Stay one step ahead with this Weekly Cybersecurity Bulletin, keeping you updated on the latest email security news, such as Qakbot Malware, Microsoft 365 Email Security, Air Europa Data breach, and more.
Qakbot Malware Spam Campaigns Persist Despite International Law Enforcement Crackdown
Despite an international law enforcement operation targeting the Qakbot malware, threat actors persist in their malicious activities.
In late August, US and European authorities collaborated to disrupt the infamous Qakbot botnet, also known as Qbot and Pinkslipbot. The operation involved seizing control of Qakbot’s infrastructure, confiscating millions in cryptocurrency, and deploying a utility to remove the malware automatically.
However, Talos detected that the email spamming campaign initiated by adversaries in early August was still active despite the law enforcement operation. These malicious actors use phishing emails to spread Ransom Knight ransomware and the Remcos backdoor.
Talos states that the crackdown likely only affected Qakbot’s Command and Control (C2) servers, leaving its spam delivery infrastructure intact.
Reports indicate that the Qakbot infrastructure is already being reconstructed, with malware operators gearing up to distribute new strains.
Urgent Alert for Air Europa Customers: Data Breach Prompts Credit Card Cancellation Advice
A significant data security incident recently affected Air Europa, Spain’s third-largest airline and a member of the SkyTeam alliance. This breach has urged customers to be vigilant and respond promptly.
Image sourced from embroker.com
An illicit intrusion into bank card records has compelled the airline to issue a cautionary alert to those impacted. This security breach laid bare sensitive data, including card numbers, expiration dates, and the 3-digit CVV codes from payment cards.
Air Europa swiftly strengthened its systems and reported the breach to the authorities, namely AEPD, INCIBE, and financial institutions. The airline has urged patrons to invalidate cards used on their website to thwart potential card imitation and deceit. Customers were also reminded to abstain from divulging personal information or card PINs to unfamiliar callers or email senders and to refrain from clicking on any dubious links regarding card transactions.
Nonetheless, specifics such as the count of affected patrons, the breach occurrence date, and the discovery date have not been disclosed. Air Europa has abstained from issuing any additional statements about the event.
It’s not the first time Air Europa has faced such a challenge. In 2021, the airline was fined €600,000 based on the General Data Protection Regulation (GDPR) of the European Union for inadequate safeguards and late reporting of a data breach affecting nearly 489,000 individuals.
Microsoft 365 Administrators Notified About Recent Google Anti-Spam Regulations
Microsoft 365 users received a cautionary note from Microsoft this week, urging them to authenticate outgoing emails in response to Google’s recent implementation of stricter anti-spam protocols for bulk senders.
The Microsoft Defender for Office 365 team emphasized the significance of email authentication, stating that configuring it for your domain reduces the risk of emails being blocked as spam or rejected by providers like Gmail, Yahoo, AOL, and Outlook.com, especially crucial for large-scale email campaigns.
Non-compliance with these authentication standards for Microsoft 365 email security, which includes using an effective tool like Office 365 spam filter, could potentially lead to emails being rejected or classified as spam.
Microsoft has also advised against using Microsoft 365 for bulk emails, as emails breaching sending limits would either be blocked or directed to specialized high-risk delivery pools by the integrated spam controls in Exchange Online Protection (EOP). Instead, users opting for bulk emailing were encouraged to utilize their on-premises email servers or third-party mass mailing services, ensuring responsible email practices.
This alert was sparked by Google’s announcement of new anti-spam guidelines, effective February 1, 2024. These guidelines mandate senders of over 5,000 daily emails to Gmail users to implement SPF/DKIM and DMARC email authentication.
Snake Keylogger: Uncovering its Theft of Login Credentials, Keystrokes, and Screen Capture Activities
Researchers from Any.run explored the complexities of an advanced keylogging program, “Snake,” adept at acquiring sensitive information such as login credentials, clipboard contents, typed keystrokes, and screenshots.
Snake, alias 404 Keylogger, initially surfaced in November 2020 as a .NET infostealer malware. Operating with the help of FTP, SMTP, and Telegram, it seizes credentials and system details, employing a well-crafted email scam.
One such email, originating purportedly from a Bolivian brokerage, lures recipients with a familiar Customs Clearing Agency and BMW logo. Once opened, the email prompts users to download an attachment, concealing the sinister ‘pago 4094.exe‘ file adorned with a Yahoo! Buzz icon. This file, though seemingly innocuous, stealthily infiltrates systems. Once executed, it silently collects sensitive data, remaining undetected, a testament to its insidious design.
Guarding against such threats requires a multi-pronged approach, using solutions such as Zero Trust Security, comprehensive phishing awareness training, robust endpoint protection, and advanced email security tools. Implementing these strategies becomes imperative in safeguarding against the ever-evolving cyber threat landscape.