ADVERTISEMENT

Just three malware loaders used in 80% of attacks

Three malware loaders, QakBot, SocGholish, and Raspberry Robin, wreak havoc in 80% of incidents, according to the threat researchers of IT security firm ReliaQuest.

Black Basta QakBot

Image by Shutterstock.

Ernestas Naprys
Ernestas Naprys Senior Journalist
Aug 25, 2023 Updated: 15 November 2023 3 min read
malware-loaders

QakBot is quick to change

With SocGholish, one user can affect the whole system

ADVERTISEMENT

Raspberry Robin is an all-rounder

How do you defend against malware loaders?

  • Configure a GPO (Group Policy Object) to change the default execution engine of JS files from Wscript to Notepad, and any additional script files you see fit. This will prevent these files from being executed on the host.
  • Block inbound emails that have file extensions typically used for malware delivery.
  • Restrict company assets from making arbitrary connections to the internet, via firewall or proxy configurations, to minimize malware and C2 activity.
  • Limit the use of remote-access software unless absolutely required for an individual's job; alternatively, enhance monitoring to detect misuse. Cybercriminals – notably IABs and ransomware operators – love using this software to gain and maintain access to networks.
  • Disable ISO mounting, which is an increasingly solid way to bypass antivirus or endpoint detection tools.
  • Implement USB access control and GPOs to prevent autorun command executions. Consider disabling any removable media access if business conditions allow.
  • Train staff to identify social-engineering tactics employed on the web, and open up an appropriate channel for them to report suspicious emails or other activity.
ADVERTISEMENT