Last week, the FBI announced that it dismantled the Qakbot (also referred to as Qbot) multinational cyber hacking and ransomware operation, which affected 700.000 computers worldwide – including financial institutions, government contractors and medical device manufacturers.
The malware Qakbot infected victims via spam emails with malicious attachments, links and served as a platform for ransomware operators. By infecting it, the victim's computer became part of Qakbot's larger botnet operation, infecting even more victims.
Η checkpoint research (CPR) δημοσίευσε τα διαθέσιμα στοιχεία της σχετικά με τις QBot's attack methods the 2020.
The Check Point's Mid-Year Security Report for 2023 provides additional details about Qakbot such as:
- Qakbot is the most frequently detected malware, with 11% of corporate networks worldwide affected in 1H23.
- Το Qakbot είναι ένα κακόβουλο λογισμικό πολλαπλών χρήσεων, που μοιάζει με ελβετικό σουγιά. Επιτρέπει στους εγκληματίες του κυβερνοχώρου να κλέβουν άμεσα δεδομένα (διαπιστευτήρια για οικονομικούς λογαριασμούς, κάρτες πληρωμών κ.λπ.) από υπολογιστές, ενώ παράλληλα χρησιμεύει ως πλατφόρμα αρχικής πρόσβασης για τη μόλυνση των δικτύων των θυμάτων με additional κακόβουλο λογισμικό και ransomware.
- Qakbot is primarily distributed via phishing emails and is highly adaptable and flexible, allowing it to bypass security measures. It uses file types such as OneNote, PDF , HTML, ZIP, LNK and more to infect machines
So far, in 2023, the 45% of ransomware attacks were against US-based organizations. Manufacturing, retail and software were the industries that were the biggest targets for ransomware.
Sergey Shykevich, Threat intelligence Manager at Check Point Research said:
We have been monitoring Qakbot for some time and this takedown operation is an important step in stopping a major cyber crime operation.
We applaud the FBI and its partners and we will continue to monitor the long-term impact with cybercriminals. It remains to be seen whether it was a complete takedown or whether the operators will return – and we urge everyone to continue their phishing awareness campaigns, to be updated on patches security and leverage appropriate anti-ransomware solutions.
