Last week, the FBI announced that it dismantled the Qakbot (also referred to as Qbot) multinational cyber hacking and ransomware operation, which affected 700.000 computers worldwide – including financial institutions, government contractors and medical device manufacturers.
The Qakbot malware infected victims via spam emails with malicious attachments, links and served as a platform for ransomware operators. By infecting it, the victim's computer became part of Qakbot's larger botnet operation, infecting even more victims.
Check Point Research (CPR) has published its available data on the QBot's attack methods the 2020.
The Check Point's Mid-Year Security Report for 2023 provides additional details about Qakbot such as:
- Qakbot is the most frequently detected malware, with 11% of corporate networks worldwide affected in 1H23.
- Qakbot is a multipurpose malware that looks like a Swiss army knife. It allows cybercriminals to directly steal data (credentials for financial accounts, payment cards, etc.) from computers, while also serving as an initial access platform to infect victims' networks with additional malware and ransomware.
- Qakbot is primarily distributed via phishing emails and is highly adaptable and flexible, allowing it to bypass security measures. It uses file types such as OneNote, PDF , HTML, ZIP, LNK and more to infect machines
So far, in 2023, the 45% of ransomware attacks were against US-based organizations. Manufacturing, retail and software were the industries that were the biggest targets for ransomware.
Sergey Shykevich, Threat Intelligence Manager at Check Point Research said:
We have been monitoring Qakbot for some time and this takedown operation is an important step in stopping a major cyber crime operation.
We applaud the FBI and its partners and we will continue to monitor the long-term impact with cybercriminals. It remains to be seen whether it was a complete takedown or whether the operators will return – and we urge everyone to continue their phishing awareness campaigns, to be updated on patches security and leverage appropriate anti-ransomware solutions.