Malware has been causing lockouts for hundreds of thousands of Microsoft’s Active Directory (AD) service, preventing them from being able to access their company servers, networked assets and endpoints.
The malware spread was discovered by IBM’s X-Force Research division and noted the lockouts of AD, which manages users and access on Microsoft servers, could be attributed to malicious activity caused by the known QakBot trojan, also known as PinkSlip.
Despite being a well-known strain of malware, QakBot is difficult to tackle due to its modular, multithread construction and ability to constantly evolve to create backdoors into systems, subvert anti-virus tools and make it difficult for cyber security researchers to observe and tackle.
“Upon infecting a new endpoint, the malware uses rapid mutation to keep anti-virus systems guessing. It makes minor changes to the malware file to modify it and, in other cases, recompiles the entire code to make it appear unrecognisable,” explained Michael Oppenheim, global research lead at IBM X-Force Incident Response and Intelligence Services.
In its latest iteration, QakBot is locking people out of AD as a side effect to the way it spreads from machine to machine by reusing the credentials of an affected machine and its user to help spread through a compromised network; the reuse of user credentials triggers the AD lockout mechanism.
QakBot is not looking to cause the AD lockouts, rather it is looking to swipe the details of business and potentially personal bank accounts on infected machines being used to access online banking.
Oppenheim notes that so far QakBot has infected and ‘militarised’ over 54,000 computers.
But for concerned enterprises there are way to mitigate the threat, from basic disabling of online adverts and filtering the macro execution in emailed files, to ensuring domain accounts are configured to require the least privileges to carry out tasks and setup a special emergency account to enable security staff to recover the AD service and determine the source of the tojan, as well as prevent workstation-to-workstation communications to force the QakBot to reveal itself for potential detection.
With malware infecting increasing numbers of corporate networks, it is no wonder cyber security companies are turning to techniques like machine learning to tackle the ever increasing and evolving range of cyber threats.
Quiz: Are you a security pro?
Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…
Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…
Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…
Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…
While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…
Shares in Donald Trump’s social media company rose about 16 percent after first day of…