Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

QBot Returns for a New Wave of Infections Using Squirrelwaffle

QBot Returns for a New Wave of Infections Using Squirrelwaffle

qbot
qbot

The activity of the QBot (also known as Quakbot) banking trojan is spiking again, and analysts from multiple security research firms attribute this to the rise of Squirrelwaffle.

Squirrelwaffle emerged last month as one of the most likely candidates to fill the void left by the take-down of Emotet, and unfortunately, these predictions are quickly being confirmed.

Also Read: PDPA Compliance Singapore: 10 Areas To Work On

A new wave of attacks

Researchers at TrendMicro have observed a new distribution campaign for QBot relying on Visual Basic Macros (VBA) macros in Microsoft Word documents sent as attachments in phishing emails.

Previous Qbot campaigns used Excel macros, which are still present in some cases, even if they are more scarce now.

All of QBot's arrival variations
All of QBot’s arrival variations 
Source: TrendMicro

The victim still has to manually open the document and “Enable Content” on their Microsoft Office suite to let the macro code run, dropping a QBot payload on the system.

The rest of the process chain hasn’t changed much compared to previous versions, still downloading a DLL file as the core payload and setting the same scheduled task for persistence as before.

Qbot is also known to partner with ransomware operations to provide them with initial access to a network. QBot has previously collaborated with ransomware gangs to deploy REvil, EgregorProLock, PwndLocker, and MegaCortex strains.

We shouldn’t forget that even if these compromises never evolve to file-encryption events, QBot can do significant damage on its own.

The additional modules downloaded by the QBot malware can grab browser cookies, passwords, emails, drop Cobalt Strike, enable lateral movement, and turn the infected machine into a proxy for C2 traffic.

Also Read: What Does A Data Protection Officer Do? 5 Main Things

Riding the Squirrel

Sentinel Labs published a report on the rise of the SquirrelWaffle malware loader, linking it directly to QBot, which is dropped as second stage malware.

Researchers at Minerva Labs have also drawn a similar conclusion, seeing the following delivery scheme:

SquirrelWaffle's infection chain
SquirrelWaffle’s infection chain
Source: Minerva Labs

SquirrelWaffle also uses VBA macros to execute a PowerShell command that retrieves its payload and launches it.

Unlike Emotet, who used a wide range of phishing lures, the SquirrelWaffle is not doing a great job creating convincing spam mails, keeping the infections in check.

The creation of more convincing phishing emails could be outsourced or quickly resolved by contacting an expert in that part of phishing operations, leading to a more significant number of SquirrelWaffle infections.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us