Qbot malware surges into the top-ten most common business threats

An evolved form of the banking Trojan was distributed by number one-ranking Emotet in a campaign that hit 5% of businesses globally

Trojan virus within binary code

An evolved form of the Qbot malware entered the top-ten index of the most prevalent security threats for the first time last month, with the banking Trojan ranking as the tenth most pertinent risk.

The Trojan has undergone several changes since it was first active in 2008, with researchers most recently discovering in June that hackers have bolstered Qbot with new functions and stealth capabilities

Its prevalence has, as a result, surged to see it enter the Check Point Research top-ten malware index for the first time, with the company discovering several campaigns using Qbot’s new strain between March and August 2020.

These campaigns include Qbot being distributed by the Emotet Trojan, which itself ranked as the number one most prevalent threat to businesses during August. The campaign alone affected 5% of organisations globally in July.

"Threat actors are always looking at ways to update existing, proven forms of malware and they have clearly been investing heavily in Qbot’s development to enable data theft on a massive scale from organizations and individuals," said director for threat intelligence and research products at Check Point, Maya Horowitz.

"We have seen active malspam campaigns distributing Qbot directly, as well as the use of third-party infection infrastructures like Emotet's to spread the threat even further," she added. "Businesses should look at deploying anti-malware solutions that can prevent such content reaching end-users and advise employees to be cautious when opening emails, even when they appear to be from a trusted source."

While Qbot represents a more pertinent threat than ever before, Emotet remains at the summit of the index for the second month in a row, with the advanced and self-propagating Trojan affecting 14% of organisations globally.

Once a fully-fledged banking Trojan, Emotet has most recently been used as a distributor of other malware strains, recently, for example, in the campaign in which it spread Qbot. Emotet uses multiple methods to stay persistent and deploys evasion techniques to avoid detection. This threat is also commonly spread through phishing campaigns.

Related Resource

Don’t just educate: Create cyber-safe behaviour

Designing effective security awareness and training programmes

How to define effective security awareness and training programmesDownload now

The threats that followed Emotet include Agent Tesla, an advanced RAT functioning as a keylogger and information stealer, as well as Formbook, an information stealer that harvests credentials from web browsers, collects screenshots, and monitors keystrokes. Both malware types affected 3% of organisations each during August.

Check Point Research also published information about the most commonly exploited threats during August, as part of its indexing, with the web server exposed git repository information disclosure ranking number one, and affecting 47% of organisations globally. This information disclosure vulnerability could be successfully exploited to allow the unintentional disclosure of user account information.

This exploit was followed by the MVPower DVR remote code execution flaw, exploited to execute arbitrary code in affected routers, as well as the Dason GPON router authentication bypass, which can allow remote attackers to obtain sensitive information.

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Recommended

HackBoss malware is using Telegram to steal cryptocurrency from other hackers
cryptocurrencies

HackBoss malware is using Telegram to steal cryptocurrency from other hackers

16 Apr 2021
What is a Trojan?
Security

What is a Trojan?

25 Feb 2021
Weakness in Mamba ransomware could help recover data
ransomware

Weakness in Mamba ransomware could help recover data

26 Mar 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
Xiaomi Redmi Note 10 Pro review: Champagne tastes on a lemonade budget
Mobile Phones

Xiaomi Redmi Note 10 Pro review: Champagne tastes on a lemonade budget

13 Apr 2021
NSA uncovers new "critical" flaws in Microsoft Exchange Server
servers

NSA uncovers new "critical" flaws in Microsoft Exchange Server

14 Apr 2021