Cybersecurity

Qbot/Qakbot remains one of the most widespread malware variants. A new report from researchers at DFIR reveal that Qbot is used to steal sensitive data and execute other malign tasks in a very short time frame. Qbot, which WaterISAC reported on last year, is a highly modular malware used for many nefarious activities such as credential harvesting and dropping ransomware. Qbot usually spreads via phishing emails.

The FBI has published a TLP:WHITE FLASH providing indicators of compromise associated with LockBit 2.0 ransomware. The FLASH indicates LockBit 2.0 threat actors operate as an affiliate run Ransomware-as-a-Service (RaaS) and employ a wide variety of tactics, techniques, and procedures (TTPs), creating significant challenges for defense and mitigation. Some techniques these threat actors include, but are not limited to, purchased access, unpatched vulnerabilities, insider access, and zero day exploits.

Many organizations are not utilizing the cybersecurity features offered by Microsoft 365, according to research from the IT company Ensono. For its research Ensono surveyed IT staff whose companies use Microsoft 365. Some key findings from the survey reveal that 38 percent of respondents are not using multi-factor authentication, only 43 percent have Conditional Access setup, and 46 percent do have data loss prevention or data classification configured.

A recent study of ransomware attacks between July and September 2021 reveals that the banking, utilities, and retail sectors are the most targeted industries. The utilities sector was the second most targeted by ransomware during the time period, accounting for 20 percent of detected attacks. All three sectors in combination accounted for 58 percent of all detected attacks.