In the “Do the following” section, select “Reject the message with the following explanation” and type in a message explaining that OneNote attachments are not allowed in your organization.In the file extension box, type “.one” (without quotes) and click the “+” button to add it.In the “Apply this rule if” section, select “The attachment file name extension is.”.Give the rule a descriptive name, such as “Block OneNote attachments.”.
Click the Add (+) icon and select “Create a new transport rule.”.Log in to the Microsoft 365 admin center.To block emails with OneNote attachments in Office 365, the following steps can be taken using Exchange Online Protection (EOP): Ensure detection software, like the ShadowSpear Platform, is installed on all endpoints as it prevents successful infection.įurthermore, it is important to note: DO NOT CLICK “OK” as this will execute the malware.As OneNote files are not frequently sent through email, consider blocking incoming OneNote files on the firewall.Educate users on the dangers of phishing, specifically this QakNote campaign.
To reduce the risk of infection from this campaign, the following measures can be taken:
If the following screen pops up on your device, do not click ‘open’ and immediately contact your IT team. QBot is a type of malware that is often used to gain initial access and then leveraged for persistent and elevation purposes. When interacted with by the user, the malicious OneNote file attempts to download and run the QBot malware. This campaign has been discovered to use Microsoft OneNote files to spread QBot malware, targeting numerous United States-based companies. SpearTip’s Security Operations Center (SOC) team detected a new phishing campaign named QakNote.
0 kommentar(er)
