Qbot malware surges into the top-ten most common business threats

An evolved form of the banking Trojan was distributed by number one-ranking Emotet in a campaign that hit 5% of businesses globally

An evolved form of the Qbot malware entered the top-ten index of the most prevalent security threats for the first time last month, with the banking Trojan ranking as the tenth most pertinent risk.

The Trojan has undergone several changes since it was first active in 2008, with researchers most recently discovering in June that hackers have bolstered Qbot with new functions and stealth capabilities

Its prevalence has, as a result, surged to see it enter the Check Point Research top-ten malware index for the first time, with the company discovering several campaigns using Qbot’s new strain between March and August 2020.

These campaigns include Qbot being distributed by the Emotet Trojan, which itself ranked as the number one most prevalent threat to businesses during August. The campaign alone affected 5% of organisations globally in July.

"Threat actors are always looking at ways to update existing, proven forms of malware and they have clearly been investing heavily in Qbot’s development to enable data theft on a massive scale from organizations and individuals," said director for threat intelligence and research products at Check Point, Maya Horowitz.

"We have seen active malspam campaigns distributing Qbot directly, as well as the use of third-party infection infrastructures like Emotet's to spread the threat even further," she added. "Businesses should look at deploying anti-malware solutions that can prevent such content reaching end-users and advise employees to be cautious when opening emails, even when they appear to be from a trusted source."

While Qbot represents a more pertinent threat than ever before, Emotet remains at the summit of the index for the second month in a row, with the advanced and self-propagating Trojan affecting 14% of organisations globally.

Once a fully-fledged banking Trojan, Emotet has most recently been used as a distributor of other malware strains, recently, for example, in the campaign in which it spread Qbot. Emotet uses multiple methods to stay persistent and deploys evasion techniques to avoid detection. This threat is also commonly spread through phishing campaigns.

Related Resource

Don’t just educate: Create cyber-safe behaviour

Designing effective security awareness and training programmes

How to define effective security awareness and training programmesDownload now

The threats that followed Emotet include Agent Tesla, an advanced RAT functioning as a keylogger and information stealer, as well as Formbook, an information stealer that harvests credentials from web browsers, collects screenshots, and monitors keystrokes. Both malware types affected 3% of organisations each during August.

Check Point Research also published information about the most commonly exploited threats during August, as part of its indexing, with the web server exposed git repository information disclosure ranking number one, and affecting 47% of organisations globally. This information disclosure vulnerability could be successfully exploited to allow the unintentional disclosure of user account information.

This exploit was followed by the MVPower DVR remote code execution flaw, exploited to execute arbitrary code in affected routers, as well as the Dason GPON router authentication bypass, which can allow remote attackers to obtain sensitive information.

Featured Resources

B2B under quarantine

Key B2C e-commerce features B2B need to adopt to survive

Download now

The top three IT pains of the new reality and how to solve them

Driving more resiliency with unified operations and service management

Download now

The five essentials from your endpoint security partner

Empower your MSP business to operate efficiently

Download now

How fashion retailers are redesigning their digital future

Fashion retail guide

Download now

Recommended

Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
New malware uses search engine ads to target pirate gamers
malware

New malware uses search engine ads to target pirate gamers

21 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021
ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021

Most Popular

The benefits of workload optimisation
Sponsored

The benefits of workload optimisation

16 Jul 2021
Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021
Six ways boards can step up support for cyber security
Business strategy

Six ways boards can step up support for cyber security

22 Jul 2021