Virsec prevents Qbot infection
in milliseconds
- DFIR released an analysis noting that Qbot can compromise data within 30 minutes of initial infection.
- Qbot has been used aggressively to target the U.S. healthcare sector.
- Qbot is often used in multi-stage attacks, and to drop ransomware.
Virsec stops Qbot at the very first stage of
the attack by:
1. Detecting the DLL Qbot is trying to inject onto the system and recognizing that is not a known file does not have good provenance.
2. A Positive Model ACP Policy in Virsec would deny Powershell execution