Qakbot Malware Taken Down

Uploaded on 2023-09-08 in GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The FBI and the us Justice Department haveannounced a multinational operation to disrupt and dismantle the malware and botnet known as Qakbot. 

The action, which took place in the US, France, Germany, the Netherlands, Romania, Latvia, and the United Kingdom, represents one of the largest US-led disruptions of a botnet infrastructure used by cyber criminals to commit ransomware, financial fraud, and other cyber-enabled criminal activity.   

Qakbot which is sometimes referred to as Qbot, is multinational hacking and ransomware operation, affecting 700,000 computers around the world, including financial institutions, government contractors and medical device manufacturers. 

Once infected, the victims’ computer became part of Qakbot’s larger botnet operation, infecting even more victims. In operation since 2008 by Eastern European cyber criminals, Qakbot is the most commonly detected malware, with 11% of corporate networks affected worldwide. 

Qakbot is a multi-purpose malware, akin to a Swiss Army knife, that allows cybercriminals to directly steal data (credentials to financial accounts, payment cards, etc) from PCs, while also serving as an initial access platform to infect victims’ networks with additional malware and ransomware. 

Qakbot is mostly distributed by phishing emails and is highly adaptive and flexible, allowing it to bypass security measures. It uses file types including OneNote, PDF , HTML, ZIP, LNK and more to infect machines. Here are some relevant statistics compiled by Check Point Research: 

  • Since March 2023, Check Point Research has observed a decrease in Qbot attacks worldwide and in the US.
  • In the US, the percentage of impacted organisations by Qbot decreased by 62% in August compared to March. In August, the number of impacted organisations by Qbot reached 2.1% while globally it impacted 4.9% of organisations; a 52% decrease compared to March. 
  • The most impacted Region by Qbot is Latin America, with 22.3% impacted organisations during 2023, followed by Africa with 22.2% impacted organisations and APAC with 12%
  • The Education and Research sectors have suffered the most in 2023 from Qbot attacks, with 23% impacted organisations. Followed by Government/Military with 18% impacted organisations and Healthcare with 14%.

“We have been tracking Qakbot for a while and this takedown operation is an important step in disrupting a major cyber crime operation. We applaud the FBI and its partners and will continue to monitor the long term impact with cyber criminals" according to Sergey Shykevich, Threat Intelligence Manager at Check Point Research:

It remains to be seen whether it was a decisive takedown or whether the operators will bounce back, and it remains vital to maintain phishing awareness, keep up-to-date with security patches and use effective anti-ransomware solutions.

FBI        CheckPoint:       CISA:                                            Image: Pavel Murarev        

You Might Also Read: 

2023’s Most Wanted Malware:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Can Shortening The Cyber Stack Increase Stability?
Poland’s Train Network Disrupted »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Octopus Cybercrime Community

Octopus Cybercrime Community

The Octopus Community is a platform for information sharing and cooperation on cybercrime and electronic evidence.

International Association of Professional Security Consultants (IAPSC)

International Association of Professional Security Consultants (IAPSC)

Members of the IAPSC represent a unique group of respected, ethical and competent security consultants.

Advantech

Advantech

Advantech is a leader in providing trusted innovative embedded and automation products and solutions. Activities include IoT security.

Syhunt Security

Syhunt Security

Syhunt is a leading player in the web application security field, delivering its assessment tools to a range of organizations across the globe.

Spherical Defense

Spherical Defense

Spherical Defense offers an alternative approach to WAFs and first generation API security tools.

Salt Security

Salt Security

Salt Security protects the APIs that are the core of every SaaS, web, mobile, microservices and IoT application.

MicroEJ

MicroEJ

MicroEJ is a software vendor of cost-driven solutions for embedded and IoT devices.

QI ANXIN Technology Group

QI ANXIN Technology Group

QI ANXIN specializes in serving the cybersecurity market by offering next generation enterprise-class cybersecurity products and services to government and businesses.

Action1

Action1

Action1 is a Cloud-based lightweight endpoint security platform that discovers all of your endpoints in seconds and allows you to retrieve live security information from the entire network.

Guardian Digital

Guardian Digital

Guardian Digital makes email safe for business. Threat-ready business email protection. Fully supported.

Cyber Lockout

Cyber Lockout

Comprehensive ransomware insurance and preventative cybersecurity technology solution, working together to help protect businesses 24/7/365.

Veriti

Veriti

Veriti is a unified security posture management platform that integrates with your security solutions and proactively identifies and remediates potential risks and misconfigurations.

CyberXposure

CyberXposure

CyberXposure has been built by a team comprising of Cyber Security Professionals and SAAS experts in data backup, disaster recovery and cyber-security.

DV Cyber Security

DV Cyber Security

DV Cyber (formerly A76) is an innovative cyber security company vertically focused on Threat Intelligence and Cyber Security Research.

DHCO IT

DHCO IT

The DHCO IT team are experts in IT support, cyber security, cloud support and disaster recovery, and are Microsoft 365 partners.

Hummingbird International

Hummingbird International

Hummingbird International, LLC offers services for the collection, audit, computer recycling and safe disposal of laptops, monitor/LCD, hard drives, and IT disposal.