Qakbot Malware Taken Down

Uploaded on 2023-09-08 in GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The FBI and the us Justice Department haveannounced a multinational operation to disrupt and dismantle the malware and botnet known as Qakbot. 

The action, which took place in the US, France, Germany, the Netherlands, Romania, Latvia, and the United Kingdom, represents one of the largest US-led disruptions of a botnet infrastructure used by cyber criminals to commit ransomware, financial fraud, and other cyber-enabled criminal activity.   

Qakbot which is sometimes referred to as Qbot, is multinational hacking and ransomware operation, affecting 700,000 computers around the world, including financial institutions, government contractors and medical device manufacturers. 

Once infected, the victims’ computer became part of Qakbot’s larger botnet operation, infecting even more victims. In operation since 2008 by Eastern European cyber criminals, Qakbot is the most commonly detected malware, with 11% of corporate networks affected worldwide. 

Qakbot is a multi-purpose malware, akin to a Swiss Army knife, that allows cybercriminals to directly steal data (credentials to financial accounts, payment cards, etc) from PCs, while also serving as an initial access platform to infect victims’ networks with additional malware and ransomware. 

Qakbot is mostly distributed by phishing emails and is highly adaptive and flexible, allowing it to bypass security measures. It uses file types including OneNote, PDF , HTML, ZIP, LNK and more to infect machines. Here are some relevant statistics compiled by Check Point Research: 

  • Since March 2023, Check Point Research has observed a decrease in Qbot attacks worldwide and in the US.
  • In the US, the percentage of impacted organisations by Qbot decreased by 62% in August compared to March. In August, the number of impacted organisations by Qbot reached 2.1% while globally it impacted 4.9% of organisations; a 52% decrease compared to March. 
  • The most impacted Region by Qbot is Latin America, with 22.3% impacted organisations during 2023, followed by Africa with 22.2% impacted organisations and APAC with 12%
  • The Education and Research sectors have suffered the most in 2023 from Qbot attacks, with 23% impacted organisations. Followed by Government/Military with 18% impacted organisations and Healthcare with 14%.

“We have been tracking Qakbot for a while and this takedown operation is an important step in disrupting a major cyber crime operation. We applaud the FBI and its partners and will continue to monitor the long term impact with cyber criminals" according to Sergey Shykevich, Threat Intelligence Manager at Check Point Research:

It remains to be seen whether it was a decisive takedown or whether the operators will bounce back, and it remains vital to maintain phishing awareness, keep up-to-date with security patches and use effective anti-ransomware solutions.

FBI        CheckPoint:       CISA:                                            Image: Pavel Murarev        

You Might Also Read: 

2023’s Most Wanted Malware:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Can Shortening The Cyber Stack Increase Stability?
Poland’s Train Network Disrupted »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Herjavec Group

Herjavec Group

Herjavec Group's Managed Security Services practice defends your organization from increasingly sophisticated, targeted cybercrime threats.

Assured Enterprises

Assured Enterprises

Assured Enterprises provides comprehensive cyber risk identification, management and mitigation across all platforms.

Cygilant

Cygilant

Cygilant is a SOC2 certified service provider that combines MSSP and Incident Detection and Response (IDR) capabilities managed by global SOCs staffed with trained security engineers.

Security & Intelligence Agency (SOA) - Croatia

Security & Intelligence Agency (SOA) - Croatia

SOA is the Croatian security and intelligence service. Areas of activity include Cyber Security and Information Security.

US Venture Partners (USVP)

US Venture Partners (USVP)

USVP is a leading Silicon Valley venture capital firm focusing on early-stage start-ups that transform cybersecurity, enterprise software, consumer mobile and e-commerce, and healthcare.

Cloudsine

Cloudsine

Cloudsine (formerly Banff Cyber Technologies) is a cloud technology company specializing in cloud adoption, security and innovation.

Echosec Systems

Echosec Systems

Echosec Systems is a data discovery company delivering social media and dark web threat intelligence. Our web based security software delivers critical information for situational awareness.

White Hawk Software

White Hawk Software

White Hawk provides code tamper-proofing solutions to protect mission critical software applications from malicious and Zero day attacks and reverse engineering at run time.

Secureframe

Secureframe

Companies from startups to enterprises use Secureframe to automate SOC 2 and ISO 27001 compliance, complete audits, and continuously monitor their security.

World Cyber Security Summit

World Cyber Security Summit

World Cyber Security Summit, by Trescon, is a thought-leadership driven platform for CISOs who are looking to explore new-age threats and the technologies/strategies that can help mitigate them.

Intaso

Intaso

Intaso are a boutique head hunting and talent solution firm with specialist Cyber and Information Security expertise.

Software Improvement Group (SIG)

Software Improvement Group (SIG)

Software Improvement Group helps business and technology leaders drive their organizational objectives by fundamentally improving the health and security of their software applications.

DartPoints

DartPoints

DartPoints helps bridge the digital divide by delivering cloud, colocation, managed services + edge infrastructure.

Mayer Brown

Mayer Brown

Mayer Brown is a global law firm. We have deep experience in high-stakes litigation and complex transactions across industry sectors including the global financial services industry.

CXI Solutions

CXI Solutions

CXI Solutions: Your trusted partner in cybersecurity. We offer a full range of cybersecurity solutions to protect your business from digital attacks and virtual threats.

Intelidata Techedge Pvt. Ltd.

Intelidata Techedge Pvt. Ltd.

Intelidata are a Global Cyber Security Consultancy and Services firm that helps companies drive growth by minimizing risk and maximizing potential.