We will be happy to advise you!

Hotline:
+49 (0) 40 38 90 710

E-mail:
info@secion.de

Contact form

QakBot malware: Warning of increasing attacks

by

Reading time: minutes ( words)
Warning of rising attacks with QakBot malware

Acutely increasing number of attacks by "QakBot" registered

Within the last three days, there has been a very strong accumulation of successful compromises by the "QakBot" malware (also known as "QBot" and "QuackBot") worldwide.

QakBot spreads mainly via targeted spear phishing attacks, where the recipient is asked in an urgent tone to open an attached malicious ISO file (which in turn contains an LNK file and the QakBot payload).

This banking Trojan gives criminals access to online banking accounts, allows leaking user data and reloads malware. The activities are attributed to the threat actors behind the Black Basta ransomware. We have also already actively detected the malware as part of our ACD monitoring. As a preventive measure, which we have already implemented and verified as effective for affected customers, we strongly recommend the following Group Policy Object (GPO) adjustments.

Recommended action

To prevent all image files from being opened and mounted for all devices on the network, we recommend that system administrators make a global change to the Group Policy Objects (GPO). Attached is a screenshot documenting the setting change.

Please set exactly the following value: SCSI\CdRomMsft____Virtual_DVD-ROM_ and additionally a check mark at: "Also apply to matching devices that are already installed".

From our point of view, users should not be able to mount ISO files this way.

Allgeier secion customers with an active Managed Service contract for Active Cyber Defense are of course informed separately about malicious communications on their systems.

Need help upgrading your IT security for 2022? Contact us!

By clicking on the "Submit" button, you confirm that you have read our privacy policy. You give your consent to the use of your personal data for the purpose of contacting you by Allgeier secion, Zweigniederlassung der Allgeier CyRis GmbH.

* Mandatory field

Go back

Related articles

New ransomware trend: Why criminals increasingly rely on intermittent encryption

Intermittent encryption: the new ransomware trend

Cybercriminals are true masters at constantly adapting their attack mechanisms to effective IT security measures. New tools and iterative changes to existing malware are used to mercilessly exploit security vulnerabilities. Among the numerous threats, ransomware stands out as one of the biggest. More and more companies have to face extortion Trojans. A completely new threat called LockFile now relies on intermittent encryption. LockFile not only encrypts much faster than previous ransomware, but also bypasses security solutions that work reliably. This article shows why criminals are increasingly relying on intermittent encryption and how companies should react to the new threat.

secion's assessment of the security threats to companies following the outbreak of the war in Ukraine

How the Ukraine war affects corporate IT security

Due to the war in Ukraine, secion provides an assessment of the threat situation for companies and examines the question of whether increased Russian attacks on companies in Germany, Austria and Switzerland can be identified. There is currently no evidence of an acute increase in the threat posed by Russian state actors in Western Europe, but there is increased public awareness of these cyberattacks. In addition, "third-party actors" are creating a new dynamic.