is crucial. Our 24/7 Security Operations Center responds immediately with precision to eliminate the threat and restore operations.
ShadowSpear® is an unparalleled resource that defends your organizations against advanced cyber threats and attacks 24/7/365.
Your organization has cybersecurity weaknesses and vulnerabilities you don’t yet even know about. They need to be found and found immediately. If you don’t someone else will.
SpearTip’s Security Operations Center (SOC) team detected a new phishing campaign named QakNote. This campaign has been discovered to use Microsoft OneNote files to spread QBot malware, targeting numerous United States-based companies.
When interacted with by the user, the malicious OneNote file attempts to download and run the QBot malware. QBot is a type of malware that is often used to gain initial access and then leveraged for persistent and elevation purposes. If the following screen pops up on your device, do not click ‘open’ and immediately contact your IT team.
To reduce the risk of infection from this campaign, the following measures can be taken:
Furthermore, it is important to note: DO NOT CLICK “OK” as this will execute the malware.
To block emails with OneNote attachments in Office 365, the following steps can be taken using Exchange Online Protection (EOP):
Businesses face significant risk from this phishing campaign as OneNote attachments are typically not intercepted or scanned by email providers, making it easier for attackers to introduce Qbot into your environment. To reduce this risk, it’s advisable for businesses to prevent the sending of OneNote files via email. Moreover, businesses must remain vigilant of this threat and others on the threat landscape, and regularly carry out security awareness training, particularly phishing tests.
If your company is experiencing a breach, call our Security Operations Centers at 833.997.7327 to speak directly with an engineer.
Identify, neutralize, and counter cyberattacks - provide confidence in your security posture
24/7 Breach Response: US/CAN: 833.997.7327
Main Office: 800.236.6550
1714 Deer Tracks Trail, Suite 150
St. Louis, MO 63131
©2024 SpearTip, LLC. All rights reserved.