Close

Request Demo

BUFFERZONE is available to Enterprise companies only. Please fill out the form below and we’ll contact you shortly


    Enterprise

    Protect the enterprise where most breaches occur - at the endpoint

    Virtual Desktops

    VDI is vulnerable to advanced threats just like physical endpoints

    Financial

    Financial organizations need a robust, flexible solution for securing access to the internet, email attachments, and removable storage.

    Blog

    Back

    Stop Worrying and Start Isolating – Qakbot is Back

    By BUFFERZONE Team, 5/02/2024

    Target: IT Professionals (Elementary)

    Tags: Phishing, Safe Workspace™, Safe Browsing, NoCloud ™ Anti-Phishing

    Recently, the Qakbot Trojan has appeared as a significant threat in the cyber world, targeting computers through seemingly legitimate business email [1]. This new wave of cyber-attacks highlights the ever-evolving nature of cyber threats and the need for heightened vigilance in digital correspondence.

    Qakbot, known for its deceptive simplicity, infects computers through business emails that often appear trustworthy. These emails, carefully crafted to bypass conventional security measures, carry malicious attachments or links that, once engaged with, start the infection process.

    The sophistication of Qakbot lies in its ability to blend seamlessly into regular business communications, making it challenging for users to identify and avoid these threats. Moreover, its ability to infect office computers severely risks organizational data security and integrity. Microsoft [1] has recently issued an alert about the resurgence of Qakbot, which masquerades as an email from an IRS (Internal Revenue Service) representative. This attack, first noticed by Microsoft on December 11th, primarily targets the hospitality sector. The phishing email includes a PDF attachment, a guest list, with a lure message “Document preview is not available,” enticing recipients to download the PDF for a proper view. Unfortunately, clicking the download link leads to the downloading of an MSI file, which, upon installation, starts the Qakbot malware DLL, thereby compromising the system.

    Staying Safe in the Digital World

    To combat this threat, individuals and organizations must adopt preventive security measures. This includes educating employees about the signs of phishing emails, implementing advanced security solutions, and regularly updating systems to patch vulnerabilities. However, 92% of the attacks start with phishing attacks targeting the human factor.

    This is why we created BUFFERZONE® Safe Workspace™ a suite of zero-trust solutions that consists of Safe Mail, NoCloud™ Artificial Intelligence (AI) Anti-Phishing, SafeBridge® Content Disarm and Reconstruction, and Safe Browser, a secure browsing solution.

    Safe Mail is a Microsoft Outlook plugin that uses BUFFERZONE® SafeBridge® to CDR emails and open links and attachments securely inside a BUFFERZONE® secure virtual container. BUFFERZONE® container isolates the browsing and file activity while keeping your computer safe from evasive attacks. In the Qakbot example, the link will be opened inside our container, and the downloaded file will be isolated and impossible to execute. As a result, it stops the next step of the attack and minimizes the human factor security breach.

    Conclusion

    The rise of the Qakbot is a stark reminder of the importance of cybersecurity in the modern era. As cyber threats evolve, staying informed and prepared is our best defense against these digital dangers. By isolating threats and adding prevention capabilities to your existing detection solution, the organization achieves the highest level of security and keeps IT simple.

    References

    [1] https://www.bleepingcomputer.com/news/security/qbot-malware-returns-in-campaign-targeting-hospitality-industry/