Qbot malware surges into the top-ten most common business threats

An evolved form of the banking Trojan was distributed by number one-ranking Emotet in a campaign that hit 5% of businesses globally

An evolved form of the Qbot malware entered the top-ten index of the most prevalent security threats for the first time last month, with the banking Trojan ranking as the tenth most pertinent risk.

The Trojan has undergone several changes since it was first active in 2008, with researchers most recently discovering in June that hackers have bolstered Qbot with new functions and stealth capabilities

Its prevalence has, as a result, surged to see it enter the Check Point Research top-ten malware index for the first time, with the company discovering several campaigns using Qbot’s new strain between March and August 2020.

These campaigns include Qbot being distributed by the Emotet Trojan, which itself ranked as the number one most prevalent threat to businesses during August. The campaign alone affected 5% of organisations globally in July.

"Threat actors are always looking at ways to update existing, proven forms of malware and they have clearly been investing heavily in Qbot’s development to enable data theft on a massive scale from organizations and individuals," said director for threat intelligence and research products at Check Point, Maya Horowitz.

"We have seen active malspam campaigns distributing Qbot directly, as well as the use of third-party infection infrastructures like Emotet's to spread the threat even further," she added. "Businesses should look at deploying anti-malware solutions that can prevent such content reaching end-users and advise employees to be cautious when opening emails, even when they appear to be from a trusted source."

While Qbot represents a more pertinent threat than ever before, Emotet remains at the summit of the index for the second month in a row, with the advanced and self-propagating Trojan affecting 14% of organisations globally.

Once a fully-fledged banking Trojan, Emotet has most recently been used as a distributor of other malware strains, recently, for example, in the campaign in which it spread Qbot. Emotet uses multiple methods to stay persistent and deploys evasion techniques to avoid detection. This threat is also commonly spread through phishing campaigns.

Related Resource

Don’t just educate: Create cyber-safe behaviour

Designing effective security awareness and training programmes

How to define effective security awareness and training programmesDownload now

The threats that followed Emotet include Agent Tesla, an advanced RAT functioning as a keylogger and information stealer, as well as Formbook, an information stealer that harvests credentials from web browsers, collects screenshots, and monitors keystrokes. Both malware types affected 3% of organisations each during August.

Check Point Research also published information about the most commonly exploited threats during August, as part of its indexing, with the web server exposed git repository information disclosure ranking number one, and affecting 47% of organisations globally. This information disclosure vulnerability could be successfully exploited to allow the unintentional disclosure of user account information.

This exploit was followed by the MVPower DVR remote code execution flaw, exploited to execute arbitrary code in affected routers, as well as the Dason GPON router authentication bypass, which can allow remote attackers to obtain sensitive information.

Featured Resources

2021 Thales access management index: Global edition

The challenges of trusted access in a cloud-first world

Free download

Transforming higher education for the digital era

The future is yours

Free download

Building a cloud-native, hybrid-multi cloud infrastructure

Get ready for hybrid-multi cloud databases, AI, and machine learning workloads

Free download

The next biggest shopping destination is the cloud

Know why retail businesses must move to the cloud

Free Download

Recommended

Malware developers create malformed code signatures to avoid detection
malware

Malware developers create malformed code signatures to avoid detection

24 Sep 2021
What is a Trojan?
Security

What is a Trojan?

27 Aug 2021
Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Veritas Backup Exec 21.3 review: Covers every angle
backup software

Veritas Backup Exec 21.3 review: Covers every angle

14 Oct 2021
HPE wins networking contract with Birmingham 2022 Commonwealth Games
Network & Internet

HPE wins networking contract with Birmingham 2022 Commonwealth Games

15 Oct 2021