Here are the topics of this newsletter edition:
- A well-known bot often used for cyber-attacks, the Qakbot
- The First responder Word
FOCUS TECH
QAKBOT
Initially designed to steal banking credentials, Qakbot has evolved into a more versatile malware with multiple uses like stealing data or using it as a trojan to enter within an IT system. Besides, it is highly modulable, which allows actor to add new functionalities easily. Over time, its capabilities have expanded to target various types of sensitive information. This increasingly widespread threat now affects a broader range of victims and industries, especially in European countries, and is used by well-known actors such as black basta ransomware group.
To protect against Qakbot, it’s important to take a proactive approach to security. Implementing various measures can help defend against this threat:
- Consider utilizing an EDR system within your organization to ensure constant monitoring and prompt responses to cyberattacks
- Monitor IoCs, verify child processes with Sigma rules and restrict admin access
- Train users to recognize phishing emails and avoid clicking on suspicious links or opening attachments from unknown senders, as it is a common infection way. It is also recommended to train on specific personalized modules as the phishing techniques get more and more sophisticated
- Implement strong, unique passwords for all accounts, and use MFA for all privileged accesses (mail, VPN, cloud…)
- Regularly update operating systems and software to patch vulnerabilities that could be exploited by Qakbot to spread from a post to another for example.
While no single solution can guarantee complete protection from Qakbot, combining these strategies will significantly reduce the risk of infection and help maintain a secure environment.
CERT-W: FROM THE FRONT LINE
THE FIRST RESPONDER WORD
SEE YOU NEXT MONTH!!