Malware, Threat Intelligence

Most cyberattacks attributed to three malware loaders

Eighty percent of all cyberattacks against networks and computers during the first seven months of 2023 have been brought upon by the QBot, SocGholish, and Raspberry Robin malware loaders, according to The Register. QBot, also known as QakBot, accounted for 30% of attempted intrusions, making it the most prevalent malware loader, as its operators sought to adapt and evolve amid stronger defenses against malware loaders, a report from ReliaQuest showed. "QakBot's agility was evident in its operators' response to Microsoft's Mark of the Web (MOTW): they changed delivery tactics, opting to use HTML smuggling. In other instances, QakBot operators have experimented with file types for their payloads, to evade mitigation measures," said ReliaQuest. On the other hand, SocGholish was noted to have been leveraged in "aggressive watering hole attacks" between January and March, while Raspberry Robin has been utilized in the compromise of various U.S. and European organizations between January and June. "Based on recent trends, it's highly likely that these loaders will continue to pose a threat to organizations in the mid-term future (36 months) and beyond," said researchers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.