Blog
Stop Worrying and Start Isolating – Qakbot is Back
By BUFFERZONE Team, 5/02/2024
Target: IT Professionals (Elementary)
Tags: Phishing, Safe Workspace™, Safe Browsing, NoCloud ™ Anti-Phishing, Protection by containment™
Recently, the Qakbot Trojan has appeared as a significant threat in the cyber world, targeting computers through seemingly legitimate business email [1]. This new wave of cyber-attacks highlights the ever-evolving nature of cyber threats and the need for heightened vigilance in digital correspondence.
Qakbot, known for its deceptive simplicity, infects computers through business emails that often appear trustworthy. These emails, carefully crafted to bypass conventional security measures, carry malicious attachments or links that, once engaged with, start the infection process.
The sophistication of Qakbot lies in its ability to blend seamlessly into regular business communications, making it challenging for users to identify and avoid these threats. Moreover, its ability to infect office computers severely risks organizational data security and integrity. Microsoft [1] has recently issued an alert about the resurgence of Qakbot, which masquerades as an email from an IRS (Internal Revenue Service) representative. This attack, first noticed by Microsoft on December 11th, primarily targets the hospitality sector. The phishing email includes a PDF attachment, a guest list, with a lure message “Document preview is not available,” enticing recipients to download the PDF for a proper view. Unfortunately, clicking the download link leads to the downloading of an MSI file, which, upon installation, starts the Qakbot malware DLL, thereby compromising the system.
Staying Safe in the Digital World
To combat this threat, individuals and organizations must adopt preventive security measures. This includes educating employees about the signs of phishing emails, implementing advanced security solutions, and regularly updating systems to patch vulnerabilities. However, 92% of the attacks start with phishing attacks targeting the human factor.
This is why we created BUFFERZONE® Safe Workspace™ (that it’s strategic concept is Protection by containment™) a suite of zero-trust solutions that consists of Safe Mail, NoCloud™ Artificial Intelligence (AI) Anti-Phishing, SafeBridge® Content Disarm and Reconstruction, and Safe Browser, a secure browsing solution.
Safe Mail is a Microsoft Outlook plugin that uses BUFFERZONE® SafeBridge® to CDR emails and open links and attachments securely inside a BUFFERZONE® secure virtual container. BUFFERZONE® container isolates the browsing and file activity while keeping your computer safe from evasive attacks. In the Qakbot example, the link will be opened inside our container, and the downloaded file will be isolated and impossible to execute. As a result, it stops the next step of the attack and minimizes the human factor security breach.
Conclusion
The rise of the Qakbot is a stark reminder of the importance of cybersecurity in the modern era. As cyber threats evolve, staying informed and prepared is our best defense against these digital dangers. By isolating threats and adding prevention capabilities to your existing detection solution, the organization achieves the highest level of security and keeps IT simple.
References
[1] https://www.bleepingcomputer.com/news/security/qbot-malware-returns-in-campaign-targeting-hospitality-industry/