As Cyber Awareness month comes to an end, let us remain vigilant against threats holding ourselves and organizations at risk throughout the rest of the year.

Email Security awareness is essential to protecting an organization against email attacks. Training employees to recognize the signs of an attack or phishing email, including the pretexts and techniques currently used, helps reduce the probability that they will click on a malicious link or open a weaponized document.

Learn more about the awareness capability provided by InQuest's Email Security!

InQuest Email Security Assessment

This month we harvested 876 samples from the wild capable of bypassing either Microsoft or Google. Of those, Microsoft missed 342 (39%) and Google missed 761 (87%). The distribution of misses by file kind are depicted below:

InQuire for a free, personalized email security assessment!

Latest InQuest™ Blog Posts

Advanced Qbot Downloader

Posted on 2021-10-19 by Dmitry Melikov

A few days ago, we discovered a wave of phishing emails with an attached document. The fact is that a considerable number of samples had zero detection on the VT service. While several files had no AV detection for some time, we decided to focus on this wave and explore it in more detail.

Email Security: Part 1 - How email works

Posted on 2021-10-27 by Isabelle Quinn

In Part 1 of the Email Security Blog series, we discuss how email works. Read through the process, a description of different mail protocols, and some key terminology. The second part of the series will cover how the InQuest Email Security capability is installed, while the final part will cover the features to include detection or prevention for ransomware, VIP impersonation, phishing, password-protected attachments, invoice fraud, crypto scams, brand impersonation, and other forms of ever-evolving social engineering.

InQuest™ Labs Research Spotlight

CTO

CTO (Call Tree Overviewer) is an IDA plugin for creating a simple and efficiant function call tree graph. It can also summarize function information such as internal function calls, API calls, static linked library function calls, and more.

GC2Sheet

GC2 (Google Command and Control) is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet and exfiltrates data using Google Drive.

malware_lure

A collection of malware lures categorized by family. Categories range from Agenttesla to Ursnif.

Global Security Events

Microsoft: Shrootless bug lets hackers install macOS rootkits

Attackers could use a new macOS vulnerability discovered by Microsoft to bypass System Integrity Protection (SIP) and perform arbitrary operations, elevate privileges to root, and install rootkits on vulnerable devices.

Utilities Face Growing Global Cyber Threat Landscape

The global electric utility sector is facing an increasingly dangerous cyberthreat landscape, even though there hasn’t been a publicly witnessed disruptive attack over the past five years. Utilities worldwide have been strengthening their security against threats to their IT networks but have not paid enough attention to their industrial control systems and operational technology systems.

SQUIRRELWAFFLE Leverages malspam to deliver Qakbot, Cobalt Strike

SQUIRRELWAFFLE provides threat actors with an initial foothold onto systems and their network environments that can then be used to facilitate further compromise or additional malware infections depending on how adversaries choose to attempt to monetize their access. In many cases, these infections are also being used to deliver and infect systems with other malware like Qakbot and Cobalt Strike.

Useful Links

Support

Social

Twitter

GitHub

InQuest™ Insider - Your monthly resource for the latest in cyber security news, trends, tips and tools. Subscribe here.

Unsubscribe here.