Just three bootloaders are responsible for 80% of cyber attacks in the last 9 months.
Recently, cybersecurity researchers from the company ReliaQuest found that only three malicious bootloaders-QakBot, SocGholish and Raspberry Robin-are responsible for 80% of all cyber incidents this year.
Bootloaders are viruses that download and run other types of malware: ransomware, Trojans, or worms. They often become the first stage in cyber attacks and are used to deliver malicious code to the victim's computer. In practice, it is thanks to them that cybercriminals gain primary access to systems.
ReliaQuest experts emphasize: "The discovery of a "bootloader" on the network does not always mean that the system is compromised. <...> However, this does not mean that the threat can be underestimated, especially when it comes to the three most common types of viruses"
QakBot: evolving fast
QakBot, which is associated with the Black Basta group, was originally created as a banking Trojan. Over time, its functionality has expanded: now it not only allows primary access, but also steals sensitive data. The methods of spreading this virus are also quite diverse: most often these are phishing emails with fake invoices, urgent requests, and other "traps".
SocGholish: One click can compromise the entire system
SocGholish disguises itself as legitimate updates. Its target environment is usually Windows-based systems. This downloader is linked to the cybercrime group Evil Corp and is most commonly used to target the food service, retail, and legal services industries in the United States. "Just four clicks can lead to infection of the entire network or domain within a few days," experts warn.
Raspberry Robin: A universal threat
Raspberry Robin attracts attention for its versatility. It is used to deliver many different types of malware and is associated with several large groups, including Evil Corp and Silence.
ReliaQuest recommends several security methods. For example, you can configure Group Policy (GPO) so that the standard program for executing JS files is changed to Notepad, not Wscript. You can also restrict the arbitrary connection of corporate resources to the Internet to minimize risks.
Cyber threats are constantly evolving, and new dangerous loaders can appear at any time. It is important to be alert and constantly update your security systems so that you don't fall victim to the next major cyber attack.
Recently, cybersecurity researchers from the company ReliaQuest found that only three malicious bootloaders-QakBot, SocGholish and Raspberry Robin-are responsible for 80% of all cyber incidents this year.
Bootloaders are viruses that download and run other types of malware: ransomware, Trojans, or worms. They often become the first stage in cyber attacks and are used to deliver malicious code to the victim's computer. In practice, it is thanks to them that cybercriminals gain primary access to systems.
ReliaQuest experts emphasize: "The discovery of a "bootloader" on the network does not always mean that the system is compromised. <...> However, this does not mean that the threat can be underestimated, especially when it comes to the three most common types of viruses"
QakBot: evolving fast
QakBot, which is associated with the Black Basta group, was originally created as a banking Trojan. Over time, its functionality has expanded: now it not only allows primary access, but also steals sensitive data. The methods of spreading this virus are also quite diverse: most often these are phishing emails with fake invoices, urgent requests, and other "traps".
SocGholish: One click can compromise the entire system
SocGholish disguises itself as legitimate updates. Its target environment is usually Windows-based systems. This downloader is linked to the cybercrime group Evil Corp and is most commonly used to target the food service, retail, and legal services industries in the United States. "Just four clicks can lead to infection of the entire network or domain within a few days," experts warn.
Raspberry Robin: A universal threat
Raspberry Robin attracts attention for its versatility. It is used to deliver many different types of malware and is associated with several large groups, including Evil Corp and Silence.
ReliaQuest recommends several security methods. For example, you can configure Group Policy (GPO) so that the standard program for executing JS files is changed to Notepad, not Wscript. You can also restrict the arbitrary connection of corporate resources to the Internet to minimize risks.
Cyber threats are constantly evolving, and new dangerous loaders can appear at any time. It is important to be alert and constantly update your security systems so that you don't fall victim to the next major cyber attack.