In a recent report released by Microsoft, the company has commented about two elements of a new email infrastructure that has been used to send over a million malware-laden emails. The emergence of this infrastructure dates back to March and April 2020.
The infrastructure has been used to deliver commodity malware such as Makop and Mondfoxia along with persistent malware including Trickbot, Dofoil, Emotet, Dopplepaymer, and Dridex etc. Financial services, wholesale distribution and healthcare sector of Australia, USA, and U.K have been the major victims of this infrastructure. The infrastructure has been used to mainly attack corporate email accounts, while consumer accounts were an exception.
In the past few months, several attack campaigns have been observed leveraging email infrastructure for targeting potential victims. This infrastructure has been used as dynamic domain-name generation for email which indicates the efficiency and advancement of cybercriminals in order to improve their email-based attack tactics. Analysis shows that attackers are constantly using emails with malicious links or attachments to gain initial access to systems. Hence security experts have advised the reputed organizations and enterprises to improve the email-based security across the networks.
