Malware has been causing lockouts for hundreds of thousands of Microsoft’s Active Directory (AD) service, preventing them from being able to access their company servers, networked assets and endpoints.
The malware spread was discovered by IBM’s X-Force Research division and noted the lockouts of AD, which manages users and access on Microsoft servers, could be attributed to malicious activity caused by the known QakBot trojan, also known as PinkSlip.
Despite being a well-known strain of malware, QakBot is difficult to tackle due to its modular, multithread construction and ability to constantly evolve to create backdoors into systems, subvert anti-virus tools and make it difficult for cyber security researchers to observe and tackle.
“Upon infecting a new endpoint, the malware uses rapid mutation to keep anti-virus systems guessing. It makes minor changes to the malware file to modify it and, in other cases, recompiles the entire code to make it appear unrecognisable,” explained Michael Oppenheim, global research lead at IBM X-Force Incident Response and Intelligence Services.
In its latest iteration, QakBot is locking people out of AD as a side effect to the way it spreads from machine to machine by reusing the credentials of an affected machine and its user to help spread through a compromised network; the reuse of user credentials triggers the AD lockout mechanism.
QakBot is not looking to cause the AD lockouts, rather it is looking to swipe the details of business and potentially personal bank accounts on infected machines being used to access online banking.
Oppenheim notes that so far QakBot has infected and ‘militarised’ over 54,000 computers.
But for concerned enterprises there are way to mitigate the threat, from basic disabling of online adverts and filtering the macro execution in emailed files, to ensuring domain accounts are configured to require the least privileges to carry out tasks and setup a special emergency account to enable security staff to recover the AD service and determine the source of the tojan, as well as prevent workstation-to-workstation communications to force the QakBot to reveal itself for potential detection.
With malware infecting increasing numbers of corporate networks, it is no wonder cyber security companies are turning to techniques like machine learning to tackle the ever increasing and evolving range of cyber threats.
Quiz: Are you a security pro?
Target for Elon Musk's lawsuit, hate speech watchdog CCDH, announces its decision to quit X…
Antitrust penalty. European Commission fines Meta a hefty €798m ($843m) for tying Facebook Marketplace to…
Elon Musk continues to provoke the ire of various leaders around the world with his…
Volkswagen and Rivian officially launch their joint venture, as German car giant ups investment to…
Merry Christmas staff. AMD hands marching orders to 1,000 employees in the led up to…
Recall number six in 2024 for Tesla Cybertruck, and this time the fault cannot be…