Security News
The FBI has warned about a new trend in ransomware attacks where multiple strains are deployed on victims' networks to encrypt systems in under two days. Variants used in these dual ransomware attacks include AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal.
After more than 15 years in the wild, the Qakbot botnet, a zombie network of over 700,000 computers worldwide, is hanging on the FBI's trophy wall for now. A multinational action called Operation "Duck Hunt" - led by the FBI, the Department of Justice, the National Cybersecurity Alliance, Europol, and crime officials in France, Germany, the Netherlands, Romania, Latvia and the U.K. - was able to gain access to the Qakbot network and shut down the malicious botnet, which has affected 700,000 computers worldwide.
A coordinated law enforcement effort codenamed Operation Duck Hunt has felled QakBot, a notorious Windows malware family that's estimated to have compromised over 700,000 computers globally and facilitated financial fraud as well as ransomware. QakBot administrators are said to have received fees corresponding to approximately $58 million in ransoms paid by victims between October 2021 and April 2023.
The FBI announced today the disruption of the Qakbot botnet in an international law enforcement operation that not only seized infrastructure but also uninstalled the malware from infected devices. Before we learn how the FBI uninstalled Qakbot from computers, it is essential to understand how the malware was distributed, what malicious behavior it performed, and who utilized it.
In a Tuesday press conference announcing the take down, US Attorney Martin Estrada called the FBI-led Operation Duck Hunt "The most significant technological and financial operation ever led by the Department of Justice against a botnet." For one thing, the Feds produced some software to drop onto Qbot-infected machines to render the malware ineffective. Beginning on August 21, the FBI obtained court orders allowing it to redirect Qakbot traffic to agent-controlled servers, and remotely disabled the malware on victims' machines.
The U.S. Federal Bureau of Investigation is warning that Barracuda Networks Email Security Gateway appliances patched against a recently disclosed critical flaw continue to be at risk of potential compromise from suspected Chinese hacking groups. It also deemed the fixes as "Ineffective" and that it "Continues to observe active intrusions and considers all affected Barracuda ESG appliances to be compromised and vulnerable to this exploit."
The FBI has warned owners of Barracuda Email Security Gateway appliances the devices are likely undergoing attack by snoops linked to China, and removing the machines from service remains the safest course of action. On Wednesday, the FBI pushed that recommendation in a flash alert [PDF] that stated it "Strongly advises all affected ESG appliances be isolated and replaced immediately."
The Federal Bureau of Investigation warned that patches for a critical Barracuda Email Security Gateway remote command injection flaw are "Ineffective," and patched appliances are still being compromised in ongoing attacks. Even though the Barracuda patched all appliances remotely and blocked the attackers' access to the breached devices on May 20, one day after the bug was identified, it also warned all customers on June 7 that they must replace all impacted appliances immediately, likely because it couldn't ensure the complete removal of malware deployed in the attacks.
The FBI warned that North Koreans are likely readying to cash out tens of millions worth of stolen cryptocurrency out of hundreds of millions stolen in the last year alone. "The FBI believes the DPRK may attempt to cash out the bitcoin worth more than $40 million dollars."
The U.S. Federal Bureau of Investigation on Tuesday warned that threat actors affiliated with North Korea may attempt to cash out stolen cryptocurrency worth more than $40 million. North Korea is known to blur the lines among cyber warfare, espionage, and financial crime.