The criminals react quickly
This happened atDiebold Nixdorf a service provider and manufacturer of IT systems for banks and retail companies, ATMs and POS systems, which fell victim toQakBotand ProLockin April 2020.
The reaction speed of the criminals is also particularly impressive : If in the beginning /wpcontentpaths were used, these were – obviously after adjustments to spam filters – last not used anymore. Also with This is also responded quickly and flexiblyto the spam filters’ counter-reaction in terms of file names and types, for example by switching from VBSfiles to Word macros and back again.
How can you protect yourself from QakBot?
As with Emotet, the attacks by QakBot are so perfidious because they refer to previous conversations and authentic-looking answers are written. A comprehensive sensitization of employees is therefore the first step to prevent the success of such attacks and to protect your company.
This is particularly important because the quality of fake Emails is constantly improving and they are becoming more and more homogeneous in existing communication processes. This is the only way to prevent “quick clickers” from infecting entire IT infrastructures with malware or ransomware by opening files in an imprudent manner.
Nevertheless, it is essential to use a powerful Email firewall for the protection against spam and malware that fends off dangers from the outset. NoSpamProxy offers numerous features that protect you from attacks with malware such as QakBot or Emotet.
It doesn’t work without an Email firewall
An example of this is the URL Safeguard, whichallows URLs in incoming Emails to be rewritten or blockedand checks theURL each time it is clicked onby, the user to see if it leads to a malicious target. If the URL is classified as dangerous, access is blocked. Blocked URLs can be released again by the administrator; until then, even the above-mentioned quick-clickers cannot cause any damage.
The reputation filter evaluates the sender’s reputation by checking SPF, DKIM and DMARC entries and rejects ake Emails in the vast majority of cases – o matter how well the e-mail is done visually and in terms of content.
The content filter in NoSpamProxy in turn offers the option of blocking certain file types such as executable filesor Word documents with macros, converting all Word, Excel and PDF files into harmless PDFs using Content Disarmand Reconstruction (CDR) or rejecting the entire e-mail.
Reliable protection against QakBot – with NoSpamProxy
With NoSpamProxy you can reliably protect your company from QakBot, Emotet and other malware. Additional functions for email encryption ensure that your entire Email communication is completely secure. Request your trial now!