Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Latest Online Fraud Report Says Qakbot is No Laughing Matter

Qakbot Trojan Targets Business Accounts at Financial Institutions

Qakbot Trojan Targets Business Accounts at Financial Institutions

On Monday, RSA released the findings of its monthly Online Fraud Report for October 2010. The latest fraud report puts a particular focus on the Qakbot Trojan, and while Qakbot isn’t new (it attacked the UK’s National Health Service earlier this year), RSA has identified several attributes that make this Trojan stand out from the crowd.

Qakbot is the first Trojan seen to exclusively target business and corporate financial accounts and is designed to spread like a worm—infecting multiple machines at a time—while also stealing data like an ordinary Trojan such as Zeus. Additionally, Qakbot appears to be the first Trojan to separate out targeted credentials, from other stolen information on the client side rather than in a drop zone.Fraud Report October 2010

Additionally, the latest online fraud report shows that September was the seventh consecutive month nationwide banks in the U.S. continued to be targeted most by cybercriminals, taking 64 percent of all attacks.

The detail of information captured by Qakbot is astonishing. RSA notes that “Every time an infected user accesses a website, the Trojan organizes data transmitted from the victim’s machine into three separate files: System Information (IP address, DNS server, country, state, city, software applications installed), Seclog (HTTP/S POST requests), and Protected Storage (information saved in the Internet Explorer Protected Storage and auto complete credentials including usernames, passwords, and browser history).” Capturing all this data actually helps cybercriminals build their own “intelligence centers” which can help them develop more effective attacks in the future. After all, cybercrime organizations have business models too.

According to the report, RSA identified 16,274 worldwide phishing attacks in September – a nine percent decrease from August. The bulk of the decrease can be directly attributed to fewer attacks on those organizations that are typically heavily targeted. Many reports have also suggested that phishing organizations have changed strategies and have switched to distributing malware instead. According to the most recent APWG Global Phishing Survey, activity from the Avalanche phishing gang, the world’s most prolific phishing group, dropped significantly as a result of changing strategies to malware distribution. 

In September, RSA says 178 brands were attacked, an 18 percent decrease from August in which 216 brands were attacked, the first time in over a year that the number of targeted brands fell below 200.

The full RSA Online Fraud Report, October 2020 is available here

Be Informed. Subscribe to the SecurityWeek Email Briefing Here >

Advertisement. Scroll to continue reading.

Tags: Qakbot, malware, cybercrime, financial malware, latest cyber threats

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Phishing

The easiest way for a cyber-attacker to gain access to sensitive data is by compromising an end user’s identity and credentials. Things get even...

Cyberwarfare

An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.

Fraud & Identity Theft

Famed hacker Kevin Mitnick has died after a battle with pancreatic cancer.  At the time of his death, he was Chief Hacking Officer at...