Overview of Recent Qakbot Malware Attacks
Sources confirm a recent increase in Qakbot Malware attacks used for initial access to achieve a foothold in environments. Over the last decade, Qakbot built a name for itself as one of the deadliest trojans in the wild. At first, it originated as a Banking Trojan in 2007. But, Qakbot (also known as QBot, QuackBot, and Pinkslipbot) continues to evolve with new techniques and capabilities.
There are several attack vectors through which QBot infects victims. Phishing emails distribute QBot, and once in a network, it self-propagates and steals sensitive data. It commonly uses remote code execution, which enables threat actors to perform manual attacks to achieve secondary objectives, including scanning the compromised network or injecting ransomware.
How to Protect Against Qakbot Malware
The following table lists the IP addresses and DNS to block to mitigate the Qakbot threat:
Other Mitigations for Qakbot Malware Attacks:
- Disabling the Windows Script host (wscript.exe) if not used by the software on the machine
- Blocking outbound communication to remote port 65400 via the firewall
- Geoblocking via the firewall for outbound connections (which may interfere with software)
Cybersecurity Services to Protect Against Malware
M.A. Polce is an IT and cybersecurity company in New York that specializes in providing comprehensive, customizable cybersecurity services. We protect businesses from cyber threats like QBot Malware using a combination of human expertise and advanced technologies. So, if your organization needs assistance managing the security of its IT, contact us today to learn about our managed cybersecurity services.
Blackpoint Cyber’s Cyber Threat Notice