The current operation towards the Qakbot (“Qbot”) botnet by the US’ FBI, Justice Department and their international companions is nothing in need of commendable. By taking down this long-operating botnet, we’ve got been proven what is possible when the cyber security group works collectively to take on cyber threats. We’re indeed stronger together. I hope this success will be the first of many, quite than an isolated victory. Nevertheless, there’s some cause to temper the current wave of optimism.
Extra infected units could be out there
The seven hundred,000 units number being quoted by the FBI is predicated on the contacts acquired by the adversarial servers that have been taken over. This can be a substantial number and may show to be a killing blow to this botnet. Nevertheless, even assuming that the malware removing command was profitable in all instances, there could be other offshore servers that have been untouched.
My analysis group at Lumu Technologies has continued to detect contacts from Qbot after the botnet was supposedly taken down.
Eliminating Qbot is just step one
Each of those seven hundred,000 units still represents a tool where credentials have been probably stolen and at the moment are on the market on the darkish net. Qbot can even act as a backdoor to put in different malware or persistence instruments, so each of those units needs to be checked for compromise.
Menace actors will adapt
Qbot is actually a legacy botnet, adapted from its unique objective as a banking trojan, that has confirmed to be a thorn in our aspect for too long. It’s necessary to keep in mind that Qbot is just one aspect within the cyber crime supply chain. It’s great to see that cryptocurrencies have been confiscated however so far as we know no arrests have been made. The menace actors are nonetheless at giant and different malware is more likely to take up Qbot’s position as an initial access vector and precursor to ransomware.
Botnets like Qbot and Emotet have confirmed to be resilient before following comparable (however smaller) takedown operations and it remains to be seen if this was the killing blow to Qbot. The federal government’s operation exhibits the facility of collective motion in cyber safety, reinforcing that we’re stronger collectively. We need to proceed to stay vigilant. We’d have gained this battle, however the struggle nonetheless rages on.
Ricardo Villadiego is founder and CEO of Lumu Technologies, a menace searching and community detection and response (NDR) specialist.
Learn extra on Hackers and cybercrime prevention