IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Qbot malware surges into the top-ten most common business threats

An evolved form of the banking Trojan was distributed by number one-ranking Emotet in a campaign that hit 5% of businesses globally

An evolved form of the Qbot malware entered the top-ten index of the most prevalent security threats for the first time last month, with the banking Trojan ranking as the tenth most pertinent risk.

The Trojan has undergone several changes since it was first active in 2008, with researchers most recently discovering in June that hackers have bolstered Qbot with new functions and stealth capabilities

Its prevalence has, as a result, surged to see it enter the Check Point Research top-ten malware index for the first time, with the company discovering several campaigns using Qbot’s new strain between March and August 2020.

These campaigns include Qbot being distributed by the Emotet Trojan, which itself ranked as the number one most prevalent threat to businesses during August. The campaign alone affected 5% of organisations globally in July.

"Threat actors are always looking at ways to update existing, proven forms of malware and they have clearly been investing heavily in Qbot’s development to enable data theft on a massive scale from organizations and individuals," said director for threat intelligence and research products at Check Point, Maya Horowitz.

"We have seen active malspam campaigns distributing Qbot directly, as well as the use of third-party infection infrastructures like Emotet's to spread the threat even further," she added. "Businesses should look at deploying anti-malware solutions that can prevent such content reaching end-users and advise employees to be cautious when opening emails, even when they appear to be from a trusted source."

While Qbot represents a more pertinent threat than ever before, Emotet remains at the summit of the index for the second month in a row, with the advanced and self-propagating Trojan affecting 14% of organisations globally.

Once a fully-fledged banking Trojan, Emotet has most recently been used as a distributor of other malware strains, recently, for example, in the campaign in which it spread Qbot. Emotet uses multiple methods to stay persistent and deploys evasion techniques to avoid detection. This threat is also commonly spread through phishing campaigns.

Related Resource

Don’t just educate: Create cyber-safe behaviour

Designing effective security awareness and training programmes

How to define effective security awareness and training programmesDownload now

The threats that followed Emotet include Agent Tesla, an advanced RAT functioning as a keylogger and information stealer, as well as Formbook, an information stealer that harvests credentials from web browsers, collects screenshots, and monitors keystrokes. Both malware types affected 3% of organisations each during August.

Check Point Research also published information about the most commonly exploited threats during August, as part of its indexing, with the web server exposed git repository information disclosure ranking number one, and affecting 47% of organisations globally. This information disclosure vulnerability could be successfully exploited to allow the unintentional disclosure of user account information.

This exploit was followed by the MVPower DVR remote code execution flaw, exploited to execute arbitrary code in affected routers, as well as the Dason GPON router authentication bypass, which can allow remote attackers to obtain sensitive information.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Hackers could use new Wslink malware in highly targeted cyber attacks
malware

Hackers could use new Wslink malware in highly targeted cyber attacks

1 Nov 2021
FBI raids Chinese POS business following cyber attack claims
malware

FBI raids Chinese POS business following cyber attack claims

27 Oct 2021
Malware developers create malformed code signatures to avoid detection
malware

Malware developers create malformed code signatures to avoid detection

24 Sep 2021
What is a Trojan?
Security

What is a Trojan?

27 Aug 2021

Most Popular

Actively exploited server backdoor remains undetected in most organisations' networks
cyber attacks

Actively exploited server backdoor remains undetected in most organisations' networks

1 Jul 2022
Macmillan Publishers hit by apparent cyber attack as systems are forced offline
Security

Macmillan Publishers hit by apparent cyber attack as systems are forced offline

30 Jun 2022
Former Uber security chief to face fraud charges over hack coverup
data breaches

Former Uber security chief to face fraud charges over hack coverup

29 Jun 2022