A new evolving malware known as Qakbot is hitting that will lock companies out of their networks and infecting associated systems as well according to Cylance researchers. Michael Patterson, CEO at Plixer commented below.
Michael Patterson, CEO at Plixer:
“Malware continues to evolve as there is no shortage of vulnerabilities to exploit. Qakbot’s dynamic polymorphic abilities make it particularly evasive to antivirus systems. This means the virus can more easily maintain it’s presence without being detected. It does however need to communicate on the network in order to carry out its dastardly deeds. In the case of Qakbot, it uses HTTPS to communicate with command-and-control (C&C) and FTP to upload stolen data. Network Traffic Analytics can be leveraged against flow data to watch for this one-two punch combination especially where odd FQDNs patterns are detected.”