The U.S. government and international partners just tackled a big cyber headache: QakBot. This malware has been a menace for businesses and agencies for ages. The organized force not only shut it down but also managed to reclaim millions in lost funds.
The FBI and Cybersecurity Infrastructure Security Agency (CISA) have historically been either ineffective or quiet about tackling these organized threats. Here’s the scoop on this high-tech crackdown.
The trojan horse that opened the door for ransomware
QakBot has been a notorious player in the cyber underworld since 2008. Initially introduced as a banking trojan, it shifted gears over time, becoming the favorite tool for various cybercrime groups. Their objective was to compromise networks for severe ransomware attacks. But how did QakBot work its dark magic? It usually started with deceptive emails designed to trick the receiver: they look legit and time-sensitive, like invoices or work orders.
Now, here’s the tricky part: Embedded within these emails were links, attachments or, more recently, embedded images that contain malicious code. These are the ‘payloads,’ and they’re the real danger.
If someone were to unknowingly click on the link or image or download the attachment, QakBot would spring to life, infiltrating that person’s system.
Once installed, QakBot communicates with its command-and-control (C2) servers to receive instructions and updates. QakBot then scans the device and the network for valuable info, such as credentials, banking details or user accounts. QakBot can then either steal or exfiltrate the data it collects or use it to facilitate further attacks by delivering ransomware or malware.
Operation “Duck Hunt”
Martin Estrada, the U.S. attorney for the Southern District of California, didn’t mince words at a recent press conference in Los Angeles, declaring the operation against QakBot as “the most significant technological and financial operation ever led by the Department of Justice against a botnet.”
Estrada had the numbers to back it up: QakBot had been linked to 40 different ransomware attacks in the last 18 months, resulting in a staggering $58 million in losses.
The operation, colorfully named “Duck Hunt,” saw the DOJ and FBI working hand in hand, obtaining court orders not just to remove the malware but to seize control of the servers, puppeteering this nefarious botnet.
Don Alway of the FBI’s Los Angeles field office revealed that the feds had gotten access to the botnet’s online control panel, allowing them to instruct all infected systems to cut ties with QakBot and cleanse themselves of its influence.
QakBot’s vast reach
The scale of this operation was outrageous. In the past year alone, QakBot had wormed its way into more than 700,000 machines, of which more than 200,000 were in the U.S.
The DOJ’s international collaboration in this operation seized over 50 internet servers connected to this malware in seven countries. It confiscated approximately $9.5 million in cryptocurrency from the masterminds behind QakBot.
How to stay protected
While the “Duck Hunt” operation has put a significant dent in QakBot’s reign, history has shown that these takedowns, though impactful, aren’t always the end of the line. So, what can you do amidst this ever-shifting digital landscape? Start with the following:
Have good antivirus software on all your devices
The best way to protect yourself from having your data breached is to have antivirus protection installed on all your devices. Having good antivirus software actively running on your devices will alert you about any malware in your system, warn you against clicking on any malicious links in phishing emails and ultimately protect you from being hacked.
Have strong passwords, and use 2-factor authentication
Using the same password across multiple platforms will always make you more vulnerable, because if one account gets hacked, they all get hacked. Consider using a password manager to generate and store complex passwords. And 2-factor authentication is just an extra shield that will prevent a hacker from getting into your accounts. Make sure to use a password manager to keep track of all your passwords.
How can I check whether my information was sold on the dark web?
To check whether your information has been sold on the dark web, you can go to haveibeenpwned.com and enter your email address into the search bar. The website will search to see what data of yours is out there and display whether there have been data breaches associated with your email address on various sites. You may have even received an email from the website already, saying that some of your data has been stolen, and you should look into it immediately if that is the case.
What do I do if my data has been stolen?
If you see that your information is part of any sort of breach, you should first log out of all your accounts on every web browser on your computer. Once you’ve done that, you should completely clear out your cookies and caches. If you’re not sure how to do that, click here to learn how.
Use identity theft protection
To protect your identity from malware, investing in identity theft protection is a smart move. Identity theft protection companies can monitor personal information like your home title, Social Security Number (SSN), phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. See my tips and best picks on how to protect yourself from identity theft.
Kurt’s key takeaways
The takedown of QakBot is a big win in the ever-challenging world of cybersecurity. We’ve watched this malware evolve since 2007, shifting tactics and increasing its reach, which truly underscores the tenacity of cybercriminals. Let’s give credit where it’s due: The efforts by the U.S. government to dismantle this threat have been monumental but serious risks, and hidden dangers still run rampant.
With all of these ever-evolving threats out there, how are you keeping your digital life locked down? Have you ever come across QakBot or similar malware? If so, how did you handle it? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips & security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Copyright 2023 CyberGuy.com. All rights reserved.