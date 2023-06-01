Advanced search
Log in
Log in
Or log in with
GoogleGoogle
Twitter Twitter
Facebook Facebook
Apple Apple     
Sign up
Email Registration
Or log in with
GoogleGoogle
Twitter Twitter
Facebook Facebook
Apple Apple     
  1. Homepage
  2. Equities
  3. United States
  4. Nyse
  5. Lumen Technologies, Inc.
  6. News
  7. Summary
    LUMN   US5502411037

LUMEN TECHNOLOGIES, INC.

(LUMN)
  Report
Real-time Estimate Cboe BZX  -  01:11:13 2023-06-01 pm EDT
1.995 USD   +0.76%
12:57pNew Lumen research reveals previously unseen Qakbot infrastructure
PR
05/25Lumen Technologies Adds WinMagic to Channel Partner Program
MT
05/25WinMagic partners with Lumen Technologies to offer mission-critical cybersecurity solutions
AQ
SummaryQuotesChartsNewsRatingsCalendarCompanyFinancialsConsensusRevisionsFunds 
SummaryMost relevantAll NewsAnalyst Reco.Other languagesPress ReleasesOfficial PublicationsSector newsMarketScreener Strategies

New Lumen research reveals previously unseen Qakbot infrastructure

06/01/2023 | 12:57pm EDT
share with twitter
share with LinkedIn
share with facebook

Black Lotus Labs' discovery gives insight into the pervasive botnet's resiliency

DENVER, June 1, 2023 /PRNewswire/ -- Black Lotus Labs, the threat research arm of Lumen Technologies (NYSE: LUMN), has used Lumen's proprietary global telemetry to monitor Qakbot – a potent malware/ransomware distribution network – for years. Today the team announced new research into the advanced techniques the botnet uses to propagate and evade detection.

We discovered sophisticated infrastructure indicating Qakbot has reached a concerning level of maturity.

"Qakbot remains a pervasive threat that continues to leverage its infected hosts in previously unknown ways," said Mark Dehus, director of threat intelligence for Lumen Black Lotus Labs. "Our team discovered previously unseen infrastructure used to reallocate existing bots for additional functions. The discovery of this sophisticated backend control infrastructure shows that Qakbot has reached a very concerning level of maturity."

As a result of this research, Black Lotus Labs null-routed the higher-tier infrastructure, limiting Qakbot's ability to impact Lumen's customers and the internet as a whole.

For more information, visit https://blog.lumen.com/qakbot-retool-reinfect-recycle/

Key findings

  • Black Lotus Labs noticed the lifespan of Qakbot's command and control (C2) infrastructure was brief; however, Qakbot retains resiliency by repurposing victim machines into C2s.
    • Over a given seven-day period, the team could see 70-90 new C2s emerge during the botnet spamming cycle.
    • Black Lotus Labs observed that more than 25% of C2s do not remain active for more than a day; 50% don't remain active for more than a week.
  • Black Lotus Labs discovered a new backconnect server – which is traditionally used for backup communications – that appears to exist only to provide new instructions to bots within the botnet. Additional discoveries related to this backconnect server include:
    • Several hours after bots became infected, a significant number began reaching out to the backconnect server. While its complete functionality is currently unknown, it was often seen turning bots into proxies that could be used or sold for different purposes.
    • The way the bots communicated with the backconnect server led us to believe we were looking at bots that had been converted into C2s and could simultaneously maintain bot functionality.

Advantages of Black Lotus Labs' unique visibility

Due to their high turnover rate, Qakbot must continually replace its C2 nodes. Black Lotus Labs can detect this replacement by leveraging Lumen's global IP backbone telemetry. Through machine learning and by emulating the protocol to validate the nodes, Black Lotus Labs can potentially identify – and null-route – as many as 35% of Qakbot C2s before they are used in spam campaigns.

Response and recommendations

Because Qakbot is primarily spread through email hijacking and spamming malicious email attachments and embedded URLs, Lumen customers and other businesses are advised to bolster defenses against phishing as an initial access vector. This should be done by fully monitoring network resources, ensuring proper patch management, and conducting ongoing phishing and social engineering training for employees.

In addition to null-routing all higher-tier infrastructure prior to publication of our research, Black Lotus Labs will continue to collaborate with the community to detect and disrupt Qakbot as this and other botnets rise and fall in activity. The team encourages other organizations to alert on these and similar indicators in their environment.

Additional resources

  • For more research from Black Lotus Labs, visit the blog archive.
  • To see how Black Lotus Labs sees more and stops more, visit their website.

About Lumen Technologies 

Lumen connects the world. We are dedicated to furthering human progress through technology by connecting people, data, and applications – quickly, securely, and effortlessly. Everything we do at Lumen takes advantage of our network strength. From metro connectivity to long-haul data transport to our edge cloud, security, and managed service capabilities, we meet our customers' needs today and as they build for tomorrow. For news and insights visit news.lumen.com, LinkedIn: /lumentechnologies, Twitter: @lumentechco, Facebook: /lumentechnologies, Instagram: @lumentechnologies, and YouTube: /lumentechnologies.

Cision
View original content to download multimedia:https://www.prnewswire.com/news-releases/new-lumen-research-reveals-previously-unseen-qakbot-infrastructure-301840382.html

SOURCE Lumen Black Lotus Labs


© PRNewswire 2023
All news about LUMEN TECHNOLOGIES, INC.
12:57pNew Lumen research reveals previously unseen Qakbot infrastructure
PR
05/25Lumen Technologies Adds WinMagic to Channel Partner Program
MT
05/25WinMagic partners with Lumen Technologies to offer mission-critical cybersecurity solut..
AQ
05/19Lumen Technologies, Inc. : Change in Directors or Principal Officers, Amendments to Articl..
AQ
05/16Businesses achieving double-digit improvements with edge solutions
PR
05/11Lumen Strengthens Leadership Team, adds Kye Prigg as Executive Vice President - Enterpr..
PR
05/11Lumen Technologies Appoints Kye Prigg as Executive Vice President - Enterprise Operatio..
CI
05/09RBC Adds Speculative Risk Qualifier to Lumen Technologies Amid 'Limited Visibility,' Cu..
MT
05/08Lumen Technologies to host Investor Day on Monday, June 5
PR
05/05Lumen Technologies : Investor Day
PU
More news
Analyst Recommendations on LUMEN TECHNOLOGIES, INC.
More recommendations
Stock markets for all
100% Free Registration
fermer