December 19, 2023 at 06:22PM
Qakbot malware has resurfaced, distributed through phishing emails targeting hospitality organizations. Microsoft, Zscaler, and Proofpoint reported sightings of a new 64-bit version using AES encryption. Despite a takedown in August, Qakbot’s operators continue distributing other malware. Lumu observed 1,581 attempted attacks in September, indicating the group’s resilience. The group’s continued activity poses a significant threat.
Based on the meeting notes, the key points are:
– Qakbot malware has resurfaced less than four months after law enforcement authorities dismantled its distribution infrastructure in an operation called “Duck Hunt.”
– The malware is being distributed via phishing emails targeting organizations in the hospitality sector, with low email volumes currently, but expected to increase.
– Microsoft’s threat intelligence group estimated the new campaign began on Dec. 11 and described the method of infection as well as noting it as a previously unseen version.
– Other security vendor companies like Zscaler and Proofpoint observed the malware surfacing and described its characteristics and distribution timeline.
– Qakbot, a long-prevailing threat since 2007, has pivoted to a malware-as-a-service model and is being used as a vehicle to drop other malware, including ransomware.
– The recent sightings of Qakbot malware indicate that the law enforcement takedown had less of an impact on Qakbot actors than generally perceived, as evidenced by the continued distribution of the malware after the takedown.
– Security firm Lumu reported a total of 1,581 attempted attacks on its customers in September attributable to Qakbot, with most attacks targeting organizations in finance, manufacturing, education, and government sectors.
Please let me know if you need any further information or analysis from these meeting notes.