In response to news of the QakBot trojan, which uses new exploit methods to continue to use infected machines as control servers, even after its capability to steal personal and financial data from the infected machine has been removed by a security product, IT security experts commented below.
Don Duncan, Engineer at NuData Security:
“Ultimately, the solution is to prevent the use of stolen data by overlaying new barriers in the form of behavioral biometric authentication. These new solutions authenticate users based on their online behaviors – methods that are extremely resistant to impersonation, don’t rely on credentials and can even provide banks with options to upgrade user experiences for good customers. These technologies are going to defeat Trojans and malware by making the credentials and payment card details obsolete. Fraudsters are in the business of making money, so the real answer is to the data useless.
New solutions authenticate users based on their online behaviors; methods that are extremely resistant to impersonation, don’t rely on credential data, and can even provide banks with options to upgrade user experiences for trusted good customers. These technologies are going to defeat Trojans and malware by making the credentials and payment card details that the fraudsters go after obsolete.”
Gabriel Gumbs, VP of Product Strategy at STEALTHbits Technologies:
“Wannacry relied on SMB, a port that is disabled by default on most home routers, while being enabled inside of a business to allow file sharing. QakBot/Pinkslipbot relies on uPnP as part of its larger infection strategy, a port that can be opened in almost every home to allow IoT and other home devices to work seamlessly. Organizations still need be very diligent as this malware does three things that can disrupt every business. It locks out hundreds to thousands of Active Directory accounts in quick succession, attempts to logon to many accounts that do not exist, such as “”administrador” and deploys malicious executables to network shares and registering them as a service, all in an attempt to create further havoc within Active Directory environments. Companies will want to actively monitor for these types of events as they can easily go unnoticed until the damage is done.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.