1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Malicious use of Microsoft OneNote documents on the rise

    From TechnologyDaily@1337:1/100 to All on Thu Feb 2 19:30:03 2023
    Malicious use of Microsoft OneNote documents on the rise

    Date:
    Thu, 02 Feb 2023 19:15:33 +0000

    Description:
    The number of campaigns increased eight-fold in just a month, researchers are saying.

    FULL STORY ======================================================================

    The use of Microsoft OneNote documents to distribute malware to unsuspecting users is picking up pace, cybersecurity researchers from Proofpoint have claimed.

    OneNote is Microsofts digital note-taking app, which comes as part of the Office productivity suite. As such, cybercriminals can assume that most of their victims already have the app installed on their endpoints .

    OneNotes files, called NoteBooks, allow users to add attachments, which can download malware from remote locations. All users need to do is double-click the file, which they can be easily tricked into doing. Recent reports saw hackers distribute blurred NoteBooks with the message double-click to view
    the contents, tricking victims into believing the files contents are being protected. Low detection rates

    In a detailed report published on the company blog earlier this week, Proofpoints researchers said they identified six campaigns in December 2022, using OneNote to deliver the AsyncRAT malware.

    A month later, in January 2023, they discovered more than 50 campaigns. Besides AsyncRAT, the crooks were delivering Redline Stealer, AgentTesla, and DOUBLEBACK. More recently, the threat actor known as TA577 used it to deliver Qbot.

    Proofpoints researchers believe hackers turning to OneNote is in fact the result of extensive research. After experimenting with different attachment types, they settled on OneNote as so far, the detection rates are minimal. Read more

    Microsoft OneNote attachments are being used to spread malware


    What is phishing and how dangerous is it?


    Check out the best firewalls around

    At press time, Proofpoint says that multiple malware samples were not getting detected by antivirus vendors on VirusTotal.

    The best way to protect against these attacks is the same as it always was - educate your employees not to download attachments and click on email links from people they dont know, dont trust, or whose identity cannot be
    confirmed. Also, they should be educated not to ignore warning messages prompted in programs such as Word, Excel, or OneNote. Other than that, having a strong antivirus solution, and a firewall, is welcome.

    Finally, activating multi-factor authentication (MFA) wherever possible greatly reduces the chances of more serious compromise. Here's our take on
    the best ransomware protection services around



    ======================================================================
    Link to news story: https://www.techradar.com/news/malicious-use-of-microsoft-onenote-documents-on -the-rise


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)