Cyber Criminals Are Constantly Adapting ... Are you?
Cyber criminals quickly react to changes in situation, whether that’s a crack down by cyber security bodies, exploiting newly discovered weaknesses, or taking advantage of changes in available technology. They quickly pivot to new business models that allow them to work around any restrictions and perform their attacks.
Recently, an international cyber security operation has resulted in the shutdown of a botnet responsible for distributing Qakbot malware. A botnet is a network of devices, also known as ‘bots’, used by cyber criminals to carry out large scale attacks. In this case, the botnet was used to deliver malware to the victims devices that was capable of gathering and stealing information, as well as helping to download and install additional payloads such as Black Basta ransomware. Qakbot malware can also detect and infect other connected devices within a network, which is known in cyber security as reconnaissance and lateral movement.
Since this international shutdown by cyber authorities has taken place, Microsoft have observed these cyber criminals immediately beginning to use different malware, and different distribution infrastructure, in order to continue their operations without interruption. That’s right – cyber criminals have Business Continuity Plans! These criminals are now using DarkGate malware, which is capable of not just stealing information and installing other malware and ransomware, but also keylogging, cryptomining, and collecting stored information from browsers such as saved passwords and session tokens and cookies. This new malware has many more functions than was previously being used by these criminals, meaning after cyber authorities have successfully shut down their operations, they are now potentially more dangerous than before, as they are able to perform a wider range of attacks.
Even the malware used by the criminals evolves over time, such as with Qakbot. This was originally known as a banking trojan, a type of malware designed to collect banking details and login credentials to enable the criminals to steal your money or in some cases aid in identity theft. However, 16 years later this malware is now able to gather and steal all kinds of confidential and sensitive information, not just financial credentials, as well as delivering additional payloads, reconnaissance, and lateral movement. If cyber criminals and the malware they are utilising is changing rapidly and effectively, your business needs to be able to do the same! 
How can you be sure that your business is protected, especially when the risks you’re facing could change suddenly due to a change in how the cyber criminals are operating? Having an always-on cyber security team, not a part-time solution, can ensure protection for your business 24/7. Your cyber security team should be able to proactively keep you safe if an attack occurs against your business at any time.
Cool Waters Managed Cyber Team provides a dedicated team of experts to proactively manage your cyber security on a day-to-day basis. With Cool Waters Managed Cyber Team you get more people, more expertise, more experience for less than the cost of one employee. Our Security Operations Centre (SOC) provides proactive 24/7 monitoring of your network and systems. If ransomware manages to get into your network and activates at 3 am on a Sunday, or someone logs into your SharePoint site in the middle of the night and starts stealing all your documents our team will spot it and step in to contain and remediate the problem while you sleep.
Book a free discovery call to find out how quickly and easily we can get started.