QakBot malware network is dismantled in major crackdown

The U.S. government and international partners just tackled a big cyber headache: QakBot. This malware has been a menace for businesses and agencies for ages. The organized force not only shut it down but also managed to reclaim millions in lost funds.

The FBI and Cybersecurity Infrastructure Security Agency (CISA) have historically been either ineffective or quiet about tackling these organized threats.  Here’s the scoop on this high-tech crackdown.

The trojan horse that opened the door for ransomware

QakBot has been a notorious player in the cyber underworld since 2008. Initially introduced as a banking trojan, it shifted gears over time, becoming the favorite tool for various cybercrime groups.

Their objective? Prepping compromised networks for severe ransomware attacks. But how did QakBot work its dark magic? It usually started with deceptive emails designed to trick the receiver: they look legit and time-sensitive, like invoices or work orders.

Now, here’s the tricky part: embedded within these emails were links, attachments, or, more recently, embedded images that contain malicious code. These are the ‘payloads,’ and they’re the real danger.

If someone were to unknowingly click on the link, embedded image, or download the attachment, QakBot would spring to life, infiltrating that person’s system.

Once installed, QakBot communicates with its command-and-control (C2) servers to receive instructions and updates. QakBot then scans the device and the network for valuable info, such as credentials, banking details, user accounts, etc. QakBot can then either steal or exfiltrate the data it collects or use it to facilitate further attacks by delivering ransomware or malware.

MORE: BEWARE OF THIS MAC MALWARE MASQUERADING AS AN OFFICE PRODUCTIVITY APP

Operation “Duck Hunt”

Martin Estrada, the U.S. attorney for the Southern District of California, didn’t mince words at a recent press conference in Los Angeles, declaring the operation against QakBot as “the most significant technological and financial operation ever led by the Department of Justice against a botnet.”

Estrada had the numbers to back it up: QakBot had been linked to 40 different ransomware attacks in the last 18 months, resulting in a staggering $58 million in losses.

The operation, colorfully named “Duck Hunt,” saw the DOJ and FBI working hand in hand, obtaining court orders not just to remove the malware but to seize control of the servers, puppeteering this nefarious botnet.

Don Alway of the FBI’s Los Angeles field office revealed that the feds got access to the botnet’s online control panel, allowing them to instruct all infected systems to cut ties with QakBot and cleanse themselves of its influence.

MORE: HOW THIS NEW BANKING TROJAN CAN STEAL YOUR FINANCIAL INFORMATION

QakBot’s vast reach

The scale of this operation was outrageous. In the past year alone, QakBot had wormed its way into more than 700,000 machines, of which more than 200,000 were in the U.S. The DOJ’s international collaboration in this operation seized over 50 internet servers connected to this malware in 7 countries. It confiscated approximately $9.5 million in cryptocurrency from the masterminds behind QakBot.

MORE: DON’T FALL FOR THAT DECEPTIVE EMAIL ASKING FOR YOUR HELP

How to stay protected

While the “Duck Hunt” operation has put a significant dent in QakBot’s reign, history has shown that these takedowns, though impactful, aren’t always the end of the line. So, what can you do amidst this ever-shifting digital landscape? Start with the following:

Have good antivirus software on all your devices

Special Back to School deal for CyberGuy Readers: 

Best Antivirus Protection 2023

Have strong passwords and use 2-factor authentication

Using the same password across multiple platforms will always make you more vulnerable because if one account gets hacked, they all get hacked.And 2-factor authentication is just an extra shield that will prevent a hacker from getting into your accounts. Make sure to use a password manager to keep track of all your passwords.

How can I check if my information was sold on the dark web?

To check if your information was sold on the dark web, you can go to haveibeenpwned.com and enter your email address into the search bar. The website will search to see what data of yours is out there and display if there were data breaches associated with your email address on various sites.  You may have even received an email from the website already saying that some of your data was stolen, and you should look into this immediately if that is the case.

What do I do if my data has been stolen?

If you see that your information is part of any sort of breach, be sure to log out of all your accounts on every web browser on your computer. Once you’ve done that, you should completely clear out your cookies and caches. If you’re not sure how to do that, click here to learn how.

Use identity theft protection

To protect your identity from malware, investing in identity theft protection is a smart move. 

Best identity theft protection services 2023

Kurt’s key takeaways

The takedown of QakBot is a big win in the ever-challenging world of cybersecurity. We’ve watched this malware evolve since 2007, shifting tactics and increasing its reach, which truly underscores the tenacity of cybercriminals. Let’s give credit where it’s due – the efforts by the U.S. government to dismantle this threat have been monumental, but serious risks and hidden dangers still run rampant.

With all these ever-evolving threats out there, how are you keeping your digital life locked down? Have you ever come across QakBot or similar malware? If so, how did you handle it? Let us know by commenting below.

FOR MORE OF MY TECH TIPS & SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE

 

Related posts

How to protect your deliveries from getting stolen by porch pirates

How to keep your browsing history private

How your browser is spying on you. Hidden dangers lurking behind every click