SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
IT in Manufacturing
#
Ransomware
#
Africa
Qakbot cyber hacking operation revealed by Check Point and FBI
Thu, 31st Aug 2023
Author image
By Catherine Knowles, Journalist
Follow us

The FBI announced this week that it has dismantled Qakbot’s (also referred to as Qbot) multinational cyber hacking and ransomware operation, impacting 700,000 computers around the world - including financial institutions, government contractors and medical device manufacturers.

The Qakbot malware infected victims via spam emails with malicious attachments, links and served as a platform for ransomware operators. Once infected, the victims’ computer became part of Qakbot’s larger botnet operation, infecting even more victims.

Check Point Research (CPR) published their insight into QBot's attack methods in 2020.

As highlighted by Check Point, operation since 2008 by Eastern European cyber criminals, Qakbot is the most commonly detected malware, with 11% of corporate networks worldwide impacted in 1H’23.

Qakbot is a multipurpose malware, akin to a Swiss Army knife, that allows cyber criminals to directly steal data (credentials to financial accounts, payment cards, etc) from PCs, while also serving as an initial access platform to infect victims’ networks with additional malware and ransomware.

Qakbot is mostly distributed by phishing emails and is highly adaptive and flexible, allowing it to bypass security measures. It uses file types including OneNote, PDF , HTML, ZIP, LNK and more to infect machines.

Here are some statistics drawn by Check Point Research:

  • Since March 2023, Check Point Research has observed a decrease in Qbot attacks worldwide and in the US. In the US, the percentage of impacted organisations by Qbot decreased by 62% in August compared to March.
  • In August, the number of impacted organisations by Qbot reached 2.1% while globally it impacted 4.9% of organisations; a 52% decrease compared to March. Moreover, in the last week, there has been a 30% decrease in the % of impacted organisations by Qbot worldwide.
  • The most impacted Region by Qbot is Latin America, with 22.3% impacted organisations during 2023, followed by Africa with 22.2% impacted organisations and APAC with 12%.
  • The Education/Research industry has suffered the most in 2023 from Qbot attacks, with 23% impacted organisations. Followed by Government/Military with 18% impacted organisations and Healthcare with 14%.
  • So far in 2023, 45% of ransomware attacks were against US-based orgs. Manufacturing, Retail and Software were the most targeted industries by ransomware. 

According to Sergey Shykevich, Threat Intelligence Manager at Check Point Research, “We have been tracking Qakbot for a while and this takedown operation is an important step in disrupting a major cyber crime operation."

"We applaud the FBI and its partners and will continue to monitor the long term impact with cyber criminals. It remains to be seen whether it was a full takedown or whether the operators will be back - and we urge everyone to continue with phishing awareness campaigns, keep up-to-date with security patches and leverage proper anti-ransomware solutions.”

Related stories
BeyondTrust lauded as a leader in Identity Threat Detection
Ransomware activity spikes 20%, hospitals now in crosshairs
Mandiant unveils latest M-Trends 2024 cybersecurity report
'Junk gun' ransomware: New low-cost cyber threat targets SMBs
Healthcare sector's cybersecurity confidence misplaced, warns Kroll report
Top stories
Australian businesses fast-track Microsoft cloud adoption amid cyber threats
Zscaler introduces enhanced ZDX service for improved IT operations
The importance of cybersecurity training for software developers
HID acknowledged as Leader in Gartner Magic Quadrant for Indoor Location Services
Exclusive: How Darktrace is tackling AI-driven cybersecurity